Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.3084.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:3084-1)
Summary:The remote host is missing an update for the 'kvm' package(s) announced via the SUSE-SU-2017:3084-1 advisory.
Description:Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the SUSE-SU-2017:3084-1 advisory.

Vulnerability Insight:
This update for kvm fixes several issues.
These security issues were fixed:
- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo failed to check the memory region, allowing for
an out-of-bounds write that allows for privilege escalation (bsc#1024972)
- CVE-2017-2615: An error in the bitblt copy operation could have allowed
a malicious guest administrator to cause an out of bounds memory access,
possibly leading to information disclosure or privilege escalation
(bsc#1023004)
- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support
was vulnerable to an infinite loop issue while receiving packets in
'mcf_fec_receive'. A privileged user/process inside guest could have
used this issue to crash the Qemu process on the host leading to DoS
(bsc#1013285)
- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory
leakage issue while processing packet data in 'ehci_init_transfer'. A
guest user/process could have used this issue to leak host memory,
resulting in DoS for the host (bsc#1014111)
- CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a
memory leakage flaw when destroying the USB redirector in
'usbredir_handle_destroy'. A guest user/process could have used this
issue to leak host memory, resulting in DoS for a host (bsc#1014109)
- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1014702)
- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
to a divide by zero issue while copying VGA data. A privileged user
inside guest could have used this flaw to crash the process instance on
the host, resulting in DoS (bsc#1014702)
- CVE-2017-5898: The CCID Card device emulator support was vulnerable to
an integer overflow allowing a privileged user inside the guest to crash
the Qemu process resulting in DoS (bnc#1023907)
- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was
vulnerable to a memory leakage issue allowing a privileged user to cause
a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)
- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation
support was vulnerable to a memory leakage issue allowing a privileged
user to leak host memory resulting in DoS (bsc#1023053)
- CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File
System(9pfs) support was vulnerable to an improper link following issue
which allowed a privileged user inside guest to access host file system
beyond the shared folder and potentially escalating their privileges on
a host (bsc#1020427)
- CVE-2016-9603: A privileged user within the guest VM could have caused a
heap overflow in the device model process, potentially e... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kvm' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-9602
BugTraq ID: 95461
http://www.securityfocus.com/bid/95461
https://security.gentoo.org/glsa/201704-01
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2017/01/17/12
https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
http://www.securitytracker.com/id/1037604
Common Vulnerability Exposure (CVE) ID: CVE-2016-9603
BugTraq ID: 96893
http://www.securityfocus.com/bid/96893
https://security.gentoo.org/glsa/201706-03
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
RedHat Security Advisories: RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0980
RedHat Security Advisories: RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0981
RedHat Security Advisories: RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0982
RedHat Security Advisories: RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0983
RedHat Security Advisories: RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0984
RedHat Security Advisories: RHSA-2017:0985
https://access.redhat.com/errata/RHSA-2017:0985
RedHat Security Advisories: RHSA-2017:0987
https://access.redhat.com/errata/RHSA-2017:0987
RedHat Security Advisories: RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:0988
RedHat Security Advisories: RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1205
RedHat Security Advisories: RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1206
RedHat Security Advisories: RHSA-2017:1441
https://access.redhat.com/errata/RHSA-2017:1441
http://www.securitytracker.com/id/1038023
Common Vulnerability Exposure (CVE) ID: CVE-2016-9776
BugTraq ID: 94638
http://www.securityfocus.com/bid/94638
https://security.gentoo.org/glsa/201701-49
http://www.openwall.com/lists/oss-security/2016/12/02/3
http://www.openwall.com/lists/oss-security/2016/12/02/8
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9907
BugTraq ID: 94759
http://www.securityfocus.com/bid/94759
http://www.openwall.com/lists/oss-security/2016/12/08/3
RedHat Security Advisories: RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2392
RedHat Security Advisories: RHSA-2017:2408
https://access.redhat.com/errata/RHSA-2017:2408
Common Vulnerability Exposure (CVE) ID: CVE-2016-9911
BugTraq ID: 94762
http://www.securityfocus.com/bid/94762
http://www.openwall.com/lists/oss-security/2016/12/08/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-9921
BugTraq ID: 94803
http://www.securityfocus.com/bid/94803
