Overview

File _patchinfo of Package patchinfo.7267

<patchinfo incident="7267">
  <issue id="1047674" tracker="bnc">VUL-1: CVE-2017-10806: kvm,qemu: usb-redirect: stack buffer overflow in debug logging</issue>
  <issue id="1031692" tracker="bnc">OpenQA loses USB keyboard events</issue>
  <issue id="1048902" tracker="bnc">VUL-0: CVE-2017-11334:  kvm,qemu: exec: oob access during dma operation allowing for DoS</issue>
  <issue id="1046636" tracker="bnc">VUL-0: CVE-2017-10664: kvm, qemu: qemu-nbd: server breaks with SIGPIPE upon client abort</issue>
  <issue id="1048296" tracker="bnc">usb hid devices attached to virtual xhci fail after live migration</issue>
  <issue id="1049381" tracker="bnc">VUL-1: CVE-2017-11434: qemu: slirp: out-of-bounds read while parsing dhcp options</issue>
  <issue id="1050268" tracker="bnc">SLES 12 SP3 for ARM Aarch64 qemu-arm support statement has incorrect wording</issue>
  <issue id="1011144" tracker="bnc">qemu-tools: group kvm does not exist - using root</issue>
  <issue id="2017-10806" tracker="cve" />
  <issue id="2017-11434" tracker="cve" />
  <issue id="2017-11334" tracker="cve" />
  <issue id="2017-10664" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>bfrogers</packager>
  <description>This update for qemu fixes the following issues:

Security issues fixed:

* CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)
* CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection
  support (bsc#1047674) 
* CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902) 
* CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381) 

Following non-security issues were fixed:

- Postrequire acl for setfacl
- Prerequire shadow for groupadd
- The recent security fix for CVE-2017-11334 adversely affects Xen.
  Include two additional patches to make sure Xen is going to be OK.
- Pre-add group kvm for qemu-tools (bsc#1011144)
- Fixed a few more inaccuracies in the support docs.
- Fix support docs to indicate ARM64 is now fully L3 supported in
  SLES 12 SP3. Apply a few additional clarifications in the support
  docs. (bsc#1050268)
- Adjust to libvdeplug-devel package naming changes.
- Fix migration with xhci (bsc#1048296)
- Increase VNC delay to fix missing keyboard input events (bsc#1031692)
- Remove build dependency package iasl used for seabios


This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places