FEDORA-2016-f2b1f07256

security update in Fedora 23 for qemu

Status: stable 2 years ago
  • CVE-2016-3710: incorrect bounds checking in vga (bz #1334345)
  • CVE-2016-3712: out of bounds read in vga (bz #1334342)
  • Fix USB redirection (bz #1330221)
  • CVE-2016-4037: infinite loop in usb ehci (bz #1328080)
  • CVE-2016-4001: buffer overflow in stellaris net (bz #1325885)
  • CVE-2016-2858: rng stack corruption (bz #1314677)
  • CVE-2016-2391: ohci: crash via multiple timers (bz #1308881)
  • CVE-2016-2198: ehci: null pointer dereference (bz #1303134)
  • Fix tpm passthrough (bz #1281413)
  • Fix ./configure with ccache
  • Ship sysctl file to fix s390x kvm (bz #1290589)

Comments 7

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

works for me

karma: +1

no regressions noted

karma: +1

This update has been submitted for stable by bodhi.

Works for me.

karma: +1

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1281413 Passthrough of tpm devices is broken in qemu-kvm in fedora 23
#1290589 ship sysctl file enabling vm.allocate_pgste for s390x kvm
#1301643 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
#1303134 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]
#1304794 CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
#1308881 CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]
#1314676 CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
#1314677 Qemu: rng-random: arbitrary stack based allocation leading to corruption [fedora-all]
#1318712 CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
#1325129 CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
#1325884 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator
#1325885 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator [fedora-all]
#1328080 CVE-2016-4037 qemu: Infinite loop vulnerability in usb_ehci using siTD process [fedora-all]
#1330221 USB redirection broken
#1331401 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
#1334342 CVE-2016-3712 qemu: qemu-kvm: Out-of-bounds read when creating weird vga screen surface [fedora-all]
#1334345 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 17

00 #1281413 Passthrough of tpm devices is broken in qemu-kvm in fedora 23
00 #1290589 ship sysctl file enabling vm.allocate_pgste for s390x kvm
00 #1301643 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
00 #1303134 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]
00 #1304794 CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
00 #1308881 CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]
00 #1314676 CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
00 #1314677 Qemu: rng-random: arbitrary stack based allocation leading to corruption [fedora-all]
00 #1318712 CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
00 #1325129 CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
00 #1325884 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator
00 #1325885 CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator [fedora-all]
00 #1328080 CVE-2016-4037 qemu: Infinite loop vulnerability in usb_ehci using siTD process [fedora-all]
00 #1330221 USB redirection broken
00 #1331401 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
00 #1334342 CVE-2016-3712 qemu: qemu-kvm: Out-of-bounds read when creating weird vga screen surface [fedora-all]
00 #1334345 CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module [fedora-all]

Automated Test Results