File _patchinfo of Package patchinfo.2059

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.2059

<patchinfo incident="2059">
  <issue id="961332" tracker="bnc">VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands</issue>
  <issue id="961358" tracker="bnc">VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info</issue>
  <issue id="959005" tracker="bnc">VUL-0: CVE-2015-8558: qemu,kvm: usb: infinite loop in ehci_advance_state results in DoS</issue>
  <issue id="895528" tracker="bnc">VUL-1: CVE-2014-3615: xen,kvm,qemu: information leakage when guest sets high resolution</issue>
  <issue id="962320" tracker="bnc">VUL-0:  CVE-2016-1922: kvm,qemu: i386: null pointer dereference in vapic_write()</issue>
  <issue id="961333" tracker="bnc">VUL-0: CVE-2016-1568: Qemu/kvm: ide: ahci use-after-free vulnerability in aio port commands</issue>
  <issue id="964413" tracker="bnc">VUL-1: CVE-2016-2198: kvm,qemu: usb: ehci null pointer dereference in ehci_caps_write</issue>
  <issue id="961691" tracker="bnc">VUL-0: CVE-2016-1714: kvm,qemu: nvram: OOB r/w access in processing firmware configurations</issue>
  <issue id="940929" tracker="bnc">VUL-1: CVE-2015-5745: kvm,qemu: buffer overflow in virtio-serial</issue>
  <issue id="963782" tracker="bnc">VUL-1: CVE-2016-1981: kvm,qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines</issue>
  <issue id="960835" tracker="bnc">VUL-0: CVE-2015-8744: qemu/kvm: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call</issue>
  <issue id="961556" tracker="bnc">VUL-0: CVE-2015-8613: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info</issue>
  <issue id="960334" tracker="bnc">VUL-1: CVE-2015-8619: qemu: stack based OOB write in hmp_sendkey routine</issue>
  <issue id="959386" tracker="bnc">VUL-0: CVE-2015-8568 CVE-2015-8567: kvm,qemu:  net: vmxnet3: host memory leakage</issue>
  <issue id="958917" tracker="bnc">VUL-0: CVE-2015-7549: kvm,qemu: pci: null pointer dereference issue</issue>
  <issue id="947159" tracker="bnc">VUL-1: CVE-2015-7295: qemu: net: virtio-net possible remote DoS</issue>
  <issue id="944463" tracker="bnc">VUL-1: CVE-2015-5239: qemu,kvm,xen: Integer overflow in vnc_client_read() and protocol_client_msg()</issue>
  <issue id="958491" tracker="bnc">VUL-0: CVE-2015-8504: kvm,qemu:  ui: vnc: avoid floating point exception</issue>
  <issue id="960725" tracker="bnc">VUL-0: CVE-2015-8743: kvm/qemu: ne2000: OOB memory access in ioport r/w functions</issue>
  <issue id="960708" tracker="bnc">VUL-0: CVE-2015-8745: qemu/kvm: reading IMR registers leads to a crash via assert(2) call</issue>
  <issue id="901508" tracker="bnc">VUL-0: CVE-2014-3689: qemu: vmware_vga: insufficient parameter validation in rectangle functions</issue>
  <issue id="928393" tracker="bnc">VUL-1: CVE-2014-9718: qemu,kvm,qemu-kvm: PRDT overflow from guest to host</issue>
  <issue id="934069" tracker="bnc">VUL-0: CVE-2015-3214: qemu: OOB read in i8254 (programmable interrupt controller)</issue>
  <issue id="967969" tracker="bnc">VUL-0: CVE-2016-2538: qemu: usb: integer overflow in remote NDIS control message handling</issue>
  <issue id="969121" tracker="bnc">VUL-1: CVE-2015-8817: qemu: OOB access in address_space_rw leads to segmentation fault (I)</issue>
  <issue id="969122" tracker="bnc">VUL-1: CVE-2015-8818: qemu: OOB access in address_space_rw leads to segmentation fault (II)</issue>
  <issue id="969350" tracker="bnc">VUL-1: CVE-2016-2841: qemu: net: ne2000: infinite loop in ne2000_receive</issue>
  <issue id="970036" tracker="bnc">VUL-0: CVE-2016-2858: qemu: rng-random: arbitrary stack based allocation leading to corruption</issue>
  <issue id="970037" tracker="bnc">VUL-0: CVE-2016-2857: qemu: net: out of bounds read in net_checksum_calculate()</issue>
  <issue id="975128" tracker="bnc">VUL-1:  CVE-2016-4001: qemu: net: buffer overflow in stellaris_enet emulator</issue>
  <issue id="975136" tracker="bnc">VUL-0: kvm,qemu: CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator</issue>
  <issue id="975700" tracker="bnc">VUL-1: CVE-2016-4020: qemu: i386: leakage of stack memory to guest in kvmvapic.c</issue>
  <issue id="976109" tracker="bnc">VUL-1: CVE-2016-4037: kvm,qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process</issue>
