Security update for qemu

qemu was updated to fix 29 security issues.

These security issues were fixed:
- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)
- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)
- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)
- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)
- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)
- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)
- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)
- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)
- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)
- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411)
- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
- CVE-2015-8504: VNC floating point exception (bsc#958491).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).
- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).
- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).
- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).
- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).
- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).
- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).
- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).
- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).
- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed
- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Fixed bugs
bnc#961332
VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands
bnc#961358
VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
bnc#959005
VUL-0: CVE-2015-8558: qemu,kvm: usb: infinite loop in ehci_advance_state results in DoS
bnc#962320
VUL-0: CVE-2016-1922: kvm,qemu: i386: null pointer dereference in vapic_write()
bnc#961333
VUL-0: CVE-2016-1568: Qemu/kvm: ide: ahci use-after-free vulnerability in aio port commands
bnc#964413
VUL-1: CVE-2016-2198: kvm,qemu: usb: ehci null pointer dereference in ehci_caps_write
bnc#961691
VUL-0: CVE-2016-1714: kvm,qemu: nvram: OOB r/w access in processing firmware configurations
bnc#940929
VUL-1: CVE-2015-5745: kvm,qemu: buffer overflow in virtio-serial
bnc#963782
VUL-1: CVE-2016-1981: kvm,qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
bnc#960835
VUL-0: CVE-2015-8744: qemu/kvm: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call
bnc#961556
VUL-0: CVE-2015-8613: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
bnc#960334
VUL-1: CVE-2015-8619: qemu: stack based OOB write in hmp_sendkey routine
bnc#959386
VUL-0: CVE-2015-8568 CVE-2015-8567: kvm,qemu: net: vmxnet3: host memory leakage
bnc#958917
VUL-0: CVE-2015-7549: kvm,qemu: pci: null pointer dereference issue
bnc#958491
VUL-0: CVE-2015-8504: kvm,qemu: ui: vnc: avoid floating point exception
bnc#960725
VUL-0: CVE-2015-8743: kvm/qemu: ne2000: OOB memory access in ioport r/w functions
bnc#960708
VUL-0: CVE-2015-8745: qemu/kvm: reading IMR registers leads to a crash via assert(2) call
bnc#964411
VUL-1: CVE-2016-2197: qemu: ide: ahci null pointer dereference when using FIS CLB engines
bnc#967969
VUL-0: CVE-2016-2538: qemu: usb: integer overflow in remote NDIS control message handling
bnc#969121
VUL-1: CVE-2015-8817: qemu: OOB access in address_space_rw leads to segmentation fault (I)
bnc#969122
VUL-1: CVE-2015-8818: qemu: OOB access in address_space_rw leads to segmentation fault (II)
bnc#969350
VUL-1: CVE-2016-2841: qemu: net: ne2000: infinite loop in ne2000_receive
bnc#970036
VUL-0: CVE-2016-2858: qemu: rng-random: arbitrary stack based allocation leading to corruption
bnc#970037
VUL-0: CVE-2016-2857: qemu: net: out of bounds read in net_checksum_calculate()
bnc#975128
VUL-1: CVE-2016-4001: qemu: net: buffer overflow in stellaris_enet emulator
bnc#975136
VUL-0: kvm,qemu: CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator
bnc#975700
VUL-1: CVE-2016-4020: qemu: i386: leakage of stack memory to guest in kvmvapic.c
bnc#976109
VUL-1: CVE-2016-4037: kvm,qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
bnc#978158
VUL-0: EMBARGOED: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module
bnc#978160
VUL-0: EMBARGOED: CVE-2016-3712: kvm, qemu: Potential DoS in qemu VGA module
bnc#886378
qemu truncates vhd images in virt-rescue
bnc#980711
VUL-0: CVE-2016-4439: qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
bnc#980723
VUL-0: CVE-2016-4441: qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
bnc#981266
VUL-0: CVE-2016-4952: qemu, kvm: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Selected Binaries
openSUSE Build Service is sponsored by