Overview

File _patchinfo of Package patchinfo.611

<patchinfo incident="611">
  <issue id="886378" tracker="bnc">qemu truncates vhd images in virt-rescue</issue>
  <issue id="929339" tracker="bnc">VUL-0: EMBARGOED: CVE-2015-3456: qemu kvm xen: VENOM qemu floppy driver host code execution</issue>
  <issue id="924018" tracker="bnc">VUL-0: CVE-2015-1779: qemu: vnc: insufficient resource limiting in VNC websockets decoder</issue>
  <issue id="CVE-2015-1779" tracker="cve" />
  <issue id="CVE-2015-3456" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>
qemu / kvm was updated to fix a security issue and some bugs.

Security issue fixed:

* CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used
  to denial of service attacks or potential code execution against the host.

* CVE-2015-1779: Fixed insufficient resource limiting in the VNC websockets decoder.


Bugs fixed:
- qemu truncates vhd images in virt-rescue (bsc#886378)

- Update kvm-supported.txt with the current rbd support status.

- enable rbd build on x86_64 (qemu-block-rbd package) (FATE#318349)</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places