Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Debian: DSA-3470-1 Critical: Multiple Qemu-Kvm Denial Of Service Issues

debian
Calendar Grey February 8, 2016
Scroller Debian
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware

Summary

CVE-2015-7295

Jason Wang of Red Hat Inc. discovered that the Virtual Network
Device support is vulnerable to denial-of-service (via resource
exhaustion), that could occur when receiving large packets.

CVE-2015-7504

Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
discovered that the PC-Net II ethernet controller is vulnerable to
a heap-based buffer overflow that could result in
denial-of-service (via application crash) or arbitrary code
execution.

CVE-2015-7512

Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.
discovered that the PC-Net II ethernet controller is vulnerable to
a buffer overflow that could result in denial-of-service (via
application crash) or arbitrary code execution.

CVE-2015-8345

Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100
emulator contains a flaw that could lead to an infinite loop when
processing Command Blocks, eventually resulting in
denial-of-service (via application crash).

CVE-2...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: qemu-kvm
CVE ID: CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.