Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851423
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for qemu (openSUSE-SU-2016:2642-1)
Zusammenfassung:The remote host is missing an update for the 'qemu'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the referenced advisory.

Vulnerability Insight:
qemu was updated to fix 19 security issues.

These security issues were fixed:

- CVE-2016-2392: The is_rndis function in the USB Net device emulator
(hw/usb/dev-network.c) in QEMU did not properly validate USB
configuration descriptor objects, which allowed local guest OS
administrators to cause a denial of service (NULL pointer dereference
and QEMU process crash) via vectors involving a remote NDIS control
message packet (bsc#967012)

- CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation
support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS
administrators to cause a denial of service (NULL pointer dereference
and QEMU process crash) via vectors related to multiple eof_timers
(bsc#967013)

- CVE-2016-5106: The megasas_dcmd_set_properties function in
hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus
Adapter emulation support, allowed local guest administrators to cause a
denial of service (out-of-bounds write access) via vectors involving a
MegaRAID Firmware Interface (MFI) command (bsc#982018)

- CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c
in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation
support, used an uninitialized variable, which allowed local guest
administrators to read host memory via vectors involving a MegaRAID
Firmware Interface (MFI) command (bsc#982017)

- CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built
with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed
local guest OS administrators to cause a denial of service
(out-of-bounds read and crash) via unspecified vectors (bsc#982019)

- CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl
function in block/iscsi.c in QEMU allowed local guest OS users to cause
a denial of service (QEMU process crash) or possibly execute arbitrary
code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285)

- CVE-2016-4454: The vmsvga_fifo_read_raw function in
hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to
obtain sensitive host memory information or cause a denial of service
(QEMU process crash) by changing FIFO registers and issuing a VGA
command, which triggers an out-of-bounds read (bsc#982222)

- CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c
in QEMU allowed local guest OS administrators to cause a denial of
service (infinite loop and QEMU process crash) via a VGA command
(bsc#982223)

- CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in
hw/scsi/esp.c i ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
qemu on openSUSE Leap 42.1

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-2391
BugTraq ID: 83263
http://www.securityfocus.com/bid/83263
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://www.openwall.com/lists/oss-security/2016/02/16/2
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
http://www.ubuntu.com/usn/USN-2974-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2392
BugTraq ID: 83274
http://www.securityfocus.com/bid/83274
https://security.gentoo.org/glsa/201604-01
http://www.openwall.com/lists/oss-security/2016/02/16/7
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4453
BugTraq ID: 90928
http://www.securityfocus.com/bid/90928
https://security.gentoo.org/glsa/201609-01
http://www.openwall.com/lists/oss-security/2016/05/30/2
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-4454
BugTraq ID: 90927
http://www.securityfocus.com/bid/90927
http://www.openwall.com/lists/oss-security/2016/05/30/3
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5105
http://www.openwall.com/lists/oss-security/2016/05/25/5
http://www.openwall.com/lists/oss-security/2016/05/26/7
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5106
http://www.openwall.com/lists/oss-security/2016/05/25/6
http://www.openwall.com/lists/oss-security/2016/05/26/8
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5107
BugTraq ID: 90874
http://www.securityfocus.com/bid/90874
http://www.openwall.com/lists/oss-security/2016/05/25/7
http://www.openwall.com/lists/oss-security/2016/05/26/9
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5126
BugTraq ID: 90948
http://www.securityfocus.com/bid/90948
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.openwall.com/lists/oss-security/2016/05/30/6
http://www.openwall.com/lists/oss-security/2016/05/30/7
https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
RedHat Security Advisories: RHSA-2016:1606
http://rhn.redhat.com/errata/RHSA-2016-1606.html
RedHat Security Advisories: RHSA-2016:1607
http://rhn.redhat.com/errata/RHSA-2016-1607.html
RedHat Security Advisories: RHSA-2016:1653
http://rhn.redhat.com/errata/RHSA-2016-1653.html
RedHat Security Advisories: RHSA-2016:1654
http://rhn.redhat.com/errata/RHSA-2016-1654.html
RedHat Security Advisories: RHSA-2016:1655
http://rhn.redhat.com/errata/RHSA-2016-1655.html
RedHat Security Advisories: RHSA-2016:1756
http://rhn.redhat.com/errata/RHSA-2016-1756.html
RedHat Security Advisories: RHSA-2016:1763
http://rhn.redhat.com/errata/RHSA-2016-1763.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5238
BugTraq ID: 90995
http://www.securityfocus.com/bid/90995
http://www.openwall.com/lists/oss-security/2016/06/02/2
http://www.openwall.com/lists/oss-security/2016/06/02/9
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5337
BugTraq ID: 91097
http://www.securityfocus.com/bid/91097
http://www.openwall.com/lists/oss-security/2016/06/08/3
http://www.openwall.com/lists/oss-security/2016/06/08/13
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5338
BugTraq ID: 91079
http://www.securityfocus.com/bid/91079
http://www.openwall.com/lists/oss-security/2016/06/07/3
http://www.openwall.com/lists/oss-security/2016/06/08/14
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5403
BugTraq ID: 92148
http://www.securityfocus.com/bid/92148
RedHat Security Advisories: RHSA-2016:1585
http://rhn.redhat.com/errata/RHSA-2016-1585.html
RedHat Security Advisories: RHSA-2016:1586
http://rhn.redhat.com/errata/RHSA-2016-1586.html
RedHat Security Advisories: RHSA-2016:1652
http://rhn.redhat.com/errata/RHSA-2016-1652.html
RedHat Security Advisories: RHSA-2016:1943
http://rhn.redhat.com/errata/RHSA-2016-1943.html
http://www.securitytracker.com/id/1036476
Common Vulnerability Exposure (CVE) ID: CVE-2016-6490
http://www.openwall.com/lists/oss-security/2016/07/28/4
http://www.openwall.com/lists/oss-security/2016/07/28/9
https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6833
BugTraq ID: 93255
http://www.securityfocus.com/bid/93255
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2016/08/12/1
http://www.openwall.com/lists/oss-security/2016/08/18/3
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6836
BugTraq ID: 92444
http://www.securityfocus.com/bid/92444
http://www.openwall.com/lists/oss-security/2016/08/11/5
http://www.openwall.com/lists/oss-security/2016/08/18/5
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6888
BugTraq ID: 92556
http://www.securityfocus.com/bid/92556
http://www.openwall.com/lists/oss-security/2016/08/19/6
http://www.openwall.com/lists/oss-security/2016/08/19/10
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
RedHat Security Advisories: RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2392
RedHat Security Advisories: RHSA-2017:2408
https://access.redhat.com/errata/RHSA-2017:2408
Common Vulnerability Exposure (CVE) ID: CVE-2016-7116
BugTraq ID: 92680
http://www.securityfocus.com/bid/92680
http://www.openwall.com/lists/oss-security/2016/08/30/1
http://www.openwall.com/lists/oss-security/2016/08/30/3
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7155
BugTraq ID: 92772
http://www.securityfocus.com/bid/92772
http://www.openwall.com/lists/oss-security/2016/09/06/2
http://www.openwall.com/lists/oss-security/2016/09/07/1
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7156
BugTraq ID: 92774
http://www.securityfocus.com/bid/92774
http://www.openwall.com/lists/oss-security/2016/09/06/3
http://www.openwall.com/lists/oss-security/2016/09/07/2
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.