{"affected":[{"ecosystem_specific":{"binaries":[{"kvm":"1.4.2-50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"kvm","purl":"pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.2-50.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kvm":"1.4.2-50.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"kvm","purl":"pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.2-50.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for kvm fixes the following issues:\n\n- Address various security/stability issues\n * Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)\n * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)\n * Fix DOS in ColdFire Fast Ethernet Controller emulation\n   (CVE-2016-7908 bsc#1002550)\n * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)\n * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)\n * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)\n * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)\n * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)\n * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)\n * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)\n * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)\n * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)\n * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)\n * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)\n * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)\n * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)\n * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)\n\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE11-SP4\n- Remove semi-contradictory and now determined erroneous statement\n  in kvm-supported.txt regarding not running ntp in kvm guest when\n  kvm-clock is used. It is now recommended to use ntp in guest in\n  this case.\n","id":"SUSE-SU-2016:2902-1","modified":"2016-11-24T13:31:19Z","published":"2016-11-24T13:31:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162902-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001151"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002550"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002557"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003878"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003893"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003894"},{"type":"REPORT","url":"https://bugzilla.suse.com/1004702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1004707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1006536"},{"type":"REPORT","url":"https://bugzilla.suse.com/1006538"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007391"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007493"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007494"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007495"},{"type":"REPORT","url":"https://bugzilla.suse.com/998516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7170"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7908"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7909"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8577"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8667"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8669"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8909"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8910"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9106"}],"related":["CVE-2016-7161","CVE-2016-7170","CVE-2016-7908","CVE-2016-7909","CVE-2016-8576","CVE-2016-8577","CVE-2016-8578","CVE-2016-8667","CVE-2016-8669","CVE-2016-8909","CVE-2016-8910","CVE-2016-9101","CVE-2016-9102","CVE-2016-9103","CVE-2016-9104","CVE-2016-9105","CVE-2016-9106"],"summary":"Security update for kvm","upstream":["CVE-2016-7161","CVE-2016-7170","CVE-2016-7908","CVE-2016-7909","CVE-2016-8576","CVE-2016-8577","CVE-2016-8578","CVE-2016-8667","CVE-2016-8669","CVE-2016-8909","CVE-2016-8910","CVE-2016-9101","CVE-2016-9102","CVE-2016-9103","CVE-2016-9104","CVE-2016-9105","CVE-2016-9106"]}