1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3349-1] qemu-kvm security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Sep 2 18:30:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3349-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : qemu-kvm
    CVE ID : CVE-2015-5165 CVE-2015-5745

    Several vulnerabilities were discovered in qemu-kvm, a full
    virtualization solution on x86 hardware.

    CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

    CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 1.1.2+dfsg-6+deb7u9.

    We recommend that you upgrade your qemu-kvm packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJV5yHRAAoJEAVMuPMTQ89EB2kP/AtJsGcAf37Nthx8tbD6/LUM 6Ou6bDZBoxgFGgtlM9ijK9W1lN9m7UoJBNgOLMGSDha6xCDhUlNk6r/yyR/3bRnh Ij2xbQwFMvbB8IG88I7H62YpZihY7O/9vqSYW/ZIu7tL4DAQNHctGZ1XocUiHh8i Ar/gE8bQSDKpx3XG/ZmlniBjozXEcHPc7WDM5eHU1bekwJ5MlO9S+l7ikAptVWMt fDT7pS1YcGmYftIYtt7MySTHl9F3ThcWBMuY+GeZnF9zQh0N8ltNtvaO87uJ1Oke qSDzPKoIy6Q1Cw6SEVloBASzsB7BFu7q8S7Zx6DKVDrS43JZNnXj7xX3DXtIGvtC yXr+xx15tk8oBVYQpg0kBgZjcU5IXC/zjL8KCzj2Nt8+e1w7ufcdgisp9X91hN5c t/kJmTI8wj0xT0UYCjCfdPLQr1U8ph5fk5coZkt6YVWkWCp1L1fSLDAhkcqM60ql ORZwyM7m3ZtoMRfAKNdJgjTHTyijE8CAsQDGcINEkhqz26gFuaU5TnkD/Ls5z0cc ZwTjXpd1VrCYUB0wkdbXWDtsAIZR4nmxl43Z9lOOXRgCMysakmTGYluFW2ypEhrB fqvXfYzV8assVcLyXnWyq8Ewh7OjX26Y5OlczgxHyBCDp2HK2ragzf93cYJL1v8t 6AheWSuueDqSs2b11Z8J
    =9NK7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)