SUSE-SU-2016:1785-1: important: Security update for kvm

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jul 11 08:39:07 MDT 2016


   SUSE Security Update: Security update for kvm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1785-1
Rating:             important
References:         #895528 #901508 #928393 #934069 #936132 #940929 
                    #944463 #945404 #945987 #945989 #947159 #958491 
                    #958917 #959005 #960334 #960725 #961332 #961333 
                    #961358 #961556 #961691 #962320 #963782 #964413 
                    #967969 #969350 #970036 #970037 #975128 #975136 
                    #975700 #976109 #978158 #978160 #980711 #980723 
                    
Cross-References:   CVE-2014-3615 CVE-2014-3689 CVE-2014-9718
                    CVE-2015-3214 CVE-2015-5239 CVE-2015-5278
                    CVE-2015-5279 CVE-2015-5745 CVE-2015-6855
                    CVE-2015-7295 CVE-2015-7549 CVE-2015-8504
                    CVE-2015-8558 CVE-2015-8613 CVE-2015-8619
                    CVE-2015-8743 CVE-2016-1568 CVE-2016-1714
                    CVE-2016-1922 CVE-2016-1981 CVE-2016-2198
                    CVE-2016-2538 CVE-2016-2841 CVE-2016-2857
                    CVE-2016-2858 CVE-2016-3710 CVE-2016-3712
                    CVE-2016-4001 CVE-2016-4002 CVE-2016-4020
                    CVE-2016-4037 CVE-2016-4439 CVE-2016-4441
                   
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________

   An update that solves 33 vulnerabilities and has three
   fixes is now available.

Description:

   kvm was updated to fix 33 security issues.

   These security issues were fixed:
   - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
   - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
   - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
     guest escape (bsc#978158)
   - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
     (bsc#978160)
   - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
   - CVE-2016-2538: Fixed potential OOB access in USB net device emulation
     (bsc#967969)
   - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
   - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
     generator (bsc#970036)
   - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
   - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
     (bsc#975128)
   - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
     (bsc#975136)
   - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
     (bsc#975700)
   - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
   - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to
     avoid any opportunity for guest to cause DoS by abusing that interface
     (bsc#928393)
   - CVE-2014-3689: Fixed insufficient parameter validation in rectangle
     functions (bsc#901508)
   - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to
     read host memory by setting the display to a high resolution
     (bsc#895528).
   - CVE-2015-5239: Integer overflow in vnc_client_read() and
     protocol_client_msg() (bsc#944463).
   - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
   - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function
     in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of
     service (instance crash) or possibly execute arbitrary code via vectors
     related to receiving packets (bsc#945987).
   - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
   - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the
     commands accepted by an ATAPI device, which allowed guest users to cause
     a denial of service or possibly have unspecified other impact via
     certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command
     to an empty drive, which triggers a divide-by-zero error and instance
     crash (bsc#945404).
   - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device
     (virtio-net) support in QEMU, when big or mergeable receive buffers are
     not supported, allowed remote attackers to cause a denial of service
     (guest network consumption) via a flood of jumbo frames on the (1)
     tuntap or (2) macvtap interface (bsc#947159).
   - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
   - CVE-2015-8504: VNC floating point exception (bsc#958491).
   - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
     (bsc#959005).
   - CVE-2015-8613: Wrong sized memset in megasas command handler
     (bsc#961358).
   - CVE-2015-8619: Potential DoS for long HMP sendkey command argument
     (bsc#960334).
   - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
     (bsc#960725).
   - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
   - CVE-2016-1714: Potential OOB memory access in processing firmware
     configuration (bsc#961691).
   - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
     (bsc#962320).
   - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
     by malicious privileged user within guest (bsc#963782).
   - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
     writing to read-only EHCI capabilities registers (bsc#964413).

   This non-security issue was fixed:
   - Fix case of IDE interface needing busy status set before flush
     (bsc#936132)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kvm-12645=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64):

      kvm-1.4.2-44.1


References:

   https://www.suse.com/security/cve/CVE-2014-3615.html
   https://www.suse.com/security/cve/CVE-2014-3689.html
   https://www.suse.com/security/cve/CVE-2014-9718.html
   https://www.suse.com/security/cve/CVE-2015-3214.html
   https://www.suse.com/security/cve/CVE-2015-5239.html
   https://www.suse.com/security/cve/CVE-2015-5278.html
   https://www.suse.com/security/cve/CVE-2015-5279.html
   https://www.suse.com/security/cve/CVE-2015-5745.html
   https://www.suse.com/security/cve/CVE-2015-6855.html
   https://www.suse.com/security/cve/CVE-2015-7295.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8613.html
   https://www.suse.com/security/cve/CVE-2015-8619.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2016-1568.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1922.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2198.html
   https://www.suse.com/security/cve/CVE-2016-2538.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://www.suse.com/security/cve/CVE-2016-2857.html
   https://www.suse.com/security/cve/CVE-2016-2858.html
   https://www.suse.com/security/cve/CVE-2016-3710.html
   https://www.suse.com/security/cve/CVE-2016-3712.html
   https://www.suse.com/security/cve/CVE-2016-4001.html
   https://www.suse.com/security/cve/CVE-2016-4002.html
   https://www.suse.com/security/cve/CVE-2016-4020.html
   https://www.suse.com/security/cve/CVE-2016-4037.html
   https://www.suse.com/security/cve/CVE-2016-4439.html
   https://www.suse.com/security/cve/CVE-2016-4441.html
   https://bugzilla.suse.com/895528
   https://bugzilla.suse.com/901508
   https://bugzilla.suse.com/928393
   https://bugzilla.suse.com/934069
   https://bugzilla.suse.com/936132
   https://bugzilla.suse.com/940929
   https://bugzilla.suse.com/944463
   https://bugzilla.suse.com/945404
   https://bugzilla.suse.com/945987
   https://bugzilla.suse.com/945989
   https://bugzilla.suse.com/947159
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958917
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/960334
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/961332
   https://bugzilla.suse.com/961333
   https://bugzilla.suse.com/961358
   https://bugzilla.suse.com/961556
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/962320
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/964413
   https://bugzilla.suse.com/967969
   https://bugzilla.suse.com/969350
   https://bugzilla.suse.com/970036
   https://bugzilla.suse.com/970037
   https://bugzilla.suse.com/975128
   https://bugzilla.suse.com/975136
   https://bugzilla.suse.com/975700
   https://bugzilla.suse.com/976109
   https://bugzilla.suse.com/978158
   https://bugzilla.suse.com/978160
   https://bugzilla.suse.com/980711
   https://bugzilla.suse.com/980723



More information about the sle-security-updates mailing list