1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • RE: [SECURITY] [DSA 3361-1] qemu security update (2/2)

    From Kaj Torrkulla@1:229/2 to All on Sat Sep 19 17:20:01 2015
    [continued from previous message]

    <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><div><div style="font-family: Calibri,sans-serif; font-size: 11pt;"><br><br>-- <br>Kaj Torrkulla</div></div><div dir="ltr"><hr><span style="font-family: Calibri,
    sans-serif; font-size: 11pt; font-weight: bold;">From: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:[email protected]">Salvatore Bonaccorso</a></span><br><span style="font-family: Calibri,sans-serif; font-size:
    11pt; font-weight: bold;">Sent: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">‎18.‎9.‎2015 23:15</span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">To: </span><span style="font-
    family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:[email protected]">[email protected]</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Subject: </
    span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">[SECURITY] [DSA 3361-1] qemu security update</span><br><br></div>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA512<br><br>- -------------------------------------------------------------
    ------------<br>Debian Security Advisory DSA-3361-1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [email protected]<br>https://www.debian.org/security/&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
    nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Salvatore Bonaccorso<br>September 18, 2015&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; https://www.
    debian.org/security/faq<br>- -------------------------------------------------------------------------<br><br>Package&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : qemu<br>CVE ID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CVE-2015-5278 CVE-2015-5279
    CVE-2015-6815 CVE-2015-6855<br>Debian Bug&nbsp;&nbsp;&nbsp;&nbsp; : 798101 799073 799074<br><br>Several vulnerabilities were discovered in qemu, a fast processor<br>emulator.<br><br>CVE-2015-5278<br><br>&nbsp;&nbsp;&nbsp; Qinghao Tang of QIHU 360 Inc.
    discovered an infinite loop issue in<br>&nbsp;&nbsp;&nbsp; the NE2000 NIC emulation. A privileged guest user could use this<br>&nbsp;&nbsp;&nbsp; flaw to mount a denial of service (QEMU process crash).<br><br>CVE-2015-5279<br><br>&nbsp;&nbsp;&nbsp;
    Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw<br>&nbsp;&nbsp;&nbsp; in the NE2000 NIC emulation. A privileged guest user could use this<br>&nbsp;&nbsp;&nbsp; flaw to mount a denial of service (QEMU process crash), or<br>&nbsp;&nbsp;
    &nbsp; potentially to execute arbitrary code on the host with the<br>&nbsp;&nbsp;&nbsp; privileges of the hosting QEMU process.<br><br>CVE-2015-6815<br><br>&nbsp;&nbsp;&nbsp; Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in<br>&nbsp;&
    nbsp;&nbsp; the e1000 NIC emulation. A privileged guest user could use this flaw<br>&nbsp;&nbsp;&nbsp; to mount a denial of service (QEMU process crash).<br><br>CVE-2015-6855<br><br>&nbsp;&nbsp;&nbsp; Qinghao Tang of QIHU 360 Inc. discovered a flaw in
    the IDE<br>&nbsp;&nbsp;&nbsp; subsystem in QEMU occurring while executing IDE's<br>&nbsp;&nbsp;&nbsp; WIN_READ_NATIVE_MAX command to determine the maximum size of a<br>&nbsp;&nbsp;&nbsp; drive. A privileged guest user could use this flaw to mount a<br>&
    nbsp;&nbsp;&nbsp; denial of service (QEMU process crash).<br><br>For the oldstable distribution (wheezy), these problems have been fixed<br>in version 1.1.2+dfsg-6a+deb7u11.<br><br>For the stable distribution (jessie), these problems have been fixed in<
    version 1:2.1+dfsg-12+deb8u4.<br><br>For the testing distribution (stretch), these problems have been fixed<br>in version 1:2.4+dfsg-3 or earlier.<br><br>For the unstable distribution (sid), these problems have been fixed in<br>version 1:2.4+dfsg-3 or
    earlier.<br><br>We recommend that you upgrade your qemu packages.<br><br>Further information about Debian Security Advisories, how to apply<br>these updates to your system and frequently asked questions can be<br>found at: https://www.debian.org/security/
    <br><br>Mailing list: [email protected]<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1<br><br>iQIcBAEBCgAGBQJV/G8AAAoJEAVMuPMTQ89EUy8P+gOnG8kS8F8Ns74XfK5u15p1<br>
    TwjsPvTR2tYzhhMrpe2a0JchL56ckjIKpcl3Ei7BDXOhDJ98PP8jBE2fJVYNHjkV<br>+cAkq2PJSb2kQU+F8Vu7y4UfImqLBgFZy8yNNfBOm4xYrSPON6Qg/FA+3wtUzMZy<br>FaNt5RbXjhpA/9FTTxu5iLpZ2M47QHfSXhdKRheffmMu0qYqG884i94YpHGiZqMK<br>vvxj1XJWJngtiU4e+koIF04mmKmx6bt8G+
    zob3mtzHp3BTBCXWx46W6TasbrdlTL<br>HDZO+x7Gh1Qmdivd1nhmWhQ+PzlsreJI3vXt27BvhgHvDIARhTk552qMU1pTC1Tc<br>DEup7AGX+vdMVogHsARuaDELq9qakSLhFv/4WwVkjKce7I6YiCwxDsYQ5LgbSwK7<br>C8aCt+tBsLRDqyutPj4vUd2yL8ttfyUQiQIQ6Prsy0ipgQ/rFWJVYdF+93qMqdaF<br>
    27Zy78YUq9rvja402znoK1YA+VT77c9cZ5nyYt42qXID9o2o+y95KgAunZu/Bu7K<br>chrbvwjkOvY5d2EiAUTeKj25m/YlounwlBUd2DJ7oDz4vVypAjZ2ivkBvbi6Ul1q<br>iKKAa36E24BZvvd8WKHZxdt1Ozz6UBDwPjvzOxwRc1R5EA+Xrv+uw1vbL+/A5/pK<br>WtWJPzBssz1iIXWmMgJg<br>=SSFZ<br>-----END PGP
    SIGNATURE-----<br><br></body></html>

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)