[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1703-1 -- Suse qemu

ID: oval:org.secpod.oval:def:400637Date: (C)2016-11-22   (M)2023-12-07
Class: PATCHFamily: unix




qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - CVE-2015-8818: Avoid OOB access in PCI dma I/O - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit - CVE-2016-4037: Fixed USB ehci based DOS - CVE-2016-2538: Fixed potential OOB access in USB net device emulation - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator - CVE-2016-2857: Fixed OOB access when processing IP checksums - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine - CVE-2015-5745: Buffer overflow in virtio-serial . - CVE-2015-7549: PCI null pointer dereferences . - CVE-2015-8504: VNC floating point exception . - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS . - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory . - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory . - CVE-2015-8613: Wrong sized memset in megasas command handler . - CVE-2015-8619: Potential DoS for long HMP sendkey command argument . - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions . - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert call . - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert call . - CVE-2016-1568: AHCI use-after-free in aio port commands . - CVE-2016-1714: Potential OOB memory access in processing firmware configuration . - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command . - CVE-2016-1981: Potential DoS in e1000 device emulation by malicious privileged user within guest . - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers . This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
Product:
qemu
Reference:
SUSE-SU-2016:1703-1
CVE-2015-5745
CVE-2015-7549
CVE-2015-8504
CVE-2015-8558
CVE-2015-8567
CVE-2015-8568
CVE-2015-8613
CVE-2015-8619
CVE-2015-8743
CVE-2015-8744
CVE-2015-8745
CVE-2015-8817
CVE-2015-8818
CVE-2016-1568
CVE-2016-1714
CVE-2016-1922
CVE-2016-1981
CVE-2016-2197
CVE-2016-2198
CVE-2016-2538
CVE-2016-2841
CVE-2016-2857
CVE-2016-2858
CVE-2016-3710
CVE-2016-3712
CVE-2016-4001
CVE-2016-4002
CVE-2016-4020
CVE-2016-4037
CVE-2016-4439
CVE-2016-4441
CVE-2016-4952
CVE    32
CVE-2016-1922
CVE-2016-1568
CVE-2016-1714
CVE-2016-2197
...
CPE    5
cpe:/o:suse:suse_linux_enterprise_desktop:12:sp1
cpe:/o:suse:suse_linux_enterprise_server:12:sp1
cpe:/a:qemu:qemu
cpe:/a:qemu:qemu:-
...

© SecPod Technologies