[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2016:2879-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":56,"duplicates":57,"related":58,"reserved_at":9,"published_at":80,"modified_at":81,"state":9,"summary":82,"references_raw":84,"kevs":285,"epss":9,"epss_history":286,"metrics":287,"affected":288},"SUSE-SU-2016:2879-1","Security update for qemu\n\nThis update for qemu to version 2.6.2 fixes the several issues.\n\nThese security issues were fixed:\n- CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet (bsc#1001151).\n- CVE-2016-7170: OOB stack memory access when processing svga command (bsc#998516).\n- CVE-2016-7466: xhci memory leakage during device unplug (bsc#1000345).\n- CVE-2016-7422: NULL pointer dereference in virtqueu_map_desc (bsc#1000346).\n- CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1002550).\n- CVE-2016-7995: Memory leak in ehci_process_itd (bsc#1003612).\n- CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1003878).\n- CVE-2016-8578: The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation (bsc#1003894).\n- CVE-2016-9105: Memory leakage in v9fs_link (bsc#1007494).\n- CVE-2016-8577: Memory leak in the v9fs_read function in hw/9pfs/9p.c allowed local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation (bsc#1003893).\n- CVE-2016-9106: Memory leakage in v9fs_write (bsc#1007495).\n- CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1004707).\n- CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002557).\n- CVE-2016-9101: eepro100 memory leakage whern unplugging a device (bsc#1007391).\n- CVE-2016-8668: The rocker_io_writel function in hw/net/rocker/rocker.c allowed local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size (bsc#1004706).\n- CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1006538).\n- CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1006536).\n- CVE-2016-7994: Memory leak in virtio_gpu_resource_create_2d (bsc#1003613).\n- CVE-2016-9104: Integer overflow leading to OOB access in 9pfs (bsc#1007493).\n- CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1004702).\n- CVE-2016-7907: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002549).\n\nThese non-security issues were fixed:\n- Change kvm-supported.txt to be per-architecture documentation, stored in the\n  package documentation directory of each per-arch package (bsc#1005353).\n- Update support doc to include current ARM64 (AArch64) support stance (bsc#1005374).\n- Fix migration failure when snapshot also has been done (bsc#1008148).\n- Change package post script udevadm trigger calls to be device specific (bsc#1002116).\n- Add qmp-commands.txt documentation file back in. It was inadvertently dropped.\n- Add an x86 cpu option (l3-cache) to specify that an L3 cache is present and\n  another option (cpuid-0xb) to enable the cpuid 0xb leaf (bsc#1007769).\n\nFor Leap 42.2 this update also enabled the smartcard support (bsc#1007263).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54],{"_key":15},"CVE-2016-7161",{"_key":17},"CVE-2016-7170",{"_key":19},"CVE-2016-7422",{"_key":21},"CVE-2016-7466",{"_key":23},"CVE-2016-7907",{"_key":25},"CVE-2016-7908",{"_key":27},"CVE-2016-7909",{"_key":29},"CVE-2016-7994",{"_key":31},"CVE-2016-7995",{"_key":33},"CVE-2016-8576",{"_key":35},"CVE-2016-8577",{"_key":37},"CVE-2016-8578",{"_key":39},"CVE-2016-8667",{"_key":41},"CVE-2016-8668",{"_key":43},"CVE-2016-8669",{"_key":45},"CVE-2016-8909",{"_key":47},"CVE-2016-8910",{"_key":49},"CVE-2016-9101",{"_key":51},"CVE-2016-9104",{"_key":53},"CVE-2016-9105",{"_key":55},"CVE-2016-9106",[],[],[59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},"2016-11-22T14:26:40Z","2026-02-04T04:14:51.939445Z",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[85,91,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,205,209,213,217,221,225,229,233,237,241,245,249,253,257,261,265,269,273,277,281],{"url":86,"sources":87,"tags":89},"https://www.suse.com/support/update/announcement/2016/suse-su-20162879-1/",[88],"osv_suse",[90],"Advisory",{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1000345",[88],[95],"REPORT",{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1000346",[88],[95],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1001151",[88],[95],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1002116",[88],[95],{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1002549",[88],[95],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1002550",[88],[95],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1002557",[88],[95],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1003612",[88],[95],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1003613",[88],[95],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1003878",[88],[95],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1003893",[88],[95],