FEDORA-2016-a56fb613a8

security update in Fedora 24 for qemu

Status: stable 2 years ago
  • CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bz #1360600)
  • CVE-2016-6833: vmxnet3: use-after-free (bz #1368982)
  • CVE-2016-6490: virtio: infinite loop in virtqueue_pop (bz #1361428)
  • CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480)
  • CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709)
  • CVE-2016-7161: net: Heap overflow in xlnx.xps-ethernetlite (bz #1379298)
  • CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838)
  • CVE-2016-7422: virtio: null pointer dereference (bz #1376756)
  • CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193)
  • CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322)
  • CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669)
  • Don't depend on edk2 roms where they aren't available (bz #1373576)

How to install

sudo dnf upgrade --advisory=FEDORA-2016-a56fb613a8

Comments 8

This update has been submitted for testing by crobinso.

No regressions noted. (Includes use of various USB and vmware_vga.)

karma: +1

This update has been pushed to testing.

On trying to install using dnf, I got:

Error: package qemu-user-static-2:2.6.2-2.fc24.x86_64 conflicts with qemu-user-binfmt provided by qemu-user-binfmt-2:2.6.2-2.fc24.x86_64

Both these were download by bodhi!!!!

works for me

karma: +1

This update has been submitted for stable by bodhi.

works fine

karma: +1

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 2 years ago

Related Bugs 23

00 #1327465 CVE-2016-7908 Qemu: net: Infinite loop in mcf_fec_do_tx()
00 #1333425 CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
00 #1360599 CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma
00 #1360600 CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma [fedora-all]
00 #1361427 CVE-2016-6490 Qemu: virtio: infinite loop in virtqueue_pop
00 #1361428 CVE-2016-6490 Qemu: virtio: infinite loop in virtqueue_pop [fedora-all]
00 #1368980 CVE-2016-6833 Qemu: net: vmxnet3: use-after-free while writing to device
00 #1368982 CVE-2016-6833 Qemu: net: vmxnet3: use-after-free while writing to device [fedora-all]
00 #1373478 CVE-2016-7156 Qemu: scsi: pvscsi: infintie loop when building SG list
00 #1373480 CVE-2016-7156 Qemu: scsi: pvscsi: infintie loop when building SG list [fedora-all]
00 #1373576 Unable to install qemu-2:2.7.0-0.2.rc3 on fc25 Alpha1.2 ppc64le
00 #1374702 CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command
00 #1374709 CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command [fedora-all]
00 #1376755 CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc
00 #1376756 CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc [fedora-all]
00 #1377837 CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug
00 #1377838 CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug [fedora-all]
00 #1379297 CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite
00 #1379298 CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [fedora-all]
00 #1381193 CVE-2016-7908 Qemu: net: Infinite loop in mcf_fec_do_tx() [fedora-all]
00 #1382322 CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch [fedora-all]
00 #1382668 CVE-2016-7995 Qemu: usb: hcd-ehci: memory leak in ehci_process_itd
00 #1382669 CVE-2016-7995 Qemu: usb: hcd-ehci: memory leak in ehci_process_itd [fedora-all]

Automated Test Results