qemu-2.6.1-1.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10233 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z qemu-2.6.1-1.5 on GA media These are all security issues fixed in the qemu-2.6.1-1.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10233 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10233 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-0928/ SUSE CVE CVE-2008-0928 page https://www.suse.com/security/cve/CVE-2008-1945/ SUSE CVE CVE-2008-1945 page https://www.suse.com/security/cve/CVE-2008-2382/ SUSE CVE CVE-2008-2382 page https://www.suse.com/security/cve/CVE-2008-4539/ SUSE CVE CVE-2008-4539 page https://www.suse.com/security/cve/CVE-2012-3515/ SUSE CVE CVE-2012-3515 page https://www.suse.com/security/cve/CVE-2013-4148/ SUSE CVE CVE-2013-4148 page https://www.suse.com/security/cve/CVE-2013-4149/ SUSE CVE CVE-2013-4149 page https://www.suse.com/security/cve/CVE-2013-4150/ SUSE CVE CVE-2013-4150 page https://www.suse.com/security/cve/CVE-2013-4151/ SUSE CVE CVE-2013-4151 page https://www.suse.com/security/cve/CVE-2013-4526/ SUSE CVE CVE-2013-4526 page https://www.suse.com/security/cve/CVE-2013-4527/ SUSE CVE CVE-2013-4527 page https://www.suse.com/security/cve/CVE-2013-4529/ SUSE CVE CVE-2013-4529 page https://www.suse.com/security/cve/CVE-2013-4530/ SUSE CVE CVE-2013-4530 page https://www.suse.com/security/cve/CVE-2013-4531/ SUSE CVE CVE-2013-4531 page https://www.suse.com/security/cve/CVE-2013-4533/ SUSE CVE CVE-2013-4533 page https://www.suse.com/security/cve/CVE-2013-4534/ SUSE CVE CVE-2013-4534 page https://www.suse.com/security/cve/CVE-2013-4535/ SUSE CVE CVE-2013-4535 page https://www.suse.com/security/cve/CVE-2013-4536/ SUSE CVE CVE-2013-4536 page https://www.suse.com/security/cve/CVE-2013-4537/ SUSE CVE CVE-2013-4537 page https://www.suse.com/security/cve/CVE-2013-4538/ SUSE CVE CVE-2013-4538 page https://www.suse.com/security/cve/CVE-2013-4539/ SUSE CVE CVE-2013-4539 page https://www.suse.com/security/cve/CVE-2013-4540/ SUSE CVE CVE-2013-4540 page https://www.suse.com/security/cve/CVE-2013-4541/ SUSE CVE CVE-2013-4541 page https://www.suse.com/security/cve/CVE-2013-4542/ SUSE CVE CVE-2013-4542 page https://www.suse.com/security/cve/CVE-2013-4544/ SUSE CVE CVE-2013-4544 page https://www.suse.com/security/cve/CVE-2013-6399/ SUSE CVE CVE-2013-6399 page https://www.suse.com/security/cve/CVE-2014-0142/ SUSE CVE CVE-2014-0142 page https://www.suse.com/security/cve/CVE-2014-0143/ SUSE CVE CVE-2014-0143 page https://www.suse.com/security/cve/CVE-2014-0144/ SUSE CVE CVE-2014-0144 page https://www.suse.com/security/cve/CVE-2014-0145/ SUSE CVE CVE-2014-0145 page https://www.suse.com/security/cve/CVE-2014-0146/ SUSE CVE CVE-2014-0146 page https://www.suse.com/security/cve/CVE-2014-0147/ SUSE CVE CVE-2014-0147 page https://www.suse.com/security/cve/CVE-2014-0150/ SUSE CVE CVE-2014-0150 page https://www.suse.com/security/cve/CVE-2014-0182/ SUSE CVE CVE-2014-0182 page https://www.suse.com/security/cve/CVE-2015-3456/ SUSE CVE CVE-2015-3456 page https://www.suse.com/security/cve/CVE-2016-3712/ SUSE CVE CVE-2016-3712 page https://www.suse.com/security/cve/CVE-2016-4002/ SUSE CVE CVE-2016-4002 page https://www.suse.com/security/cve/CVE-2016-4020/ SUSE CVE CVE-2016-4020 page https://www.suse.com/security/cve/CVE-2016-4439/ SUSE CVE CVE-2016-4439 page https://www.suse.com/security/cve/CVE-2016-4441/ SUSE CVE CVE-2016-4441 page https://www.suse.com/security/cve/CVE-2016-4453/ SUSE CVE CVE-2016-4453 page https://www.suse.com/security/cve/CVE-2016-4454/ SUSE CVE CVE-2016-4454 page https://www.suse.com/security/cve/CVE-2016-4952/ SUSE CVE CVE-2016-4952 page https://www.suse.com/security/cve/CVE-2016-4964/ SUSE CVE CVE-2016-4964 page https://www.suse.com/security/cve/CVE-2016-5105/ SUSE CVE CVE-2016-5105 page https://www.suse.com/security/cve/CVE-2016-5106/ SUSE CVE CVE-2016-5106 page https://www.suse.com/security/cve/CVE-2016-5107/ SUSE CVE CVE-2016-5107 page https://www.suse.com/security/cve/CVE-2016-5126/ SUSE CVE CVE-2016-5126 page https://www.suse.com/security/cve/CVE-2016-5238/ SUSE CVE CVE-2016-5238 page https://www.suse.com/security/cve/CVE-2016-5337/ SUSE CVE CVE-2016-5337 page https://www.suse.com/security/cve/CVE-2016-5338/ SUSE CVE CVE-2016-5338 page https://www.suse.com/security/cve/CVE-2016-5403/ SUSE CVE CVE-2016-5403 page https://www.suse.com/security/cve/CVE-2016-6351/ SUSE CVE CVE-2016-6351 page openSUSE Tumbleweed qemu-2.6.1-1.5 qemu-arm-2.6.1-1.5 qemu-block-curl-2.6.1-1.5 qemu-block-dmg-2.6.1-1.5 qemu-block-gluster-2.6.1-1.5 qemu-block-iscsi-2.6.1-1.5 qemu-block-ssh-2.6.1-1.5 qemu-extra-2.6.1-1.5 qemu-guest-agent-2.6.1-1.5 qemu-ipxe-1.0.0-1.5 qemu-ksm-2.6.1-1.5 qemu-kvm-2.6.1-1.5 qemu-lang-2.6.1-1.5 qemu-ppc-2.6.1-1.5 qemu-s390-2.6.1-1.5 qemu-seabios-1.9.1-1.5 qemu-sgabios-8-1.5 qemu-testsuite-2.6.1-1.5 qemu-tools-2.6.1-1.5 qemu-vgabios-1.9.1-1.5 qemu-x86-2.6.1-1.5 