Overview

File _patchinfo of Package patchinfo.3557

<patchinfo incident="3557">
  <issue id="1006538" tracker="bnc">VUL-0: CVE-2016-8910: qemu, kvm: net: rtl8139: infinite loop while transmit in C+ mode</issue>
  <issue id="999661" tracker="bnc">VUL-1: CVE-2016-7421 Qemu: scsi: pvscsi: infinite loop when processing IO requests</issue>
  <issue id="1004707" tracker="bnc">VUL-0: CVE-2016-8669: qemu, kvm: char: divide by zero error in serial_update_parameters</issue>
  <issue id="1007450" tracker="bnc">VUL-0: CVE-2016-9102: qemu: 9pfs: memory leakage when creating extended attribute (via Txattrcreate message)</issue>
  <issue id="1007454" tracker="bnc">VUL-0: CVE-2016-9103: qemu: 9pfs: information leakage via xattribute</issue>
  <issue id="1003878" tracker="bnc">VUL-0: CVE-2016-8576: qemu, kvm: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch</issue>
  <issue id="1002116" tracker="bnc">qemu is retriggering device events for *all* devices in its %post</issue>
  <issue id="1001151" tracker="bnc">VUL-0: CVE-2016-7161: qemu, kvm: hw: net: Heap overflow in xlnx.xps-ethernetlite</issue>
  <issue id="1003893" tracker="bnc">VUL-0: CVE-2016-8577: qemu, kvm: 9pfs: host memory leakage in v9fs_read</issue>
  <issue id="1003894" tracker="bnc">VUL-0: CVE-2016-8578: qemu, kvm: 9pfs: potential NULL dereference in 9pfs routines</issue>
  <issue id="1007391" tracker="bnc">VUL-0: CVE-2016-9101: qemu: net: eepro100 memory leakage at device unplug</issue>
  <issue id="998516" tracker="bnc">VUL-1: CVE-2016-7170: qemu: vmware_vga: OOB stack memory access when processing svga command</issue>
  <issue id="1006536" tracker="bnc">VUL-0: CVE-2016-8909: qemu, kvm: audio: intel-hda: infinite loop in processing dma buffer stream</issue>
  <issue id="1007494" tracker="bnc">VUL-0: CVE-2016-9105: qemu: memory leakage in v9fs_link</issue>
  <issue id="1007495" tracker="bnc">VUL-0: CVE-2016-9106: qemu: 9pfs: memory leakage in v9fs_write</issue>
  <issue id="1002550" tracker="bnc">VUL-0: CVE-2016-7908: qemu, kvm: net: Infinite loop in mcf_fec_do_tx</issue>
  <issue id="1007493" tracker="bnc">VUL-0: CVE-2016-9104: qemu: 9pfs: integer overflow leading to OOB access</issue>
  <issue id="1002557" tracker="bnc">VUL-0: CVE-2016-7909: qemu, kvm: net: pcnet: infinite loop in pcnet_rdra_addr</issue>
  <issue id="1004702" tracker="bnc">CVE-2016-8667: qemu, kvm: dma: rc4030 divide by zero error in set_next_tick</issue>
  <issue id="2016-8578" tracker="cve" />
  <issue id="2016-8669" tracker="cve" />
  <issue id="2016-7161" tracker="cve" />
  <issue id="2016-7170" tracker="cve" />
  <issue id="2016-8909" tracker="cve" />
  <issue id="2016-8667" tracker="cve" />
  <issue id="2016-7421" tracker="cve" />
  <issue id="2016-7909" tracker="cve" />
  <issue id="2016-7908" tracker="cve" />
  <issue id="2016-8577" tracker="cve" />
  <issue id="2016-8910" tracker="cve" />
  <issue id="2016-9103" tracker="cve" />
  <issue id="2016-9102" tracker="cve" />
  <issue id="2016-9101" tracker="cve" />
  <issue id="2016-9106" tracker="cve" />
  <issue id="2016-9105" tracker="cve" />
  <issue id="2016-9104" tracker="cve" />
  <issue id="2016-8576" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>
This update for qemu fixes the following issues:

- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12
- Change package post script udevadm trigger calls to be device
  specific (bsc#1002116)
- Address various security/stability issues
 * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)
 * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)
 * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)
 * Fix DOS in ColdFire Fast Ethernet Controller emulation
   (CVE-2016-7908 bsc#1002550)
 * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)
 * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)
 * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)
 * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)
 * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)
 * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)
 * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)
 * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)
 * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)
 * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)
 * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)
 * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)
 * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)
 * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)
</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places