{"affected":[{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-48.25.1","qemu-block-curl":"2.0.2-48.25.1","qemu-block-rbd":"2.0.2-48.25.1","qemu-guest-agent":"2.0.2-48.25.1","qemu-ipxe":"1.0.0-48.25.1","qemu-kvm":"2.0.2-48.25.1","qemu-lang":"2.0.2-48.25.1","qemu-seabios":"1.7.4-48.25.1","qemu-sgabios":"8-48.25.1","qemu-tools":"2.0.2-48.25.1","qemu-vgabios":"1.7.4-48.25.1","qemu-x86":"2.0.2-48.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-48.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"qemu":"2.0.2-48.25.1","qemu-block-curl":"2.0.2-48.25.1","qemu-block-rbd":"2.0.2-48.25.1","qemu-guest-agent":"2.0.2-48.25.1","qemu-ipxe":"1.0.0-48.25.1","qemu-kvm":"2.0.2-48.25.1","qemu-lang":"2.0.2-48.25.1","qemu-ppc":"2.0.2-48.25.1","qemu-s390":"2.0.2-48.25.1","qemu-seabios":"1.7.4-48.25.1","qemu-sgabios":"8-48.25.1","qemu-tools":"2.0.2-48.25.1","qemu-vgabios":"1.7.4-48.25.1","qemu-x86":"2.0.2-48.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.2-48.25.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for qemu fixes the following issues:\n\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12\n- Change package post script udevadm trigger calls to be device\n  specific (bsc#1002116)\n- Address various security/stability issues\n * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)\n * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)\n * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)\n * Fix DOS in ColdFire Fast Ethernet Controller emulation\n   (CVE-2016-7908 bsc#1002550)\n * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)\n * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)\n * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)\n * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)\n * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)\n * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)\n * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)\n * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)\n * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)\n * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)\n * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)\n * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)\n * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)\n * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)\n","id":"SUSE-SU-2016:2936-1","modified":"2016-11-29T09:18:32Z","published":"2016-11-29T09:18:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162936-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001151"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002116"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002550"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002557"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003878"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003893"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003894"},{"type":"REPORT","url":"https://bugzilla.suse.com/1004702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1004707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1006536"},{"type":"REPORT","url":"https://bugzilla.suse.com/1006538"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007391"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007493"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007494"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007495"},{"type":"REPORT","url":"https://bugzilla.suse.com/998516"},{"type":"REPORT","url":"https://bugzilla.suse.com/999661"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7170"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7908"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7909"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8577"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8667"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8669"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8909"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8910"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9106"}],"related":["CVE-2016-7161","CVE-2016-7170","CVE-2016-7421","CVE-2016-7908","CVE-2016-7909","CVE-2016-8576","CVE-2016-8577","CVE-2016-8578","CVE-2016-8667","CVE-2016-8669","CVE-2016-8909","CVE-2016-8910","CVE-2016-9101","CVE-2016-9102","CVE-2016-9103","CVE-2016-9104","CVE-2016-9105","CVE-2016-9106"],"summary":"Security update for qemu","upstream":["CVE-2016-7161","CVE-2016-7170","CVE-2016-7421","CVE-2016-7908","CVE-2016-7909","CVE-2016-8576","CVE-2016-8577","CVE-2016-8578","CVE-2016-8667","CVE-2016-8669","CVE-2016-8909","CVE-2016-8910","CVE-2016-9101","CVE-2016-9102","CVE-2016-9103","CVE-2016-9104","CVE-2016-9105","CVE-2016-9106"]}