qemu-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-arm-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-block-curl-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-block-dmg-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-block-gluster-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-block-iscsi-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-block-ssh-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-extra-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-guest-agent-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-ipxe-1.0.0-1.5 as a component of openSUSE Tumbleweed qemu-ksm-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-kvm-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-lang-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-ppc-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-s390-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-seabios-1.9.1-1.5 as a component of openSUSE Tumbleweed qemu-sgabios-8-1.5 as a component of openSUSE Tumbleweed qemu-testsuite-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-tools-2.6.1-1.5 as a component of openSUSE Tumbleweed qemu-vgabios-1.9.1-1.5 as a component of openSUSE Tumbleweed qemu-x86-2.6.1-1.5 as a component of openSUSE Tumbleweed Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. CVE-2008-0928 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0928.html CVE-2008-0928 https://bugzilla.suse.com/362956 SUSE Bug 362956 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. CVE-2008-1945 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1945.html CVE-2008-1945 https://bugzilla.suse.com/362956 SUSE Bug 362956 The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. CVE-2008-2382 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2382.html CVE-2008-2382 https://bugzilla.suse.com/461565 SUSE Bug 461565 https://bugzilla.suse.com/464142 SUSE Bug 464142 Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. CVE-2008-4539 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-4539.html CVE-2008-4539 https://bugzilla.suse.com/435135 SUSE Bug 435135 https://bugzilla.suse.com/448551 SUSE Bug 448551 Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." CVE-2012-3515 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3515.html CVE-2012-3515 https://bugzilla.suse.com/777084 SUSE Bug 777084 Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. CVE-2013-4148 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.3 AV:A/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4148.html CVE-2013-4148 https://bugzilla.suse.com/864812 SUSE Bug 864812 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964630 SUSE Bug 964630 Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. CVE-2013-4149 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4149.html CVE-2013-4149 https://bugzilla.suse.com/864649 SUSE Bug 864649 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964443 SUSE Bug 964443 The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. CVE-2013-4150 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4150.html CVE-2013-4150 https://bugzilla.suse.com/864650 SUSE Bug 864650 https://bugzilla.suse.com/871442 SUSE Bug 871442 The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. CVE-2013-4151 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.3 AV:A/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4151.html CVE-2013-4151 https://bugzilla.suse.com/864653 SUSE Bug 864653 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964636 SUSE Bug 964636 Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. CVE-2013-4526 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4526.html CVE-2013-4526 https://bugzilla.suse.com/864671 SUSE Bug 864671 https://bugzilla.suse.com/871442 SUSE Bug 871442 Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. CVE-2013-4527 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4527.html CVE-2013-4527 https://bugzilla.suse.com/864673 SUSE Bug 864673 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964746 SUSE Bug 964746 Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. CVE-2013-4529 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4529.html CVE-2013-4529 https://bugzilla.suse.com/864678 SUSE Bug 864678 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964929 SUSE Bug 964929 Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. CVE-2013-4530 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4530.html CVE-2013-4530 https://bugzilla.suse.com/1072198 SUSE Bug 1072198 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/1072228 SUSE Bug 1072228 https://bugzilla.suse.com/864682 SUSE Bug 864682 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964950 SUSE Bug 964950 Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. CVE-2013-4531 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4531.html CVE-2013-4531 https://bugzilla.suse.com/864796 SUSE Bug 864796 https://bugzilla.suse.com/871442 SUSE Bug 871442 Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. CVE-2013-4533 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4533.html CVE-2013-4533 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/864655 SUSE Bug 864655 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964644 SUSE Bug 964644 Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. CVE-2013-4534 