Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Debian 8: DLA-1599-1 Critical: QEMU Denial of Service Flaws

debian lts
Calendar Grey November 30, 2018
Dist Debian Esm H88
Enhance your QEMU installations promptly. Various weaknesses manifest, featuring denial of service issues and buffer overflow risks that have been disclosed.
Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2016-2391

Summary

CVE-2016-2391

Zuozhi Fzz discovered that eof_times in USB OHCI emulation support
could be used to cause a denial of service, via a null pointer
dereference.

CVE-2016-2392 / CVE-2016-2538

Qinghao Tang found a NULL pointer dereference and multiple integer
overflows in the USB Net device support that could allow local guest
OS administrators to cause a denial of service. These issues related
to remote NDIS control message handling.

CVE-2016-2841

Yang Hongke reported an infinite loop vulnerability in the NE2000 NIC
emulation support.

CVE-2016-2857

Liu Ling found a flaw in QEMU IP checksum routines. Attackers could
take advantage of this issue to cause QEMU to crash.

CVE-2016-2858

Arbitrary stack based allocation in the Pseudo Random Number Generator
(PRNG) back-end support.

CVE-2016-4001 / CVE-2016-4002

Oleksandr Bazhaniuk reported buffer overflows in the Stellaris and the
MIPSnet ethernet controllers emulation. Remote malicious users could

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: qemu
Version: 1:2.1+dfsg-12+deb8u8
CVE ID: CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841
Debian Bug: 815008 815009 815680 817181 817182 817183 821038 821061

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.