Debian: DSA-3284-1: qemu security update

    Date12 Jun 2015
    CategoryDebian
    152
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3209
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3284-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    June 13, 2015                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : qemu
    CVE ID         : CVE-2015-3209 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104
                     CVE-2015-4105 CVE-2015-4106
    Debian Bug     : 787547 788460
    
    Several vulnerabilities were discovered in qemu, a fast processor
    emulator.
    
    CVE-2015-3209
    
        Matt Tait of Google's Project Zero security team discovered a flaw
        in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD
        packets with a length above 4096 bytes. A privileged guest user in a
        guest with an AMD PCNet ethernet card enabled can potentially use
        this flaw to execute arbitrary code on the host with the privileges
        of the hosting QEMU process.
    
    CVE-2015-4037
    
        Kurt Seifried of Red Hat Product Security discovered that QEMU's
        user mode networking stack uses predictable temporary file names
        when the -smb option is used. An unprivileged user can use this flaw
        to cause a denial of service.
    
    CVE-2015-4103
    
        Jan Beulich of SUSE discovered that the QEMU Xen code does not
        properly restrict write access to the host MSI message data field,
        allowing a malicious guest to cause a denial of service.
    
    CVE-2015-4104
    
        Jan Beulich of SUSE discovered that the QEMU Xen code does not
        properly restrict access to PCI MSI mask bits, allowing a malicious
        guest to cause a denial of service.
    
    CVE-2015-4105
    
        Jan Beulich of SUSE reported that the QEMU Xen code enables
        logging for PCI MSI-X pass-through error messages, allowing a
        malicious guest to cause a denial of service.
    
    CVE-2015-4106
    
        Jan Beulich of SUSE discovered that the QEMU Xen code does not
        properly restrict write access to the PCI config space for certain
        PCI pass-through devices, allowing a malicious guest to cause a
        denial of service, obtain sensitive information or potentially
        execute arbitrary code.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209 and CVE-2015-4037
    affect oldstable.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 1:2.1+dfsg-12+deb8u1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1:2.3+dfsg-6.
    
    We recommend that you upgrade your qemu packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.