[security-announce] Security Update: Qemu upgrade to 2.8.0, multiple CVEs fixed

Sona Sarmadi sona.sarmadi at enea.com
Mon May 15 12:47:58 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (Qemu 2.5.0 -> 2.8.0)
Architecture: ALL
CVE Name: See below
====================================================================

The Quick Emulator (Qemu) software package as used in Enea Linux 6.0
has been updated to 2.8.0 version to address several security
vulnerabilities:

CVE-2016-9911  usb: ehci: memory leakage in ehci_init_transfer
CVE-2016-9912  display: virtio-gpu: memory leakage when destroying gpu
resource
CVE-2016-9913  9pfs: memory leakage via proxy/handle callbacks
CVE-2016-9914  9pfs: memory leakage via proxy/handle callbacks
CVE-2016-9915  9pfs: memory leakage via proxy/handle callbacks
CVE-2016-9916  9pfs: memory leakage via proxy/handle callbacks
CVE-2016-9921  display: cirrus_vga: a divide by zero in cirrus_do_copy
CVE-2016-9922  display: cirrus_vga: a divide by zero in cirrus_do_copy
CVE-2016-9923  char: use-after-free issue during hotplug and
unplugging device
CVE-2016-9776  net: mcf_fec: infinite loop while receiving data in
mcf_fec_receive
CVE-2016-9845  display: virtio-gpu-3d: information leakage in
virgl_cmd_get_capset_info
CVE-2016-9846  display: virtio-gpu: memory leakage while updating
cursor data
CVE-2016-9106  9pfs: memory leakage in v9fs_write
CVE-2016-9107 gajim: OTR leaks cleartext when using XHTML
CVE-2016-9908  display: virtio-gpu: information leakage in
virgl_cmd_get_capset
CVE-2016-9105  9pfs: memory leakage in v9fs_link
CVE-2016-9104  9pfs: integer overflow leading to OOB access
CVE-2016-9103  9pfs: information leakage via xattr
CVE-2016-9102  9pfs: memory leakage when creating extended attribute
CVE-2016-8910  net: rtl8139: infinite loop while transmit in C+ mode
CVE-2016-8669  char: divide by zero error in serial_update_parameters
CVE-2016-8668  net: OOB buffer access in rocker switch emulation
CVE-2016-8578  9pfs: potential NULL dereferencein 9pfs routines
CVE-2016-8577  9pfs: host memory leakage in v9fs_read
CVE-2016-8576  usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
CVE-2016-7995  usb: hcd-ehci: memory leak in ehci_process_itd
CVE-2016-7994  virtio-gpu: memory leak in virtio_gpu_resource_create_2d
CVE-2016-7909  net: pcnet: infinite loop in pcnet_rdra_addr()
CVE-2016-7908  net: Infinite loop in mcf_fec_do_tx()
CVE-2016-7466  usb: xhci memory leakage during device unplug
CVE-2016-7423  scsi: mptsas: OOB access when freeing MPTSASRequest objec
t
CVE-2016-7422  virtio: null pointer dereference in virtqueu_map_desc
CVE-2016-10029  display: virtio-gpu: out of bounds read in
virtio_gpu_set_scanout
CVE-2016-7170  vmware_vga: OOB stack memory access when processing svga
CVE-2016-7157  scsi: mptsas: invalid memory access while building
configuration pages
CVE-2016-7156  scsi: pvscsi: infintie loop when building SG list
CVE-2016-7155  scsi: pvscsi: OOB read and infinite loop while setting
descriptor rings
CVE-2016-7116  9p: directory traversal flaw in 9p virtio backend
CVE-2016-6888  net: vmxnet: integer overflow in packet initialisation
CVE-2016-6836  net: vmxnet: Information leakage in vmxnet3_complete_pack
et
CVE-2016-6834  net: vmxnet3: an infinite loop during packet fragmentatio
n
CVE-2016-6833  net: vmxnet3: use-after-free while writing to device
CVE-2016-5337  scsi: megasas: information leakage in megasas_ctrl_get_in
fo
CVE-2016-5338  scsi: esp: OOB r/w access while processing ESP_FIFO
CVE-2016-5126  block: iscsi: buffer overflow in iscsi_aio_ioctl
CVE-2016-5107  scsi: megasas: out-of-bounds read in
megasas_lookup_frame() function
CVE-2016-5106  scsi: megasas: out-of-bounds write while setting
controller properties
CVE-2016-5105  scsi: megasas: stack information leakage while reading
configuration
CVE-2016-4964  scsi: mptsas infinite loop in mptsas_fetch_requests
CVE-2016-4952  scsi: pvscsi: out-of-bounds access issue in
pvsci_ring_init_msg/data
CVE-2016-4454  display: vmsvga: out-of-bounds read in
vmsvga_fifo_read_raw() routine
CVE-2016-4453  display: vmsvga: infinite loop in vmsvga_fifo_run() routi
ne
CVE-2016-4441  scsi: esp: OOB write while writing to 's->cmdbuf' in
get_cmd


Reference:
http://wiki.qemu.org/ChangeLog


Reference to Enea Linux corrections
===================================
Udgrade 2.5.0 -> 2.5.1:
https://git.enea.com/cgit/linux/poky.git/patch/?id=07c94f74cda62c672e7e8
0292f917a76e1214be0

Upgrade 2.5.1 -> 2.5.1.1:
https://git.enea.com/cgit/linux/poky.git/patch/?id=71d585a8deafbeea66a51
7313d9ae10862484d22

Upgrade 2.5.1.1 -> 2.6.0
https://git.enea.com/cgit/linux/poky.git/patch/?id=5c021b4550f77ddc7d326
64a08e46ba69d16c2c7

Upgrade 2.6.0 -> 2.7.0
https://git.enea.com/cgit/linux/poky.git/patch/?id=17a9a734122e446bd2708
a4273af1fe4eacb87ae

Upgrade 2.7.0 -> 2.7.1:
https://git.enea.com/cgit/linux/poky.git/patch/?id=947f79967f2658bff158e
3903305e481b8d34553

Upgrade 2.7.1 -> 2.8.0:
https://git.enea.com/cgit/linux/poky.git/patch/?id=dcc07572fde318e470952
fa2a984fcee301c09bf

How to get the latest patches
=============================
- - If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/products/security/security-updates

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZGYdeAAoJEAilI68fskZdlbwIAOU4Ro+tRw0jTCBBNggBa6mL
MnJET9YySRY/WsCGB3mMvTQIFf9Qb0DkUw993NAms1zcmms8LcK3nHyoRh4ebvkv
elGb4TKakIQjaRAZaEQpkTaOMtXuhU/Wjf8jA6C2a+Il4VpuvpI17OLSCGMU6i0I
8Izs2ax0O+hAHgh6gPVwqdodjpD3xK9aQMkm6+d27halQGcUyQ9OCQQ0TRvMf6OJ
i17byNP0TrnVR8fAR8xfqJoHQpVrlE7WwUi3/KsB+KGMH098AOc3U7kEZKlRTaLv
Q0wmdn1hLX07h+8A7ry/VfeZik6IcgMV7aOMvCNbHV6hSW0/gPYqRpOYuf1rqfU=
=lBFo
-----END PGP SIGNATURE-----


More information about the security-announce mailing list