  <issue id="978158" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module</issue>
  <issue id="978160" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-3712: kvm, qemu: Potential DoS in qemu VGA module</issue>
  <issue id="886378" tracker="bnc">qemu truncates vhd images in virt-rescue</issue>
  <issue id="980711" tracker="bnc">VUL-0: CVE-2016-4439: qemu: scsi: esp: OOB write while writing to 's-&gt;cmdbuf' in esp_reg_write</issue>
  <issue id="980723" tracker="bnc">VUL-0: CVE-2016-4441: qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd</issue>
  <issue id="981266" tracker="bnc">VUL-0: CVE-2016-4952: qemu, kvm: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines</issue>
  <issue id="CVE-2016-4439" tracker="cve" />
  <issue id="CVE-2016-4441" tracker="cve" />
  <issue id="CVE-2016-4952" tracker="cve" />
  <issue id="CVE-2014-3689" tracker="cve" />
  <issue id="CVE-2014-9718" tracker="cve" />
  <issue id="CVE-2015-3214" tracker="cve" />
  <issue id="CVE-2015-8817" tracker="cve" />
  <issue id="CVE-2015-8818" tracker="cve" />
  <issue id="CVE-2016-2538" tracker="cve" />
  <issue id="CVE-2016-2841" tracker="cve" />
  <issue id="CVE-2016-2857" tracker="cve" />
  <issue id="CVE-2016-2858" tracker="cve" />
  <issue id="CVE-2016-3710" tracker="cve" />
  <issue id="CVE-2016-3712" tracker="cve" />
  <issue id="CVE-2016-4001" tracker="cve" />
  <issue id="CVE-2016-4002" tracker="cve" />
  <issue id="CVE-2016-4020" tracker="cve" />
  <issue id="CVE-2016-4037" tracker="cve" />
  <issue id="CVE-2014-3615" tracker="cve" />
  <issue id="CVE-2015-8613" tracker="cve" />
  <issue id="CVE-2015-5239" tracker="cve" />
  <issue id="CVE-2015-8558" tracker="cve" />
  <issue id="CVE-2015-8504" tracker="cve" />
  <issue id="CVE-2015-5745" tracker="cve" />
  <issue id="CVE-2016-1714" tracker="cve" />
  <issue id="CVE-2015-8568" tracker="cve" />
  <issue id="CVE-2015-7295" tracker="cve" />
  <issue id="CVE-2015-8743" tracker="cve" />
  <issue id="CVE-2015-8744" tracker="cve" />
  <issue id="CVE-2015-8745" tracker="cve" />
  <issue id="CVE-2016-1568" tracker="cve" />
  <issue id="CVE-2015-7549" tracker="cve" />
  <issue id="CVE-2015-8619" tracker="cve" />
  <issue id="CVE-2016-1922" tracker="cve" />
  <issue id="CVE-2016-1981" tracker="cve" />
  <issue id="CVE-2016-2198" tracker="cve" />
  <issue id="CVE-2015-8567" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>qemu was updated to fix 37 security issues.

These security issues were fixed:
- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
- CVE-2015-8817: Avoid OOB access in PCI DMA I/O (bsc#969121)
- CVE-2015-8818: Avoid OOB access in PCI DMA I/O (bsc#969122)
- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)
- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)
- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)
- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)
- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)
- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)
- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)
- CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
- CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393)
- CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508)
- CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
- CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159).
- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
- CVE-2015-8504: VNC floating point exception (bsc#958491).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).
- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).
- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).
- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).
- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).
- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).
- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).
- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).
- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).
- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed
- bsc#886378: qemu truncates vhd images in virt-rescue
</description>
  <summary>Security update for qemu</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.2059

Places