{"affected":[{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-48.9.1","qemu-block-curl":"2.0.2-48.9.1","qemu-ipxe":"1.0.0-48.9.1","qemu-kvm":"2.0.2-48.9.1","qemu-seabios":"1.7.4-48.9.1","qemu-sgabios":"8-48.9.1","qemu-tools":"2.0.2-48.9.1","qemu-vgabios":"1.7.4-48.9.1","qemu-x86":"2.0.2-48.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-48.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-48.9.1","qemu-block-curl":"2.0.2-48.9.1","qemu-block-rbd":"2.0.2-48.9.1","qemu-guest-agent":"2.0.2-48.9.1","qemu-ipxe":"1.0.0-48.9.1","qemu-kvm":"2.0.2-48.9.1","qemu-lang":"2.0.2-48.9.1","qemu-ppc":"2.0.2-48.9.1","qemu-s390":"2.0.2-48.9.1","qemu-seabios":"1.7.4-48.9.1","qemu-sgabios":"8-48.9.1","qemu-tools":"2.0.2-48.9.1","qemu-vgabios":"1.7.4-48.9.1","qemu-x86":"2.0.2-48.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-48.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-48.9.1","qemu-block-curl":"2.0.2-48.9.1","qemu-block-rbd":"2.0.2-48.9.1","qemu-guest-agent":"2.0.2-48.9.1","qemu-ipxe":"1.0.0-48.9.1","qemu-kvm":"2.0.2-48.9.1","qemu-lang":"2.0.2-48.9.1","qemu-ppc":"2.0.2-48.9.1","qemu-s390":"2.0.2-48.9.1","qemu-seabios":"1.7.4-48.9.1","qemu-sgabios":"8-48.9.1","qemu-tools":"2.0.2-48.9.1","qemu-vgabios":"1.7.4-48.9.1","qemu-x86":"2.0.2-48.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-48.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"qemu was updated to fix several security issues and bugs.\n\nThe following vulnerabilities were fixed:\n- CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU,\n  when the container has a CDROM drive enabled, allows local guest users\n  to execute arbitrary code on the host via unspecified ATAPI commands.\n  (bsc#938344).\n- CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that\n  could occur when receiving packets over the network. (bsc#945989)\n- CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue\n  that could occur when receiving packets over the network. (bsc#945987)\n- CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could\n  occur while executing an IDE command WIN_READ_NATIVE_MAX to determine\n  the maximum size of a drive. (bsc#945404)\n- CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU\n  allowed remote attackers to cause a denial of service (crash) via a small\n  bytes_per_pixel value.  (bsc#902737):\n\nAlso these non-security issues were fixed:\n- bsc#937572: Fixed dictzip on big endian systems \n- bsc#934517: Fix 'info tlb' causes guest to freeze\n- bsc#934506: Fix vte monitor consol looks empy\n- bsc#937125: Fix parsing of scsi-disk wwn uint64 property \n- bsc#945778: Drop .probe hooks for DictZip and tar block drivers\n- bsc#937572: Fold common-obj-y -> block-obj-y change into original patches\n- bsc#928308,bsc#944017: Fix virtio-ccw index errors when initrd gets too large \n- bsc#936537: Fix possible qemu-img error when converting to compressed qcow2 image\n- bsc#939216: Fix reboot fail after install using uefi\n- bsc#943446: qemu-img convert doesn't create MB aligned VHDs anymore\n\n","id":"SUSE-SU-2015:1782-1","modified":"2015-09-28T09:38:55Z","published":"2015-09-28T09:38:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151782-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/902737"},{"type":"REPORT","url":"https://bugzilla.suse.com/928308"},{"type":"REPORT","url":"https://bugzilla.suse.com/934506"},{"type":"REPORT","url":"https://bugzilla.suse.com/934517"},{"type":"REPORT","url":"https://bugzilla.suse.com/936537"},{"type":"REPORT","url":"https://bugzilla.suse.com/937125"},{"type":"REPORT","url":"https://bugzilla.suse.com/937572"},{"type":"REPORT","url":"https://bugzilla.suse.com/938344"},{"type":"REPORT","url":"https://bugzilla.suse.com/939216"},{"type":"REPORT","url":"https://bugzilla.suse.com/943446"},{"type":"REPORT","url":"https://bugzilla.suse.com/944017"},{"type":"REPORT","url":"https://bugzilla.suse.com/945404"},{"type":"REPORT","url":"https://bugzilla.suse.com/945778"},{"type":"REPORT","url":"https://bugzilla.suse.com/945987"},{"type":"REPORT","url":"https://bugzilla.suse.com/945989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5278"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5279"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6855"}],"related":["CVE-2014-7815","CVE-2015-5154","CVE-2015-5278","CVE-2015-5279","CVE-2015-6855"],"summary":"Security update for qemu","upstream":["CVE-2014-7815","CVE-2015-5154","CVE-2015-5278","CVE-2015-5279","CVE-2015-6855"]}