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4534.html CVE-2013-4534 https://bugzilla.suse.com/864811 SUSE Bug 864811 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964452 SUSE Bug 964452 The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. CVE-2013-4535 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.3 AV:A/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4535.html CVE-2013-4535 https://bugzilla.suse.com/864665 SUSE Bug 864665 https://bugzilla.suse.com/964676 SUSE Bug 964676 An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. CVE-2013-4536 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4536.html CVE-2013-4536 https://bugzilla.suse.com/864665 SUSE Bug 864665 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964676 SUSE Bug 964676 The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. CVE-2013-4537 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4537.html CVE-2013-4537 https://bugzilla.suse.com/864391 SUSE Bug 864391 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/962642 SUSE Bug 962642 Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. CVE-2013-4538 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4538.html CVE-2013-4538 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/864769 SUSE Bug 864769 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/962335 SUSE Bug 962335 Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. CVE-2013-4539 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4539.html CVE-2013-4539 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/864805 SUSE Bug 864805 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/962758 SUSE Bug 962758 Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. CVE-2013-4540 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4540.html CVE-2013-4540 https://bugzilla.suse.com/864801 SUSE Bug 864801 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/880751 SUSE Bug 880751 The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. CVE-2013-4541 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4541.html CVE-2013-4541 https://bugzilla.suse.com/864802 SUSE Bug 864802 https://bugzilla.suse.com/871442 SUSE Bug 871442 The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. CVE-2013-4542 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4542.html CVE-2013-4542 https://bugzilla.suse.com/864804 SUSE Bug 864804 https://bugzilla.suse.com/871442 SUSE Bug 871442 hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. CVE-2013-4544 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4544.html CVE-2013-4544 https://bugzilla.suse.com/873613 SUSE Bug 873613 Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. CVE-2013-6399 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.3 AV:A/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6399.html CVE-2013-6399 https://bugzilla.suse.com/864814 SUSE Bug 864814 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/964643 SUSE Bug 964643 QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. CVE-2014-0142 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0142.html CVE-2014-0142 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. CVE-2014-0143 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0143.html CVE-2014-0143 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. CVE-2014-0144 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0144.html CVE-2014-0144 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). CVE-2014-0145 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0145.html CVE-2014-0145 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. CVE-2014-0146 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0146.html CVE-2014-0146 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. CVE-2014-0147 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0147.html CVE-2014-0147 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. CVE-2014-0150 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0150.html CVE-2014-0150 https://bugzilla.suse.com/873235 SUSE Bug 873235 Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. CVE-2014-0182 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.3 AV:A/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0182.html CVE-2014-0182 https://bugzilla.suse.com/874788 SUSE Bug 874788 https://bugzilla.suse.com/964693 SUSE Bug 964693 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. CVE-2015-3456 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3456.html CVE-2015-3456 https://bugzilla.suse.com/929339 SUSE Bug 929339 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/935900 SUSE Bug 935900 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. CVE-2016-3712 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3712.html CVE-2016-3712 https://bugzilla.suse.com/978160 SUSE Bug 978160 https://bugzilla.suse.com/978164 SUSE Bug 978164 https://bugzilla.suse.com/978167 SUSE Bug 978167 Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. CVE-2016-4002 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4002.html CVE-2016-4002 https://bugzilla.suse.com/975136 SUSE Bug 975136 https://bugzilla.suse.com/975138 