Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Debian: DSA-3361-1 Moderate: qemu Denial Of Service Issues

debian
Calendar Grey September 18, 2015
Debian Logo
Enhance your qemu installations to address security threats stemming from various weaknesses in Ubuntu.
Several vulnerabilities were discovered in qemu, a fast processor emulator

Summary

CVE-2015-5278

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash).

CVE-2015-5279

Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw
in the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash), or
potentially to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2015-6815

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the e1000 NIC emulation. A privileged guest user could use this flaw
to mount a denial of service (QEMU process crash).

CVE-2015-6855

Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE
subsystem in QEMU occurring while executing IDE's
WIN_READ_NATIVE_MAX command to determine the maximum size of a
drive. A privileged guest user could use this flaw to mou...

Read the Full Advisory

Package: qemu
CVE ID: CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.