Security update for qemu
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:2988-1
Final
1
1
2016-12-02T16:25:10Z
current
2016-12-02T16:25:10Z
2016-12-02T16:25:10Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for qemu
This update for qemu fixes the following issues:
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1
- Change package post script udevadm trigger calls to be device
specific (bsc#1002116)
- Address various security/stability issues
* Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)
* Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)
* Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345)
* Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)
* Fix DOS in ColdFire Fast Ethernet Controller emulation
(CVE-2016-7908 bsc#1002550)
* Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)
* Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)
* Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)
* Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)
* Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)
* Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)
* Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)
* Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)
* Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)
* Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)
* Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)
* Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)
* Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)
* Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)
- Fix case of disk corruption with migration due to improper internal
state tracking (bsc#996524)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2016-1748,SUSE-SLE-SERVER-12-SP1-2016-1748
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
Link for SUSE-SU-2016:2988-1
https://lists.suse.com/pipermail/sle-security-updates/2016-December/002440.html
E-Mail link for SUSE-SU-2016:2988-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1000345
SUSE Bug 1000345
https://bugzilla.suse.com/1001151
SUSE Bug 1001151
https://bugzilla.suse.com/1002116
SUSE Bug 1002116
https://bugzilla.suse.com/1002550
SUSE Bug 1002550
https://bugzilla.suse.com/1002557
SUSE Bug 1002557
https://bugzilla.suse.com/1003878
SUSE Bug 1003878
https://bugzilla.suse.com/1003893
SUSE Bug 1003893
https://bugzilla.suse.com/1003894
SUSE Bug 1003894
https://bugzilla.suse.com/1004702
SUSE Bug 1004702
https://bugzilla.suse.com/1004707
SUSE Bug 1004707
https://bugzilla.suse.com/1006536
SUSE Bug 1006536
https://bugzilla.suse.com/1006538
SUSE Bug 1006538
https://bugzilla.suse.com/1007391
SUSE Bug 1007391
https://bugzilla.suse.com/1007450
SUSE Bug 1007450
https://bugzilla.suse.com/1007454
SUSE Bug 1007454
https://bugzilla.suse.com/1007493
SUSE Bug 1007493
https://bugzilla.suse.com/1007494
SUSE Bug 1007494
https://bugzilla.suse.com/1007495
SUSE Bug 1007495
https://bugzilla.suse.com/996524
SUSE Bug 996524
https://bugzilla.suse.com/998516
SUSE Bug 998516
https://bugzilla.suse.com/999661
SUSE Bug 999661
https://www.suse.com/security/cve/CVE-2016-7161/
SUSE CVE CVE-2016-7161 page
https://www.suse.com/security/cve/CVE-2016-7170/
SUSE CVE CVE-2016-7170 page
https://www.suse.com/security/cve/CVE-2016-7421/
SUSE CVE CVE-2016-7421 page
https://www.suse.com/security/cve/CVE-2016-7466/
SUSE CVE CVE-2016-7466 page
https://www.suse.com/security/cve/CVE-2016-7908/
SUSE CVE CVE-2016-7908 page
https://www.suse.com/security/cve/CVE-2016-7909/
SUSE CVE CVE-2016-7909 page
https://www.suse.com/security/cve/CVE-2016-8576/
SUSE CVE CVE-2016-8576 page
https://www.suse.com/security/cve/CVE-2016-8577/
SUSE CVE CVE-2016-8577 page
https://www.suse.com/security/cve/CVE-2016-8578/
SUSE CVE CVE-2016-8578 page
https://www.suse.com/security/cve/CVE-2016-8667/
SUSE CVE CVE-2016-8667 page
https://www.suse.com/security/cve/CVE-2016-8669/
SUSE CVE CVE-2016-8669 page
https://www.suse.com/security/cve/CVE-2016-8909/
SUSE CVE CVE-2016-8909 page
https://www.suse.com/security/cve/CVE-2016-8910/
SUSE CVE CVE-2016-8910 page
https://www.suse.com/security/cve/CVE-2016-9101/
SUSE CVE CVE-2016-9101 page
https://www.suse.com/security/cve/CVE-2016-9102/
SUSE CVE CVE-2016-9102 page
https://www.suse.com/security/cve/CVE-2016-9103/
SUSE CVE CVE-2016-9103 page
https://www.suse.com/security/cve/CVE-2016-9104/
SUSE CVE CVE-2016-9104 page
https://www.suse.com/security/cve/CVE-2016-9105/
SUSE CVE CVE-2016-9105 page
https://www.suse.com/security/cve/CVE-2016-9106/
SUSE CVE CVE-2016-9106 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-2.3.1-24.6
qemu-block-curl-2.3.1-24.6
qemu-ipxe-1.0.0-24.6
qemu-kvm-2.3.1-24.6
qemu-seabios-1.8.1-24.6
qemu-sgabios-8-24.6
qemu-tools-2.3.1-24.6
qemu-vgabios-1.8.1-24.6
qemu-x86-2.3.1-24.6
qemu-block-rbd-2.3.1-24.6
qemu-guest-agent-2.3.1-24.6
qemu-lang-2.3.1-24.6
qemu-ppc-2.3.1-24.6
qemu-s390-2.3.1-24.6
qemu-2.3.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-block-curl-2.3.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-ipxe-1.0.0-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-kvm-2.3.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-seabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-sgabios-8-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-tools-2.3.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-vgabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-x86-2.3.1-24.6 as a component of SUSE Linux Enterprise Desktop 12 SP1
qemu-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-block-curl-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-block-rbd-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-guest-agent-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-ipxe-1.0.0-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-kvm-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-lang-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-ppc-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-s390-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-seabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-sgabios-8-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-tools-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-vgabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-x86-2.3.1-24.6 as a component of SUSE Linux Enterprise Server 12 SP1
