Debian: DSA-3471-1: qemu security update

    Date08 Feb 2016
    CategoryDebian
    101
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3471-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                       Sebastien Delafond
    February 08, 2016                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : qemu
    CVE ID         : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 
                     CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981
    Debian Bug     : 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201 812307 809237 809237
    
    Several vulnerabilities were discovered in qemu, a full virtualization
    solution on x86 hardware.
    
    CVE-2015-7295
    
        Jason Wang of Red Hat Inc. discovered that the Virtual Network
        Device support is vulnerable to denial-of-service, that could
        occur when receiving large packets.
    
    CVE-2015-7504
    
        Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
        discovered that the PC-Net II ethernet controller is vulnerable to
        a heap-based buffer overflow that could result in
        denial-of-service (via application crash) or arbitrary code
        execution.
    
    CVE-2015-7512
    
        Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.
        discovered that the PC-Net II ethernet controller is vulnerable to
        a buffer overflow that could result in denial-of-service (via
        application crash) or arbitrary code execution.
    
    CVE-2015-7549
    
        Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360
        Inc. discovered that the PCI MSI-X emulator is vulnerable to a
        null pointer dereference issue, that could lead to
        denial-of-service (via application crash).
    
    CVE-2015-8345
    
        Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100
        emulator contains a flaw that could lead to an infinite loop when
        processing Command Blocks, eventually resulting in
        denial-of-service (via application crash).
    
    CVE-2015-8504
    
        Lian Yihan of Qihoo 360 Inc. discovered that the VNC display
        driver support is vulnerable to an arithmetic exception flaw that
        could lead to denial-of-service (via application crash).
    
    CVE-2015-8550
    
        Felix Wilhelm of ERNW Research that the PV backend drivers are
        vulnerable to double fetch vulnerabilities, possibly resulting in
        arbitrary code execution.
    
    CVE-2015-8558
    
        Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI
        emulation support contains a flaw that could lead to an infinite
        loop during communication between the host controller and a device
        driver. This could lead to denial-of-service (via resource
        exhaustion).
    
    CVE-2015-8567 CVE-2015-8568
    
        Qinghao Tang of Qihoo 360 Inc. discovered that the vmxnet3 device
        emulator could be used to intentionally leak host memory, thus
        resulting in denial-of-service.
    
    CVE-2015-8613
    
        Qinghao Tang of Qihoo 360 Inc. discovered that the SCSI MegaRAID
        SAS HBA emulation support is vulnerable to a stack-based buffer
        overflow issue, that could lead to denial-of-service (via
        application crash).
    
    CVE-2015-8619
    
        Ling Liu of Qihoo 360 Inc. discovered that the Human Monitor
        Interface support is vulnerable to an out-of-bound write access
        issue that could result in denial-of-service (via application
        crash).
    
    CVE-2015-8743
    
        Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is
        vulnerable to an out-of-bound read/write access issue, potentially
        resulting in information leak or memory corruption.
    
    CVE-2015-8744
    
       The vmxnet3 driver incorrectly processes small packets, which could
       result in denial-of-service (via application crash).
    
    CVE-2015-8745
    
       The vmxnet3 driver incorrectly processes Interrupt Mask Registers,
       which could result in denial-of-service (via application crash).
    
    CVE-2016-1568
    
        Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI
        emulation support is vulnerable to a use-after-free issue, that
        could lead to denial-of-service (via application crash) or
        arbitrary code execution.
    
    CVE-2016-1714
    
        Donghai Zhu of Alibaba discovered that the Firmware Configuration
        emulation support is vulnerable to an out-of-bound read/write
        access issue, that could lead to denial-of-service (via
        application crash) or arbitrary code execution.
    
    CVE-2016-1922
    
        Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests
        support is vulnerable to a null pointer dereference issue, that
        could lead to denial-of-service (via application crash).
    
    CVE-2016-1981
    
        The e1000 driver is vulnerable to an infinite loop issue that
        could lead to denial-of-service (via application crash).
    
    For the stable distribution (jessie), these problems have been fixed in
    version 1:2.1+dfsg-12+deb8u5a.
    
    We recommend that you upgrade your qemu packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.