FEDORA-2016-f2b1f07256

security update in Fedora 23 for qemu

Status: stable 2 years ago
  • CVE-2016-3710: incorrect bounds checking in vga (bz #1334345)
  • CVE-2016-3712: out of bounds read in vga (bz #1334342)
  • Fix USB redirection (bz #1330221)
  • CVE-2016-4037: infinite loop in usb ehci (bz #1328080)
  • CVE-2016-4001: buffer overflow in stellaris net (bz #1325885)
  • CVE-2016-2858: rng stack corruption (bz #1314677)
  • CVE-2016-2391: ohci: crash via multiple timers (bz #1308881)
  • CVE-2016-2198: ehci: null pointer dereference (bz #1303134)
  • Fix tpm passthrough (bz #1281413)
  • Fix ./configure with ccache
  • Ship sysctl file to fix s390x kvm (bz #1290589)

Comments 7

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

works for me

karma: +1

no regressions noted

karma: +1

This update has been submitted for stable by bodhi.

Works for me.

karma: +1

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1330221 USB redirection broken
#1281413 Passthrough of tpm devices is broken in qemu-kvm in fedora 23
#1290589 ship sysctl file enabling vm.allocate_pgste for s390x kvm
#1334345 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module [fedora-all]
#1334342 CVE-2016-3712 qemu: qemu-kvm: Out-of-bounds read when creating weird vga screen surface [fedora-all]
#1328080 CVE-2016-4037 qemu: Infinite loop vulnerability in usb_ehci using siTD process [fedora-all]
#1325885 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator [fedora-all]
#1314677 Qemu: rng-random: arbitrary stack based allocation leading to corruption [fedora-all]
#1308881 CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]
#1303134 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]
#1331401 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
#1318712 CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
#1325129 CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
#1325884 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator
#1314676 CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
#1304794 CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
#1301643 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 17

00 #1330221 USB redirection broken
00 #1281413 Passthrough of tpm devices is broken in qemu-kvm in fedora 23
00 #1290589 ship sysctl file enabling vm.allocate_pgste for s390x kvm
00 #1334345 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module [fedora-all]
00 #1334342 CVE-2016-3712 qemu: qemu-kvm: Out-of-bounds read when creating weird vga screen surface [fedora-all]
00 #1328080 CVE-2016-4037 qemu: Infinite loop vulnerability in usb_ehci using siTD process [fedora-all]
00 #1325885 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator [fedora-all]
00 #1314677 Qemu: rng-random: arbitrary stack based allocation leading to corruption [fedora-all]
00 #1308881 CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]
00 #1303134 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]
00 #1331401 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
00 #1318712 CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
00 #1325129 CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
00 #1325884 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator
00 #1314676 CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
00 #1304794 CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
00 #1301643 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.