Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1312-1 Final 1 1 2017-05-16T15:38:38Z current 2017-05-16T15:38:38Z 2017-05-16T15:38:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589) - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491) - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix post script for qemu-guest-agent rpm to actually activate the guest agent at rpm install time - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) - Fixed uint64 property parsing and add regression tests (bsc#937125) This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html E-Mail link for openSUSE-SU-2017:1312-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 qemu-2.3.1-25.1 qemu-arm-2.3.1-25.1 qemu-block-curl-2.3.1-25.1 qemu-block-rbd-2.3.1-25.1 qemu-extra-2.3.1-25.1 qemu-guest-agent-2.3.1-25.1 qemu-ipxe-1.0.0-25.1 qemu-kvm-2.3.1-25.1 qemu-lang-2.3.1-25.1 qemu-linux-user-2.3.1-25.1 qemu-ppc-2.3.1-25.1 qemu-s390-2.3.1-25.1 qemu-seabios-1.8.1-25.1 qemu-sgabios-8-25.1 qemu-testsuite-2.3.1-25.1 qemu-tools-2.3.1-25.1 qemu-vgabios-1.8.1-25.1 qemu-x86-2.3.1-25.1 qemu-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-arm-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-block-curl-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-block-rbd-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-extra-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-guest-agent-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-ipxe-1.0.0-25.1 as a component of openSUSE Leap 42.1 qemu-kvm-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-lang-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-linux-user-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-ppc-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-s390-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-seabios-1.8.1-25.1 as a component of openSUSE Leap 42.1 qemu-sgabios-8-25.1 as a component of openSUSE Leap 42.1 qemu-testsuite-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-tools-2.3.1-25.1 as a component of openSUSE Leap 42.1 qemu-vgabios-1.8.1-25.1 as a component of openSUSE Leap 42.1 qemu-x86-2.3.1-25.1 as a component of openSUSE Leap 42.1 Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2016-10155 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-10155.html CVE-2016-10155 https://bugzilla.suse.com/1021129 SUSE Bug 1021129 https://bugzilla.suse.com/1024183 SUSE Bug 1024183 QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. CVE-2016-9776 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-9776.html CVE-2016-9776 https://bugzilla.suse.com/1013285 SUSE Bug 1013285 https://bugzilla.suse.com/1013657 SUSE Bug 1013657 https://bugzilla.suse.com/1024182 SUSE Bug 1024182 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9907 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-9907.html CVE-2016-9907 https://bugzilla.suse.com/1014109 SUSE Bug 1014109 https://bugzilla.suse.com/1014490 SUSE Bug 1014490 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9911 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-9911.html CVE-2016-9911 https://bugzilla.suse.com/1014111 SUSE Bug 1014111 https://bugzilla.suse.com/1014507 SUSE Bug 1014507 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. CVE-2016-9921 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-9921.html CVE-2016-9921 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. CVE-2016-9922 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2016-9922.html CVE-2016-9922 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. CVE-2017-2615 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-2615.html CVE-2017-2615 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. CVE-2017-2620 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-2620.html CVE-2017-2620 https://bugzilla.suse.com/1024834 SUSE Bug 1024834 https://bugzilla.suse.com/1024972 SUSE Bug 1024972 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2017-5525 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-5525.html CVE-2017-5525 https://bugzilla.suse.com/1020491 SUSE Bug 1020491 Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2017-5526 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-5526.html CVE-2017-5526 https://bugzilla.suse.com/1020589 SUSE Bug 1020589 https://bugzilla.suse.com/1059777 SUSE Bug 1059777 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. CVE-2017-5667 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-5667.html CVE-2017-5667 https://bugzilla.suse.com/1022541 SUSE Bug 1022541 Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. CVE-2017-5856 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-5856.html CVE-2017-5856 https://bugzilla.suse.com/1023053 SUSE Bug 1023053 https://bugzilla.suse.com/1024186 SUSE Bug 1024186 Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. CVE-2017-5898 openSUSE Leap 42.1:qemu-2.3.1-25.1 openSUSE Leap 42.1:qemu-arm-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-curl-2.3.1-25.1 openSUSE Leap 42.1:qemu-block-rbd-2.3.1-25.1 openSUSE Leap 42.1:qemu-extra-2.3.1-25.1 openSUSE Leap 42.1:qemu-guest-agent-2.3.1-25.1 openSUSE Leap 42.1:qemu-ipxe-1.0.0-25.1 openSUSE Leap 42.1:qemu-kvm-2.3.1-25.1 openSUSE Leap 42.1:qemu-lang-2.3.1-25.1 openSUSE Leap 42.1:qemu-linux-user-2.3.1-25.1 openSUSE Leap 42.1:qemu-ppc-2.3.1-25.1 openSUSE Leap 42.1:qemu-s390-2.3.1-25.1 openSUSE Leap 42.1:qemu-seabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-sgabios-8-25.1 openSUSE Leap 42.1:qemu-testsuite-2.3.1-25.1 openSUSE Leap 42.1:qemu-tools-2.3.1-25.1 openSUSE Leap 42.1:qemu-vgabios-1.8.1-25.1 openSUSE Leap 42.1:qemu-x86-2.3.1-25.1 moderate 3.8 AV:A/AC:M/Au:S/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html https://www.suse.com/security/cve/CVE-2017-5898.html CVE-2017-5898 https://bugzilla.suse.com/1023907 SUSE Bug 1023907 https://bugzilla.suse.com/1024307 SUSE Bug 1024307