SUSE Bug 975138 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). CVE-2016-4020 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4020.html CVE-2016-4020 https://bugzilla.suse.com/975700 SUSE Bug 975700 https://bugzilla.suse.com/975907 SUSE Bug 975907 The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. CVE-2016-4439 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4439.html CVE-2016-4439 https://bugzilla.suse.com/980711 SUSE Bug 980711 https://bugzilla.suse.com/980716 SUSE Bug 980716 The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. CVE-2016-4441 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4441.html CVE-2016-4441 https://bugzilla.suse.com/980723 SUSE Bug 980723 https://bugzilla.suse.com/980724 SUSE Bug 980724 The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. CVE-2016-4453 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4453.html CVE-2016-4453 https://bugzilla.suse.com/982223 SUSE Bug 982223 https://bugzilla.suse.com/982225 SUSE Bug 982225 The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. CVE-2016-4454 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 3.8 AV:A/AC:M/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4454.html CVE-2016-4454 https://bugzilla.suse.com/982222 SUSE Bug 982222 https://bugzilla.suse.com/982224 SUSE Bug 982224 QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. CVE-2016-4952 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 3 AV:L/AC:M/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4952.html CVE-2016-4952 https://bugzilla.suse.com/981266 SUSE Bug 981266 https://bugzilla.suse.com/981276 SUSE Bug 981276 The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. CVE-2016-4964 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4964.html CVE-2016-4964 https://bugzilla.suse.com/981399 SUSE Bug 981399 https://bugzilla.suse.com/981401 SUSE Bug 981401 The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. CVE-2016-5105 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5105.html CVE-2016-5105 https://bugzilla.suse.com/982017 SUSE Bug 982017 https://bugzilla.suse.com/982024 SUSE Bug 982024 The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. CVE-2016-5106 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 3 AV:L/AC:M/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5106.html CVE-2016-5106 https://bugzilla.suse.com/982018 SUSE Bug 982018 https://bugzilla.suse.com/982025 SUSE Bug 982025 The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. CVE-2016-5107 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5107.html CVE-2016-5107 https://bugzilla.suse.com/982019 SUSE Bug 982019 https://bugzilla.suse.com/982026 SUSE Bug 982026 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVE-2016-5126 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5126.html CVE-2016-5126 https://bugzilla.suse.com/982285 SUSE Bug 982285 https://bugzilla.suse.com/982286 SUSE Bug 982286 The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. CVE-2016-5238 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5238.html CVE-2016-5238 https://bugzilla.suse.com/982959 SUSE Bug 982959 https://bugzilla.suse.com/982960 SUSE Bug 982960 The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. CVE-2016-5337 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5337.html CVE-2016-5337 https://bugzilla.suse.com/983961 SUSE Bug 983961 https://bugzilla.suse.com/983973 SUSE Bug 983973 The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. CVE-2016-5338 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5338.html CVE-2016-5338 https://bugzilla.suse.com/983982 SUSE Bug 983982 https://bugzilla.suse.com/983984 SUSE Bug 983984 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2016-5403 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5403.html CVE-2016-5403 https://bugzilla.suse.com/990923 SUSE Bug 990923 https://bugzilla.suse.com/991080 SUSE Bug 991080 The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. CVE-2016-6351 openSUSE Tumbleweed:qemu-2.6.1-1.5 openSUSE Tumbleweed:qemu-arm-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-curl-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-dmg-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-gluster-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-iscsi-2.6.1-1.5 openSUSE Tumbleweed:qemu-block-ssh-2.6.1-1.5 openSUSE Tumbleweed:qemu-extra-2.6.1-1.5 openSUSE Tumbleweed:qemu-guest-agent-2.6.1-1.5 openSUSE Tumbleweed:qemu-ipxe-1.0.0-1.5 openSUSE Tumbleweed:qemu-ksm-2.6.1-1.5 openSUSE Tumbleweed:qemu-kvm-2.6.1-1.5 openSUSE Tumbleweed:qemu-lang-2.6.1-1.5 openSUSE Tumbleweed:qemu-ppc-2.6.1-1.5 openSUSE Tumbleweed:qemu-s390-2.6.1-1.5 openSUSE Tumbleweed:qemu-seabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-sgabios-8-1.5 openSUSE Tumbleweed:qemu-testsuite-2.6.1-1.5 openSUSE Tumbleweed:qemu-tools-2.6.1-1.5 openSUSE Tumbleweed:qemu-vgabios-1.9.1-1.5 openSUSE Tumbleweed:qemu-x86-2.6.1-1.5 low 4 AV:A/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6351.html CVE-2016-6351 https://bugzilla.suse.com/990835 SUSE Bug 990835 https://bugzilla.suse.com/990843 SUSE Bug 990843