FEDORA-2016-42778e8c82

security update in Fedora 23 for qemu

Status: stable 2 years ago
  • CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 (bz #1295442)
  • CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818)
  • CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766)
  • CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008)
  • CVE-2015-8701: Buffer overflow in tx_consume in rocker.c (bz #1293720)
  • CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787)
  • CVE-2016-1568: Use-after-free vulnerability in ahci (bz #1297023)
  • Fix modules.d/kvm.conf example syntax (bz #1298823)

Comments 8

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

works for me

karma: +1

Works great! LGTM =)

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Works for me...

karma: +1

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1298823 Wrong commented out syntax in kvm.conf
#1295442 CVE-2015-8745 qemu: Support reading IMR registers on bar0 [fedora-all]
#1289818 CVE-2015-8567 CVE-2015-8568 Qemu: net: vmxnet3: host memory leakage [fedora-all]
#1292766 CVE-2016-1922 qemu: Null pointer dereference in vapic_write() [fedora-all]
#1284008 CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
#1293720 CVE-2015-8701 qemu: Buffer overflow in tx_consume in rocker.c [fedora-all]
#1294787 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions [fedora-all]
#1297023 CVE-2016-1568 qemu: Use-after-free vulnerability in ahci [fedora-all]
#1270876 CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call
#1289816 CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage
#1283934 CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
#1286971 CVE-2015-8701 Qemu: net: rocker: stack buffer overflow(off-by-one) in tx_consume routine
#1264929 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions
#1288532 CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 14

00 #1298823 Wrong commented out syntax in kvm.conf
00 #1295442 CVE-2015-8745 qemu: Support reading IMR registers on bar0 [fedora-all]
00 #1289818 CVE-2015-8567 CVE-2015-8568 Qemu: net: vmxnet3: host memory leakage [fedora-all]
00 #1292766 CVE-2016-1922 qemu: Null pointer dereference in vapic_write() [fedora-all]
00 #1284008 CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
00 #1293720 CVE-2015-8701 qemu: Buffer overflow in tx_consume in rocker.c [fedora-all]
00 #1294787 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions [fedora-all]
00 #1297023 CVE-2016-1568 qemu: Use-after-free vulnerability in ahci [fedora-all]
00 #1270876 CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call
00 #1289816 CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage
00 #1283934 CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
00 #1286971 CVE-2015-8701 Qemu: net: rocker: stack buffer overflow(off-by-one) in tx_consume routine
00 #1264929 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions
00 #1288532 CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.