Security update for kvm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1152-1 Final 1 1 2014-09-19T14:41:45Z current 2014-09-19T14:41:45Z 2014-09-19T14:41:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kvm kvm has been updated to fix issues in the embedded qemu: * CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-3461: A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. * CVE-2014-0222: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. Non-security bugs fixed: * Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842) * Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535) Security Issues: * CVE-2014-0222 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222> * CVE-2014-0223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223> * CVE-2014-3461 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sledsp3-kvm,slessp3-kvm Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ Link for SUSE-SU-2015:1152-1 https://lists.suse.com/pipermail/sle-security-updates/2015-June/001465.html E-Mail link for SUSE-SU-2015:1152-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/812836 SUSE Bug 812836 https://bugzilla.suse.com/812983 SUSE Bug 812983 https://bugzilla.suse.com/817593 SUSE Bug 817593 https://bugzilla.suse.com/821819 SUSE Bug 821819 https://bugzilla.suse.com/824340 SUSE Bug 824340 https://bugzilla.suse.com/829800 SUSE Bug 829800 https://bugzilla.suse.com/841080 SUSE Bug 841080 https://bugzilla.suse.com/842006 SUSE Bug 842006 https://bugzilla.suse.com/842088 SUSE Bug 842088 https://bugzilla.suse.com/858858 SUSE Bug 858858 https://bugzilla.suse.com/864391 SUSE Bug 864391 https://bugzilla.suse.com/864649 SUSE Bug 864649 https://bugzilla.suse.com/864650 SUSE Bug 864650 https://bugzilla.suse.com/864653 SUSE Bug 864653 https://bugzilla.suse.com/864655 SUSE Bug 864655 https://bugzilla.suse.com/864665 SUSE Bug 864665 https://bugzilla.suse.com/864671 SUSE Bug 864671 https://bugzilla.suse.com/864673 SUSE Bug 864673 https://bugzilla.suse.com/864678 SUSE Bug 864678 https://bugzilla.suse.com/864682 SUSE Bug 864682 https://bugzilla.suse.com/864769 SUSE Bug 864769 https://bugzilla.suse.com/864796 SUSE Bug 864796 https://bugzilla.suse.com/864801 SUSE Bug 864801 https://bugzilla.suse.com/864802 SUSE Bug 864802 https://bugzilla.suse.com/864804 SUSE Bug 864804 https://bugzilla.suse.com/864805 SUSE Bug 864805 https://bugzilla.suse.com/864811 SUSE Bug 864811 https://bugzilla.suse.com/864812 SUSE Bug 864812 https://bugzilla.suse.com/864814 SUSE Bug 864814 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/873235 SUSE Bug 873235 https://bugzilla.suse.com/874749 SUSE Bug 874749 https://bugzilla.suse.com/874788 SUSE Bug 874788 https://bugzilla.suse.com/876842 SUSE Bug 876842 https://bugzilla.suse.com/877642 SUSE Bug 877642 https://bugzilla.suse.com/877645 SUSE Bug 877645 https://bugzilla.suse.com/878541 SUSE Bug 878541 https://bugzilla.suse.com/886535 SUSE Bug 886535 https://bugzilla.suse.com/920571 SUSE Bug 920571 https://bugzilla.suse.com/924018 SUSE Bug 924018 https://bugzilla.suse.com/929339 SUSE Bug 929339 https://bugzilla.suse.com/932267 SUSE Bug 932267 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://www.suse.com/security/cve/CVE-2013-2016/ SUSE CVE CVE-2013-2016 page https://www.suse.com/security/cve/CVE-2013-4344/ SUSE CVE CVE-2013-4344 page https://www.suse.com/security/cve/CVE-2013-4541/ SUSE CVE CVE-2013-4541 page https://www.suse.com/security/cve/CVE-2014-0142/ SUSE CVE CVE-2014-0142 page https://www.suse.com/security/cve/CVE-2014-0143/ SUSE CVE CVE-2014-0143 page https://www.suse.com/security/cve/CVE-2014-0144/ SUSE CVE CVE-2014-0144 page https://www.suse.com/security/cve/CVE-2014-0145/ SUSE CVE CVE-2014-0145 page https://www.suse.com/security/cve/CVE-2014-0146/ SUSE CVE CVE-2014-0146 page https://www.suse.com/security/cve/CVE-2014-0147/ SUSE CVE CVE-2014-0147 page https://www.suse.com/security/cve/CVE-2014-0150/ SUSE CVE CVE-2014-0150 page https://www.suse.com/security/cve/CVE-2014-0222/ SUSE CVE CVE-2014-0222 page https://www.suse.com/security/cve/CVE-2014-0223/ SUSE CVE CVE-2014-0223 page https://www.suse.com/security/cve/CVE-2014-2894/ SUSE CVE CVE-2014-2894 page https://www.suse.com/security/cve/CVE-2014-3461/ SUSE CVE CVE-2014-3461 page https://www.suse.com/security/cve/CVE-2015-1779/ SUSE CVE CVE-2015-1779 page https://www.suse.com/security/cve/CVE-2015-3209/ SUSE CVE CVE-2015-3209 page https://www.suse.com/security/cve/CVE-2015-3456/ SUSE CVE CVE-2015-3456 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 kvm-1.4.2-0.17.1 kvm-1.4.2-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 kvm-1.4.2-0.17.1 as a component of SUSE Linux Enterprise Server 11 SP3 kvm-1.4.2-0.17.