[security-announce] Security Update: : QEMU: CVE-2016-3710 and CVE-2016-3711

Sona Sarmadi sona.sarmadi at enea.com
Mon Oct 3 10:47:03 CEST 2016


		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (QEMU 2.5.0)
Severity: High, Medium
Architecture: all
CVE Name: CVE-2016-3710, CVE-2016-3711
====================================================================

Following vulnerabilities have been fixed in Enea Linux 6.0 in QEMU
version 2.5.0.

Description
===========
CVE-2016-3710:
The VGA module in QEMU improperly performs bounds checking on banked
access to video memory, which allows local guest OS administrators to
execute arbitrary code on the host by changing access modes after
setting the bank register, aka the "Dark Portal" issue


CVE-2016-3712:
Integer overflow in the VGA module in QEMU allows local guest OS users
to cause a denial of service (out-of-bounds read and QEMU process crash)
by editing VGA registers in VBE mode.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3712


Reference to the upstream fixes:
=================================
CVE-2016-3710:
http://git.qemu.org/?p=qemu.git;a=commit;h=4f0323d26c8da08b7bcfdd4722a38711bd2f1a3b

CVE-2016-3712:
http://git.qemu.org/?p=qemu.git;a=commit;h=44b86aa32e4147c727fadd9a0f0bc503a5dedb72

Correction for Enea Linux
=========================
CVE-2016-3710:
http://git.enea.com/cgit/linux/poky.git/patch/?id=990b8e7919adefb4331d41a5e0d328fd1f0cefbc

CVE-2016-3712:
http://git.enea.com/cgit/linux/poky.git/patch/?id=ea62893915678119070eaec78322ed2e34edd21f

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for Enea Linux, follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo
$ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init \
-u git://git.enea.com/linux/el_manifests-standard.git \
-b krogoth\
-m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20161003/8588545b/attachment.sig>


More information about the security-announce mailing list