1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3348-1] qemu security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Sep 2 18:30:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3348-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : qemu
    CVE ID : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225
    CVE-2015-5745
    Debian Bug : 793811 794610 795087 795461 796465

    Several vulnerabilities were discovered in qemu, a fast processor
    emulator.

    CVE-2015-3214

    Matt Tait of Google's Project Zero security team discovered a flaw
    in the QEMU i8254 PIT emulation. A privileged guest user in a guest
    with QEMU PIT emulation enabled could potentially use this flaw to
    execute arbitrary code on the host with the privileges of the
    hosting QEMU process.

    CVE-2015-5154

    Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
    IDE subsystem in QEMU while processing certain ATAPI commands. A
    privileged guest user in a guest with the CDROM drive enabled could
    potentially use this flaw to execute arbitrary code on the host with
    the privileges of the hosting QEMU process.

    CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

    CVE-2015-5225

    Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc
    discovered a buffer overflow flaw in the VNC display driver leading
    to heap memory corruption. A privileged guest user could use this
    flaw to mount a denial of service (QEMU process crash), or
    potentially to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

    CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only
    affected by CVE-2015-5165 and CVE-2015-5745.

    For the stable distribution (jessie), these problems have been fixed in
    version 1:2.1+dfsg-12+deb8u2.

    For the unstable distribution (sid), these problems have been fixed in
    version 1:2.4+dfsg-1a.

    We recommend that you upgrade your qemu packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJV5yHbAAoJEAVMuPMTQ89EL2EQAJRkjczhzMQFzfjym14afASB pr7b2Hu/M5i+hyuSr8Pv8G2zuEw2o60ezqcseuG2153hZs/yX0yk8qltwuTdLdMk At2FMs98XiD8xKY4mpCKHSdXcY+Cl7cjmogkcUe84dG4xfT5HUTOpZ7b2Ei22gOr lUmFf5SdG7yhsEk12sne06ArJh7AuDEUa9ltc+cH2+2091itC9DwflRf2y7NmYaf kM47ZBcMfmUxGbMPPxBV19T2L6ts1zTcPKMkE4FynDDsTzqDg5ndz8clBHKRF70x ltEXjTD1gLoJkNFGo2UrnfTHlu8UO5OAx1C1si+rtt8/93ran8IXaOO+u/AssqPU Jzwo2j4zOSLnSMlo722NuneqkneaTQabLM1tROpTOgRTXHmIvG1Uls6Rx5tQOUbZ wMszAC9aRQZiZ32yjUu0cVu7bsSIRzadNPjW3WzljtRGSEPYUg/pLicnAC+Bq6mu MOYllYs3nhybZoQ6NjFrJfA+sCjZuNmDhh5a3QUb/cjckygf2QMN8YBSoPy2khqX y8hTUcrYfmsJo5/rvAkki6kxOJiqK+8+fiw0ARcAOkOIOuP4tcExTwjfNBXtWgR6 ZHZOTA68XdkptRhYnlSfAUkhR06vP6q63k/hjR+7syWu6e9n+4cq/moEdUh+77Xo ULvsd7J2ar7JOVZ9HpWS
    =QpIk
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)