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA kvm-1.4.2-0.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. CVE-2013-2016 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2013-2016.html CVE-2013-2016 https://bugzilla.suse.com/817593 SUSE Bug 817593 https://bugzilla.suse.com/871442 SUSE Bug 871442 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. CVE-2013-4344 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2013-4344.html CVE-2013-4344 https://bugzilla.suse.com/842006 SUSE Bug 842006 https://bugzilla.suse.com/871442 SUSE Bug 871442 https://bugzilla.suse.com/880751 SUSE Bug 880751 The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. CVE-2013-4541 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2013-4541.html CVE-2013-4541 https://bugzilla.suse.com/864802 SUSE Bug 864802 https://bugzilla.suse.com/871442 SUSE Bug 871442 QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. CVE-2014-0142 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0142.html CVE-2014-0142 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. CVE-2014-0143 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0143.html CVE-2014-0143 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. CVE-2014-0144 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0144.html CVE-2014-0144 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). CVE-2014-0145 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0145.html CVE-2014-0145 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. CVE-2014-0146 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0146.html CVE-2014-0146 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. CVE-2014-0147 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0147.html CVE-2014-0147 https://bugzilla.suse.com/870439 SUSE Bug 870439 https://bugzilla.suse.com/871442 SUSE Bug 871442 Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. CVE-2014-0150 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0150.html CVE-2014-0150 https://bugzilla.suse.com/873235 SUSE Bug 873235 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. CVE-2014-0222 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 5.5 AV:A/AC:L/Au:S/C:N/I:N/A:C 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0222.html CVE-2014-0222 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/877642 SUSE Bug 877642 https://bugzilla.suse.com/950367 SUSE Bug 950367 https://bugzilla.suse.com/964925 SUSE Bug 964925 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. CVE-2014-0223 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-0223.html CVE-2014-0223 https://bugzilla.suse.com/877645 SUSE Bug 877645 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. CVE-2014-2894 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-2894.html CVE-2014-2894 https://bugzilla.suse.com/874749 SUSE Bug 874749 hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." CVE-2014-3461 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2014-3461.html CVE-2014-3461 https://bugzilla.suse.com/878541 SUSE Bug 878541 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. CVE-2015-1779 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2015-1779.html CVE-2015-1779 https://bugzilla.suse.com/924018 SUSE Bug 924018 https://bugzilla.suse.com/962632 SUSE Bug 962632 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. CVE-2015-3209 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2015-3209.html CVE-2015-3209 https://bugzilla.suse.com/932267 SUSE Bug 932267 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/932823 SUSE Bug 932823 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. CVE-2015-3456 SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.17.1 moderate 7.7 AV:A/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1/ https://www.suse.com/security/cve/CVE-2015-3456.html CVE-2015-3456 https://bugzilla.suse.com/929339 SUSE Bug 929339 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/935900 SUSE Bug 935900