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1003894",[88],[95],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1004702",[88],[95],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1004706",[88],[95],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1004707",[88],[95],{"url":153,"sources":154,"tags":155},"https://bugzilla.suse.com/1005353",[88],[95],{"url":157,"sources":158,"tags":159},"https://bugzilla.suse.com/1005374",[88],[95],{"url":161,"sources":162,"tags":163},"https://bugzilla.suse.com/1006536",[88],[95],{"url":165,"sources":166,"tags":167},"https://bugzilla.suse.com/1006538",[88],[95],{"url":169,"sources":170,"tags":171},"https://bugzilla.suse.com/1007263",[88],[95],{"url":173,"sources":174,"tags":175},"https://bugzilla.suse.com/1007391",[88],[95],{"url":177,"sources":178,"tags":179},"https://bugzilla.suse.com/1007493",[88],[95],{"url":181,"sources":182,"tags":183},"https://bugzilla.suse.com/1007494",[88],[95],{"url":185,"sources":186,"tags":187},"https://bugzilla.suse.com/1007495",[88],[95],{"url":189,"sources":190,"tags":191},"https://bugzilla.suse.com/1007769",[88],[95],{"url":193,"sources":194,"tags":195},"https://bugzilla.suse.com/1008148",[88],[95],{"url":197,"sources":198,"tags":199},"https://bugzilla.suse.com/998516",[88],[95],{"url":201,"sources":202,"tags":203},"https://www.suse.com/security/cve/CVE-2016-7161",[88],[204],"WEB",{"url":206,"sources":207,"tags":208},"https://www.suse.com/security/cve/CVE-2016-7170",[88],[204],{"url":210,"sources":211,"tags":212},"https://www.suse.com/security/cve/CVE-2016-7422",[88],[204],{"url":214,"sources":215,"tags":216},"https://www.suse.com/security/cve/CVE-2016-7466",[88],[204],{"url":218,"sources":219,"tags":220},"https://www.suse.com/security/cve/CVE-2016-7907",[88],[204],{"url":222,"sources":223,"tags":224},"https://www.suse.com/security/cve/CVE-2016-7908",[88],[204],{"url":226,"sources":227,"tags":228},"https://www.suse.com/security/cve/CVE-2016-7909",[88],[204],{"url":230,"sources":231,"tags":232},"https://www.suse.com/security/cve/CVE-2016-7994",[88],[204],{"url":234,"sources":235,"tags":236},"https://www.suse.com/security/cve/CVE-2016-7995",[88],[204],{"url":238,"sources":239,"tags":240},"https://www.suse.com/security/cve/CVE-2016-8576",[88],[204],{"url":242,"sources":243,"tags":244},"https://www.suse.com/security/cve/CVE-2016-8577",[88],[204],{"url":246,"sources":247,"tags":248},"https://www.suse.com/security/cve/CVE-2016-8578",[88],[204],{"url":250,"sources":251,"tags":252},"https://www.suse.com/security/cve/CVE-2016-8667",[88],[204],{"url":254,"sources":255,"tags":256},"https://www.suse.com/security/cve/CVE-2016-8668",[88],[204],{"url":258,"sources":259,"tags":260},"https://www.suse.com/security/cve/CVE-2016-8669",[88],[204],{"url":262,"sources":263,"tags":264},"https://www.suse.com/security/cve/CVE-2016-8909",[88],[204],{"url":266,"sources":267,"tags":268},"https://www.suse.com/security/cve/CVE-2016-8910",[88],[204],{"url":270,"sources":271,"tags":272},"https://www.suse.com/security/cve/CVE-2016-9101",[88],[204],{"url":274,"sources":275,"tags":276},"https://www.suse.com/security/cve/CVE-2016-9104",[88],[204],{"url":278,"sources":279,"tags":280},"https://www.suse.com/security/cve/CVE-2016-9105",[88],[204],{"url":282,"sources":283,"tags":284},"https://www.suse.com/security/cve/CVE-2016-9106",[88],[204],[],[],[],[289,302,306,310],{"ecosystem":290,"name":291,"vendor":292,"product":293,"cpe_part":9,"purl_type":294,"purl_namespace":292,"purl_name":293,"source":9,"versions":295},"SUSE Linux Enterprise","qemu","suse","qemu&distro=SUSE Linux Enterprise Desktop 12 SP2","rpm",[296],{"version":297,"is_range":298,"range_type":299,"version_start":9,"version_start_type":9,"version_end":300,"version_end_type":301,"fixed_in":9},"lt2_6_2_31_2",true,"ecosystem","2.6.2-31.2","excluding",{"ecosystem":290,"name":291,"vendor":292,"product":303,"cpe_part":9,"purl_type":294,"purl_namespace":292,"purl_name":303,"source":9,"versions":304},"qemu&distro=SUSE Linux Enterprise Server 12 SP2",[305],{"version":297,"is_range":298,"range_type":299,"version_start":9,"version_start_type":9,"version_end":300,"version_end_type":301,"fixed_in":9},{"ecosystem":290,"name":291,"vendor":292,"product":307,"cpe_part":9,"purl_type":294,"purl_namespace":292,"purl_name":307,"source":9,"versions":308},"qemu&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",[309],{"version":297,"is_range":298,"range_type":299,"version_start":9,"version_start_type":9,"version_end":300,"version_end_type":301,"fixed_in":9},{"ecosystem":290,"name":291,"vendor":292,"product":311,"cpe_part":9,"purl_type":294,"purl_namespace":292,"purl_name":311,"source":9,"versions":312},"qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2",[313],{"version":297,"is_range":298,"range_type":299,"version_start":9,"version_start_type":9,"version_end":300,"version_end_type":301,"fixed_in":9}]