FEDORA-2016-a3298e39f7

security update in Fedora 22 for qemu

Status: stable 3 years ago
  • CVE-2016-3710: incorrect bounds checking in vga (bz #1334345)
  • CVE-2016-3712: out of bounds read in vga (bz #1334342)
  • Fix USB redirection (bz #1330221)
  • CVE-2016-4037: infinite loop in usb ehci (bz #1328080)
  • CVE-2016-4001: buffer overflow in stellaris net (bz #1325885)
  • CVE-2016-2858: rng stack corruption (bz #1314677)
  • CVE-2016-2391: ohci: crash via multiple timers (bz #1308881)
  • CVE-2016-2198: ehci: null pointer dereference (bz #1303134)
  • Fix ./configure with ccache

How to install

sudo dnf upgrade --advisory=FEDORA-2016-a3298e39f7

Comments 6

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

no regressions noted

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 14

00 #1301643 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
00 #1303134 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]
00 #1304794 CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
00 #1308881 CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]
00 #1314676 CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
00 #1314677 Qemu: rng-random: arbitrary stack based allocation leading to corruption [fedora-all]
00 #1318712 CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
00 #1325129 CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
00 #1325884 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator
00 #1325885 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator [fedora-all]
00 #1328080 CVE-2016-4037 qemu: Infinite loop vulnerability in usb_ehci using siTD process [fedora-all]
00 #1331401 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
00 #1334342 CVE-2016-3712 qemu: qemu-kvm: Out-of-bounds read when creating weird vga screen surface [fedora-all]
00 #1334345 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module [fedora-all]

Automated Test Results