http://www.openwall.com/lists/oss-security/2016/12/09/1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9922
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-2615
BugTraq ID: 95990
http://www.securityfocus.com/bid/95990
https://security.gentoo.org/glsa/201702-27
https://security.gentoo.org/glsa/201702-28
http://www.openwall.com/lists/oss-security/2017/02/01/6
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
RedHat Security Advisories: RHSA-2017:0309
http://rhn.redhat.com/errata/RHSA-2017-0309.html
RedHat Security Advisories: RHSA-2017:0328
http://rhn.redhat.com/errata/RHSA-2017-0328.html
RedHat Security Advisories: RHSA-2017:0329
http://rhn.redhat.com/errata/RHSA-2017-0329.html
RedHat Security Advisories: RHSA-2017:0330
http://rhn.redhat.com/errata/RHSA-2017-0330.html
RedHat Security Advisories: RHSA-2017:0331
http://rhn.redhat.com/errata/RHSA-2017-0331.html
RedHat Security Advisories: RHSA-2017:0332
http://rhn.redhat.com/errata/RHSA-2017-0332.html
RedHat Security Advisories: RHSA-2017:0333
http://rhn.redhat.com/errata/RHSA-2017-0333.html
RedHat Security Advisories: RHSA-2017:0334
http://rhn.redhat.com/errata/RHSA-2017-0334.html
RedHat Security Advisories: RHSA-2017:0344
http://rhn.redhat.com/errata/RHSA-2017-0344.html
RedHat Security Advisories: RHSA-2017:0350
http://rhn.redhat.com/errata/RHSA-2017-0350.html
RedHat Security Advisories: RHSA-2017:0396
http://rhn.redhat.com/errata/RHSA-2017-0396.html
RedHat Security Advisories: RHSA-2017:0454
http://rhn.redhat.com/errata/RHSA-2017-0454.html
http://www.securitytracker.com/id/1037804
Common Vulnerability Exposure (CVE) ID: CVE-2017-2620
BugTraq ID: 96378
http://www.securityfocus.com/bid/96378
https://security.gentoo.org/glsa/201703-07
http://www.openwall.com/lists/oss-security/2017/02/21/1
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
RedHat Security Advisories: RHSA-2017:0351
http://rhn.redhat.com/errata/RHSA-2017-0351.html
RedHat Security Advisories: RHSA-2017:0352
http://rhn.redhat.com/errata/RHSA-2017-0352.html
http://www.securitytracker.com/id/1037870
Common Vulnerability Exposure (CVE) ID: CVE-2017-5579
BugTraq ID: 95780
http://www.securityfocus.com/bid/95780
http://www.openwall.com/lists/oss-security/2017/01/24/8
http://www.openwall.com/lists/oss-security/2017/01/25/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-5856
BugTraq ID: 95999
http://www.securityfocus.com/bid/95999
http://www.openwall.com/lists/oss-security/2017/02/01/19
http://www.openwall.com/lists/oss-security/2017/02/02/14
Common Vulnerability Exposure (CVE) ID: CVE-2017-5898
BugTraq ID: 96112
http://www.securityfocus.com/bid/96112
http://www.openwall.com/lists/oss-security/2017/02/07/3
RedHat Security Advisories: RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:1856
SuSE Security Announcement: SUSE-SU-2017:0570 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html
SuSE Security Announcement: SUSE-SU-2017:0582 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5973
BugTraq ID: 96220
http://www.securityfocus.com/bid/96220
http://www.openwall.com/lists/oss-security/2017/02/13/11
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6505
BugTraq ID: 96611
http://www.securityfocus.com/bid/96611
http://www.openwall.com/lists/oss-security/2017/03/06/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-7471
BugTraq ID: 97970
http://www.securityfocus.com/bid/97970
http://www.openwall.com/lists/oss-security/2017/04/19/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-7493
BugTraq ID: 98574
http://www.securityfocus.com/bid/98574
http://seclists.org/oss-sec/2017/q2/278
https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7718
BugTraq ID: 97957
http://www.securityfocus.com/bid/97957
http://www.openwall.com/lists/oss-security/2017/04/19/4
RedHat Security Advisories: RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1430
RedHat Security Advisories: RHSA-2017:1431
https://access.redhat.com/errata/RHSA-2017:1431
Common Vulnerability Exposure (CVE) ID: CVE-2017-7980
BugTraq ID: 102129
http://www.securityfocus.com/bid/102129
BugTraq ID: 97955
http://www.securityfocus.com/bid/97955
http://www.openwall.com/lists/oss-security/2017/04/21/1
http://ubuntu.com/usn/usn-3289-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-8086
BugTraq ID: 98012
http://www.securityfocus.com/bid/98012
http://www.openwall.com/lists/oss-security/2017/04/25/5
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8309
BugTraq ID: 98302
http://www.securityfocus.com/bid/98302
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9330
BugTraq ID: 98779
http://www.securityfocus.com/bid/98779
Debian Security Information: DSA-3920 (Google Search)
http://www.debian.org/security/2017/dsa-3920
http://www.openwall.com/lists/oss-security/2017/06/01/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-9373
BugTraq ID: 98921
http://www.securityfocus.com/bid/98921
http://www.openwall.com/lists/oss-security/2017/06/05/1
Common Vulnerability Exposure (CVE) ID: CVE-2017-9375
BugTraq ID: 98915
http://www.securityfocus.com/bid/98915
Debian Security Information: DSA-3991 (Google Search)
http://www.debian.org/security/2017/dsa-3991
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.openwall.com/lists/oss-security/2017/06/05/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-9503
BugTraq ID: 99010
http://www.securityfocus.com/bid/99010
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
http://www.openwall.com/lists/oss-security/2017/06/08/1
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.