Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0707-1 Final 1 1 2017-03-16T11:58:45Z current 2017-03-16T11:58:45Z 2017-03-16T11:58:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html E-Mail link for openSUSE-SU-2017:0707-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 qemu-2.6.2-29.4 qemu-arm-2.6.2-29.4 qemu-block-curl-2.6.2-29.4 qemu-block-dmg-2.6.2-29.4 qemu-block-iscsi-2.6.2-29.4 qemu-block-rbd-2.6.2-29.4 qemu-block-ssh-2.6.2-29.4 qemu-extra-2.6.2-29.4 qemu-guest-agent-2.6.2-29.4 qemu-ipxe-1.0.0-29.4 qemu-kvm-2.6.2-29.4 qemu-lang-2.6.2-29.4 qemu-linux-user-2.6.2-29.1 qemu-ppc-2.6.2-29.4 qemu-s390-2.6.2-29.4 qemu-seabios-1.9.1-29.4 qemu-sgabios-8-29.4 qemu-testsuite-2.6.2-29.8 qemu-tools-2.6.2-29.4 qemu-vgabios-1.9.1-29.4 qemu-x86-2.6.2-29.4 qemu-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-arm-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-block-curl-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-block-dmg-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-block-iscsi-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-block-rbd-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-block-ssh-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-extra-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-guest-agent-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-ipxe-1.0.0-29.4 as a component of openSUSE Leap 42.2 qemu-kvm-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-lang-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-linux-user-2.6.2-29.1 as a component of openSUSE Leap 42.2 qemu-ppc-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-s390-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-seabios-1.9.1-29.4 as a component of openSUSE Leap 42.2 qemu-sgabios-8-29.4 as a component of openSUSE Leap 42.2 qemu-testsuite-2.6.2-29.8 as a component of openSUSE Leap 42.2 qemu-tools-2.6.2-29.4 as a component of openSUSE Leap 42.2 qemu-vgabios-1.9.1-29.4 as a component of openSUSE Leap 42.2 qemu-x86-2.6.2-29.4 as a component of openSUSE Leap 42.2 The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. CVE-2016-10028 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-10028.html CVE-2016-10028 https://bugzilla.suse.com/1017084 SUSE Bug 1017084 https://bugzilla.suse.com/1017085 SUSE Bug 1017085 The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. CVE-2016-10029 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-10029.html CVE-2016-10029 https://bugzilla.suse.com/1017081 SUSE Bug 1017081 https://bugzilla.suse.com/1017082 SUSE Bug 1017082 Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2016-10155 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-10155.html CVE-2016-10155 https://bugzilla.suse.com/1021129 SUSE Bug 1021129 https://bugzilla.suse.com/1024183 SUSE Bug 1024183 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. CVE-2016-9921 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-9921.html CVE-2016-9921 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. CVE-2016-9922 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-9922.html CVE-2016-9922 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. CVE-2017-2615 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-2615.html CVE-2017-2615 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. CVE-2017-2620 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-2620.html CVE-2017-2620 https://bugzilla.suse.com/1024834 SUSE Bug 1024834 https://bugzilla.suse.com/1024972 SUSE Bug 1024972 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2017-5525 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5525.html CVE-2017-5525 https://bugzilla.suse.com/1020491 SUSE Bug 1020491 Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2017-5526 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5526.html CVE-2017-5526 https://bugzilla.suse.com/1020589 SUSE Bug 1020589 https://bugzilla.suse.com/1059777 SUSE Bug 1059777 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. CVE-2017-5552 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5552.html CVE-2017-5552 https://bugzilla.suse.com/1021195 SUSE Bug 1021195 Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. CVE-2017-5578 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5578.html CVE-2017-5578 https://bugzilla.suse.com/1021481 SUSE Bug 1021481 The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. CVE-2017-5667 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5667.html CVE-2017-5667 https://bugzilla.suse.com/1022541 SUSE Bug 1022541 Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. CVE-2017-5856 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5856.html CVE-2017-5856 https://bugzilla.suse.com/1023053 SUSE Bug 1023053 https://bugzilla.suse.com/1024186 SUSE Bug 1024186 Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. CVE-2017-5857 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5857.html CVE-2017-5857 https://bugzilla.suse.com/1023073 SUSE Bug 1023073 Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. CVE-2017-5898 openSUSE Leap 42.2:qemu-2.6.2-29.4 openSUSE Leap 42.2:qemu-arm-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-curl-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-29.4 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-29.4 openSUSE Leap 42.2:qemu-extra-2.6.2-29.4 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-29.4 openSUSE Leap 42.2:qemu-ipxe-1.0.0-29.4 openSUSE Leap 42.2:qemu-kvm-2.6.2-29.4 openSUSE Leap 42.2:qemu-lang-2.6.2-29.4 openSUSE Leap 42.2:qemu-linux-user-2.6.2-29.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-29.4 openSUSE Leap 42.2:qemu-s390-2.6.2-29.4 openSUSE Leap 42.2:qemu-seabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-sgabios-8-29.4 openSUSE Leap 42.2:qemu-testsuite-2.6.2-29.8 openSUSE Leap 42.2:qemu-tools-2.6.2-29.4 openSUSE Leap 42.2:qemu-vgabios-1.9.1-29.4 openSUSE Leap 42.2:qemu-x86-2.6.2-29.4 moderate 3.8 AV:A/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html https://www.suse.com/security/cve/CVE-2017-5898.html CVE-2017-5898 https://bugzilla.suse.com/1023907 SUSE Bug 1023907 https://bugzilla.suse.com/1024307 SUSE Bug 1024307