File _patchinfo of Package patchinfo.3217

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3217

<patchinfo incident="3217">
  <issue id="893323" tracker="bnc">VUL-1: CVE-2014-5388: qemu: out of bounds memory access</issue>
  <issue id="944697" tracker="bnc">VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue</issue>
  <issue id="967012" tracker="bnc">VUL-0: CVE-2016-2392: Qemu: usb: null pointer dereference in remote NDIS control message handling</issue>
  <issue id="967013" tracker="bnc">VUL-0: CVE-2016-2391: Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference</issue>
  <issue id="982017" tracker="bnc">VUL-1: CVE-2016-5105: qemu, kvm: scsi: megasas: stack information leakage while reading configuration</issue>
  <issue id="982018" tracker="bnc">VUL-0: CVE-2016-5106: qemu, kvm: scsi: megasas: out-of-bounds write while setting controller properties</issue>
  <issue id="982019" tracker="bnc">VUL-0: CVE-2016-5107: qemu, kvm: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function</issue>
  <issue id="982222" tracker="bnc">VUL-1: CVE-2016-4454: qemu, kvm: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine</issue>
  <issue id="982223" tracker="bnc">VUL-1: CVE-2016-4453: qemu, kvm: display: vmsvga: infinite loop in vmsvga_fifo_run() routine</issue>
  <issue id="982285" tracker="bnc">VUL-0: CVE-2016-5126: qemu, kvm: buffer overflow in iscsi_aio_ioctl</issue>
  <issue id="982959" tracker="bnc">VUL-0: CVE-2016-5238: qemu/kvm: scsi: esp: OOB write when using non-DMA mode in get_cmd</issue>
  <issue id="983961" tracker="bnc">VUL-0: CVE-2016-5337: kvm,qemu:  scsi: megasas: information leakage in megasas_ctrl_get_info</issue>
  <issue id="983982" tracker="bnc">VUL-0: CVE-2016-5338: kvm,qemu: scsi: esp: OOB r/w access while processing ESP_FIFO</issue>
  <issue id="991080" tracker="bnc">VUL-0: CVE-2016-5403: qemu: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184)</issue>
  <issue id="991466" tracker="bnc">VUL-1: CVE-2016-6490: Qemu: virtio: infinite loop in virtqueue_pop</issue>
  <issue id="994760" tracker="bnc">VUL-0: CVE-2016-6836: kvm,qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet</issue>
  <issue id="994771" tracker="bnc">VUL-0: CVE-2016-6888: kvm,qemu: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c...</issue>
  <issue id="994774" tracker="bnc">VUL-0: CVE-2016-6833: kvm,qemu: net: vmxnet3: use after free while writing</issue>
  <issue id="996441" tracker="bnc">VUL-0: CVE-2016-7116: kvm, qemu: 9p: directory traversal flaw in 9p virtio backend</issue>
  <issue id="997858" tracker="bnc">VUL-1: CVE-2016-7155: qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings</issue>
  <issue id="997859" tracker="bnc">VUL-1: CVE-2016-7156: qemu: scsi: pvscsi: infintie loop when building SG list</issue>
  <issue id="2014-5388" tracker="cve" />
  <issue id="2015-6815" tracker="cve" />
  <issue id="2016-2391" tracker="cve" />
  <issue id="2016-2392" tracker="cve" />
  <issue id="2016-4453" tracker="cve" />
  <issue id="2016-4454" tracker="cve" />
  <issue id="2016-5105" tracker="cve" />
  <issue id="2016-5106" tracker="cve" />
  <issue id="2016-5107" tracker="cve" />
  <issue id="2016-5126" tracker="cve" />
  <issue id="2016-5238" tracker="cve" />
  <issue id="2016-5337" tracker="cve" />
  <issue id="2016-5338" tracker="cve" />
  <issue id="2016-5403" tracker="cve" />
  <issue id="2016-6490" tracker="cve" />
  <issue id="2016-6833" tracker="cve" />
  <issue id="2016-6836" tracker="cve" />
  <issue id="2016-6888" tracker="cve" />
  <issue id="2016-7116" tracker="cve" />
  <issue id="2016-7155" tracker="cve" />
  <issue id="2016-7156" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>qemu was updated to fix 21 security issues.

These security issues were fixed:
- CVE-2014-5388: Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allowed local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption (bsc#893323).
- CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS.  (bsc#944697).
- CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013).
- CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012).
- CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223).
- CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222).
- CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017).
- CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018).
- CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019).
- CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285).
- CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959).
- CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961).
- CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982).
- CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080).
- CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466).
- CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (bsc#994774).
- CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (bsc#994760).
- CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994771).
- CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441).
- CVE-2016-7155: In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858).
- CVE-2016-7156: In the VMWARE PVSCSI paravirtual SCSI bus a infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997859).
</description>
<summary>Security update for qemu</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3217

Places