Home / vulnerabilities Debian Security Advisory 3361-1
Posted on 22 September 2015
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3361-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855
Debian Bug : 798101 799073 799074
Several vulnerabilities were discovered in qemu, a fast processor
emulator.
CVE-2015-5278
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash).
CVE-2015-5279
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw
in the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash), or
potentially to execute arbitrary code on the host with the
privileges of the hosting QEMU process.
CVE-2015-6815
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the e1000 NIC emulation. A privileged guest user could use this flaw
to mount a denial of service (QEMU process crash).
CVE-2015-6855
Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE
subsystem in QEMU occurring while executing IDE's
WIN_READ_NATIVE_MAX command to determine the maximum size of a
drive. A privileged guest user could use this flaw to mount a
denial of service (QEMU process crash).
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u11.
For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u4.
For the testing distribution (stretch), these problems have been fixed
in version 1:2.4+dfsg-3 or earlier.
For the unstable distribution (sid), these problems have been fixed in
version 1:2.4+dfsg-3 or earlier.
We recommend that you upgrade your qemu packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV/G8AAAoJEAVMuPMTQ89EUy8P+gOnG8kS8F8Ns74XfK5u15p1
TwjsPvTR2tYzhhMrpe2a0JchL56ckjIKpcl3Ei7BDXOhDJ98PP8jBE2fJVYNHjkV
+cAkq2PJSb2kQU+F8Vu7y4UfImqLBgFZy8yNNfBOm4xYrSPON6Qg/FA+3wtUzMZy
FaNt5RbXjhpA/9FTTxu5iLpZ2M47QHfSXhdKRheffmMu0qYqG884i94YpHGiZqMK
vvxj1XJWJngtiU4e+koIF04mmKmx6bt8G+zob3mtzHp3BTBCXWx46W6TasbrdlTL
HDZO+x7Gh1Qmdivd1nhmWhQ+PzlsreJI3vXt27BvhgHvDIARhTk552qMU1pTC1Tc
DEup7AGX+vdMVogHsARuaDELq9qakSLhFv/4WwVkjKce7I6YiCwxDsYQ5LgbSwK7
C8aCt+tBsLRDqyutPj4vUd2yL8ttfyUQiQIQ6Prsy0ipgQ/rFWJVYdF+93qMqdaF
27Zy78YUq9rvja402znoK1YA+VT77c9cZ5nyYt42qXID9o2o+y95KgAunZu/Bu7K
chrbvwjkOvY5d2EiAUTeKj25m/YlounwlBUd2DJ7oDz4vVypAjZ2ivkBvbi6Ul1q
iKKAa36E24BZvvd8WKHZxdt1Ozz6UBDwPjvzOxwRc1R5EA+Xrv+uw1vbL+/A5/pK
WtWJPzBssz1iIXWmMgJg
=SSFZ
-----END PGP SIGNATURE-----