File _patchinfo of Package patchinfo.2060
<patchinfo incident="2060"> <issue id="961332" tracker="bnc">VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands</issue> <issue id="961358" tracker="bnc">VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info</issue> <issue id="959005" tracker="bnc">VUL-0: CVE-2015-8558: qemu,kvm: usb: infinite loop in ehci_advance_state results in DoS</issue> <issue id="962320" tracker="bnc">VUL-0: CVE-2016-1922: kvm,qemu: i386: null pointer dereference in vapic_write()</issue> <issue id="961333" tracker="bnc">VUL-0: CVE-2016-1568: Qemu/kvm: ide: ahci use-after-free vulnerability in aio port commands</issue> <issue id="964413" tracker="bnc">VUL-1: CVE-2016-2198: kvm,qemu: usb: ehci null pointer dereference in ehci_caps_write</issue> <issue id="961691" tracker="bnc">VUL-0: CVE-2016-1714: kvm,qemu: nvram: OOB r/w access in processing firmware configurations</issue> <issue id="940929" tracker="bnc">VUL-1: CVE-2015-5745: kvm,qemu: buffer overflow in virtio-serial</issue> <issue id="963782" tracker="bnc">VUL-1: CVE-2016-1981: kvm,qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines</issue> <issue id="960835" tracker="bnc">VUL-0: CVE-2015-8744: qemu/kvm: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call</issue> <issue id="961556" tracker="bnc">VUL-0: CVE-2015-8613: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info</issue> <issue id="960334" tracker="bnc">VUL-1: CVE-2015-8619: qemu: stack based OOB write in hmp_sendkey routine</issue> <issue id="959386" tracker="bnc">VUL-0: CVE-2015-8568 CVE-2015-8567: kvm,qemu: net: vmxnet3: host memory leakage</issue> <issue id="958917" tracker="bnc">VUL-0: CVE-2015-7549: kvm,qemu: pci: null pointer dereference issue</issue> <issue id="958491" tracker="bnc">VUL-0: CVE-2015-8504: kvm,qemu: ui: vnc: avoid floating point exception</issue> <issue id="960725" tracker="bnc">VUL-0: CVE-2015-8743: kvm/qemu: ne2000: OOB memory access in ioport r/w functions</issue> <issue id="960708" tracker="bnc">VUL-0: CVE-2015-8745: qemu/kvm: reading IMR registers leads to a crash via assert(2) call</issue> <issue id="964411" tracker="bnc">VUL-1: CVE-2016-2197: qemu: ide: ahci null pointer dereference when using FIS CLB engines</issue> <issue id="967969" tracker="bnc">VUL-0: CVE-2016-2538: qemu: usb: integer overflow in remote NDIS control message handling</issue> <issue id="969121" tracker="bnc">VUL-1: CVE-2015-8817: qemu: OOB access in address_space_rw leads to segmentation fault (I)</issue> <issue id="969122" tracker="bnc">VUL-1: CVE-2015-8818: qemu: OOB access in address_space_rw leads to segmentation fault (II)</issue> <issue id="969350" tracker="bnc">VUL-1: CVE-2016-2841: qemu: net: ne2000: infinite loop in ne2000_receive</issue> <issue id="970036" tracker="bnc">VUL-0: CVE-2016-2858: qemu: rng-random: arbitrary stack based allocation leading to corruption</issue> <issue id="970037" tracker="bnc">VUL-0: CVE-2016-2857: qemu: net: out of bounds read in net_checksum_calculate()</issue> <issue id="975128" tracker="bnc">VUL-1: CVE-2016-4001: qemu: net: buffer overflow in stellaris_enet emulator</issue> <issue id="975136" tracker="bnc">VUL-0: kvm,qemu: CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator</issue> <issue id="975700" tracker="bnc">VUL-1: CVE-2016-4020: qemu: i386: leakage of stack memory to guest in kvmvapic.c</issue> <issue id="976109" tracker="bnc">VUL-1: CVE-2016-4037: kvm,qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process</issue> <issue id="978158" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module</issue> <issue id="978160" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-3712: kvm, qemu: Potential DoS in qemu VGA module</issue> <issue id="886378" tracker="bnc">qemu truncates vhd images in virt-rescue</issue> <issue id="980711" tracker="bnc">VUL-0: CVE-2016-4439: qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write</issue> <issue id="980723" tracker="bnc">VUL-0: CVE-2016-4441: qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd</issue> <issue id="981266" tracker="bnc">VUL-0: CVE-2016-4952: qemu, kvm: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines</issue> <issue id="CVE-2016-4439" tracker="cve" /> <issue id="CVE-2016-4441" tracker="cve" /> <issue id="CVE-2016-4952" tracker="cve" /> <issue id="CVE-2015-8817" tracker="cve" /> <issue id="CVE-2015-8818" tracker="cve" /> <issue id="CVE-2016-2197" tracker="cve" /> <issue id="CVE-2016-2538" tracker="cve" /> <issue id="CVE-2016-2841" tracker="cve" /> <issue id="CVE-2016-2857" tracker="cve" /> <issue id="CVE-2016-2858" tracker="cve" /> <issue id="CVE-2016-3710" tracker="cve" /> <issue id="CVE-2016-3712" tracker="cve" /> <issue id="CVE-2016-4001" tracker="cve" /> <issue id="CVE-2016-4002" tracker="cve" /> <issue id="CVE-2016-4020" tracker="cve" /> <issue id="CVE-2016-4037" tracker="cve" /> <issue id="CVE-2015-8613" tracker="cve" /> <issue id="CVE-2015-8558" tracker="cve" /> <issue id="CVE-2015-8504" tracker="cve" /> <issue id="CVE-2015-5745" tracker="cve" /> <issue id="CVE-2016-1714" tracker="cve" /> <issue id="CVE-2015-8568" tracker="cve" /> <issue id="CVE-2015-8743" tracker="cve" /> <issue id="CVE-2015-8744" tracker="cve" /> <issue id="CVE-2015-8745" tracker="cve" /> <issue id="CVE-2016-1568" tracker="cve" /> <issue id="CVE-2015-7549" tracker="cve" /> <issue id="CVE-2015-8619" tracker="cve" /> <issue id="CVE-2016-1922" tracker="cve" /> <issue id="CVE-2016-1981" tracker="cve" /> <issue id="CVE-2016-2198" tracker="cve" /> <issue id="CVE-2015-8567" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>bfrogers</packager> <description>qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue </description> <summary>Security update for qemu</summary> </patchinfo>
