{"affected":[{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-46.1","qemu-block-curl":"2.0.2-46.1","qemu-ipxe":"1.0.0-46.1","qemu-kvm":"2.0.2-46.1","qemu-seabios":"1.7.4-46.1","qemu-sgabios":"8-46.1","qemu-tools":"2.0.2-46.1","qemu-vgabios":"1.7.4-46.1","qemu-x86":"2.0.2-46.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-46.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-46.1","qemu-block-curl":"2.0.2-46.1","qemu-block-rbd":"2.0.2-46.1","qemu-guest-agent":"2.0.2-46.1","qemu-ipxe":"1.0.0-46.1","qemu-kvm":"2.0.2-46.1","qemu-lang":"2.0.2-46.1","qemu-ppc":"2.0.2-46.1","qemu-s390":"2.0.2-46.1","qemu-seabios":"1.7.4-46.1","qemu-sgabios":"8-46.1","qemu-tools":"2.0.2-46.1","qemu-vgabios":"1.7.4-46.1","qemu-x86":"2.0.2-46.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-46.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-46.1","qemu-block-curl":"2.0.2-46.1","qemu-block-rbd":"2.0.2-46.1","qemu-guest-agent":"2.0.2-46.1","qemu-ipxe":"1.0.0-46.1","qemu-kvm":"2.0.2-46.1","qemu-lang":"2.0.2-46.1","qemu-ppc":"2.0.2-46.1","qemu-s390":"2.0.2-46.1","qemu-seabios":"1.7.4-46.1","qemu-sgabios":"8-46.1","qemu-tools":"2.0.2-46.1","qemu-vgabios":"1.7.4-46.1","qemu-x86":"2.0.2-46.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-46.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nqemu / kvm was updated to fix a security issue and some bugs.\n\nSecurity issue fixed:\n\n* CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used\n  to denial of service attacks or potential code execution against the host.\n\n* CVE-2015-1779: Fixed insufficient resource limiting in the VNC websockets decoder.\n\n\nBugs fixed:\n- qemu truncates vhd images in virt-rescue (bsc#886378)\n\n- Update kvm-supported.txt with the current rbd support status.\n\n- enable rbd build on x86_64 (qemu-block-rbd package) (FATE#318349)","id":"SUSE-SU-2015:0896-1","modified":"2015-05-12T21:54:11Z","published":"2015-05-12T21:54:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150896-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/886378"},{"type":"REPORT","url":"https://bugzilla.suse.com/924018"},{"type":"REPORT","url":"https://bugzilla.suse.com/929339"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-1779"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3456"}],"related":["CVE-2015-1779","CVE-2015-3456"],"summary":"Security update for qemu","upstream":["CVE-2015-1779","CVE-2015-3456"]}