qemu-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-block-curl-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-block-rbd-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-guest-agent-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-ipxe-1.0.0-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-kvm-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-lang-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-ppc-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-s390-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-seabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-sgabios-8-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-tools-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-vgabios-1.8.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
qemu-x86-2.3.1-24.6 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
CVE-2016-7161
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7161.html
CVE-2016-7161
https://bugzilla.suse.com/1001151
SUSE Bug 1001151
https://bugzilla.suse.com/1001152
SUSE Bug 1001152
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
CVE-2016-7170
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7170.html
CVE-2016-7170
https://bugzilla.suse.com/998516
SUSE Bug 998516
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
CVE-2016-7421
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
1.5
AV:L/AC:M/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7421.html
CVE-2016-7421
https://bugzilla.suse.com/999661
SUSE Bug 999661
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2016-7466
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7466.html
CVE-2016-7466
https://bugzilla.suse.com/1000345
SUSE Bug 1000345
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
CVE-2016-7908
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7908.html
CVE-2016-7908
https://bugzilla.suse.com/1002550
SUSE Bug 1002550
https://bugzilla.suse.com/1003030
SUSE Bug 1003030
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
CVE-2016-7909
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-7909.html
CVE-2016-7909
https://bugzilla.suse.com/1002557
SUSE Bug 1002557
https://bugzilla.suse.com/1003032
SUSE Bug 1003032
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-8576
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8576.html
CVE-2016-8576
https://bugzilla.suse.com/1003878
SUSE Bug 1003878
https://bugzilla.suse.com/1004016
SUSE Bug 1004016
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
CVE-2016-8577
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8577.html
CVE-2016-8577
https://bugzilla.suse.com/1003893
SUSE Bug 1003893
https://bugzilla.suse.com/1004021
SUSE Bug 1004021
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
CVE-2016-8578
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8578.html
CVE-2016-8578
https://bugzilla.suse.com/1003894
SUSE Bug 1003894
https://bugzilla.suse.com/1004023
SUSE Bug 1004023
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8667
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8667.html
CVE-2016-8667
https://bugzilla.suse.com/1004702
SUSE Bug 1004702
https://bugzilla.suse.com/1005004
SUSE Bug 1005004
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8669
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
4.4
AV:L/AC:M/Au:S/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8669.html
CVE-2016-8669
https://bugzilla.suse.com/1004707
SUSE Bug 1004707
https://bugzilla.suse.com/1005005
SUSE Bug 1005005
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8909
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
2.1
AV:N/AC:H/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8909.html
CVE-2016-8909
https://bugzilla.suse.com/1006536
SUSE Bug 1006536
https://bugzilla.suse.com/1007160
SUSE Bug 1007160
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8910
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-8910.html
CVE-2016-8910
https://bugzilla.suse.com/1006538
SUSE Bug 1006538
https://bugzilla.suse.com/1007157
SUSE Bug 1007157
https://bugzilla.suse.com/1024178
SUSE Bug 1024178
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2016-9101
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
1.5
AV:L/AC:M/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9101.html
CVE-2016-9101
https://bugzilla.suse.com/1007391
SUSE Bug 1007391
https://bugzilla.suse.com/1013668
SUSE Bug 1013668
https://bugzilla.suse.com/1024181
SUSE Bug 1024181
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
CVE-2016-9102
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
moderate
1.5
AV:L/AC:M/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9102.html
CVE-2016-9102
https://bugzilla.suse.com/1007450
SUSE Bug 1007450
https://bugzilla.suse.com/1014256
SUSE Bug 1014256
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-9103
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
1.5
AV:L/AC:M/Au:S/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9103.html
CVE-2016-9103
https://bugzilla.suse.com/1007454
SUSE Bug 1007454
https://bugzilla.suse.com/1014259
SUSE Bug 1014259
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
CVE-2016-9104
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
3
AV:L/AC:M/Au:S/C:N/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9104.html
CVE-2016-9104
https://bugzilla.suse.com/1007493
SUSE Bug 1007493
https://bugzilla.suse.com/1014297
SUSE Bug 1014297
https://bugzilla.suse.com/1034990
SUSE Bug 1034990
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
CVE-2016-9105
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
1.5
AV:L/AC:M/Au:S/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9105.html
CVE-2016-9105
https://bugzilla.suse.com/1007494
SUSE Bug 1007494
https://bugzilla.suse.com/1014279
SUSE Bug 1014279
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2016-9106
SUSE Linux Enterprise Desktop 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Desktop 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server 12 SP1:qemu-x86-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-curl-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-block-rbd-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-guest-agent-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ipxe-1.0.0-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-kvm-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-lang-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-ppc-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-s390-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-seabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-sgabios-8-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-tools-2.3.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-vgabios-1.8.1-24.6
SUSE Linux Enterprise Server for SAP Applications 12 SP1:qemu-x86-2.3.1-24.6
low
1.5
AV:L/AC:M/Au:S/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162988-1/
https://www.suse.com/security/cve/CVE-2016-9106.html
CVE-2016-9106
https://bugzilla.suse.com/1007495
SUSE Bug 1007495
https://bugzilla.suse.com/1014299
SUSE Bug 1014299