qemu-linux-user-2.6.1-1.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10285-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z qemu-linux-user-2.6.1-1.5 on GA media These are all security issues fixed in the qemu-linux-user-2.6.1-1.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10285 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-0928/ SUSE CVE CVE-2008-0928 page https://www.suse.com/security/cve/CVE-2008-1945/ SUSE CVE CVE-2008-1945 page https://www.suse.com/security/cve/CVE-2008-2382/ SUSE CVE CVE-2008-2382 page https://www.suse.com/security/cve/CVE-2008-4539/ SUSE CVE CVE-2008-4539 page https://www.suse.com/security/cve/CVE-2012-3515/ SUSE CVE CVE-2012-3515 page https://www.suse.com/security/cve/CVE-2016-3712/ SUSE CVE CVE-2016-3712 page https://www.suse.com/security/cve/CVE-2016-4002/ SUSE CVE CVE-2016-4002 page https://www.suse.com/security/cve/CVE-2016-4020/ SUSE CVE CVE-2016-4020 page https://www.suse.com/security/cve/CVE-2016-4439/ SUSE CVE CVE-2016-4439 page https://www.suse.com/security/cve/CVE-2016-4441/ SUSE CVE CVE-2016-4441 page https://www.suse.com/security/cve/CVE-2016-4952/ SUSE CVE CVE-2016-4952 page https://www.suse.com/security/cve/CVE-2016-4964/ SUSE CVE CVE-2016-4964 page openSUSE Tumbleweed qemu-linux-user-2.6.1-1.5 qemu-linux-user-2.6.1-1.5 as a component of openSUSE Tumbleweed Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. CVE-2008-0928 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 moderate 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0928.html CVE-2008-0928 https://bugzilla.suse.com/362956 SUSE Bug 362956 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. CVE-2008-1945 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1945.html CVE-2008-1945 https://bugzilla.suse.com/362956 SUSE Bug 362956 The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. CVE-2008-2382 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2382.html CVE-2008-2382 https://bugzilla.suse.com/461565 SUSE Bug 461565 https://bugzilla.suse.com/464142 SUSE Bug 464142 Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. CVE-2008-4539 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-4539.html CVE-2008-4539 https://bugzilla.suse.com/435135 SUSE Bug 435135 https://bugzilla.suse.com/448551 SUSE Bug 448551 Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." CVE-2012-3515 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3515.html CVE-2012-3515 https://bugzilla.suse.com/777084 SUSE Bug 777084 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. CVE-2016-3712 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3712.html CVE-2016-3712 https://bugzilla.suse.com/978160 SUSE Bug 978160 https://bugzilla.suse.com/978164 SUSE Bug 978164 https://bugzilla.suse.com/978167 SUSE Bug 978167 Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. CVE-2016-4002 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4002.html CVE-2016-4002 https://bugzilla.suse.com/975136 SUSE Bug 975136 https://bugzilla.suse.com/975138 SUSE Bug 975138 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). CVE-2016-4020 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4020.html CVE-2016-4020 https://bugzilla.suse.com/975700 SUSE Bug 975700 https://bugzilla.suse.com/975907 SUSE Bug 975907 The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. CVE-2016-4439 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4439.html CVE-2016-4439 https://bugzilla.suse.com/980711 SUSE Bug 980711 https://bugzilla.suse.com/980716 SUSE Bug 980716 The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. CVE-2016-4441 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4441.html CVE-2016-4441 https://bugzilla.suse.com/980723 SUSE Bug 980723 https://bugzilla.suse.com/980724 SUSE Bug 980724 QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. CVE-2016-4952 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 low 3 AV:L/AC:M/Au:S/C:N/I:P/A:P 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4952.html CVE-2016-4952 https://bugzilla.suse.com/981266 SUSE Bug 981266 https://bugzilla.suse.com/981276 SUSE Bug 981276 The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. CVE-2016-4964 openSUSE Tumbleweed:qemu-linux-user-2.6.1-1.5 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4964.html CVE-2016-4964 https://bugzilla.suse.com/981399 SUSE Bug 981399 https://bugzilla.suse.com/981401 SUSE Bug 981401