Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 24: 2016-21549 High: qemu Memory Leak And Denial of Service

fedora
Calendar Grey September 24, 2015
Dist Fedora Esm H88
Thorough enhancement resolving major flaws in Fedora 23's qemu, avoiding endless cycles and buffer overflows.
* CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855: ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263...

Summary

QEMU is a generic and open source processor emulator which achieves a good

emulation speed by using dynamic translation. QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system (for

example a PC), including a processor and various peripherials. It can be

used to launch different Operating Systems without rebooting the PC or

to debug system code.

* User mode emulation. In this mode, QEMU can launch Linux processes compiled

for one CPU on another CPU.

As QEMU requires no host kernel patches to run, it is safe and easy to use.

Update Information:

* CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855: ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287) ---- Fix emulation of various instructions, required by libm in F22 ppc64 guests.

Topics%20covered

Topics Covered

security advisory critical issue Fedora heap overflow infinite loop qemu processor emulator

Change Log

References


[ 1 ] Bug #1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256672 [ 2 ] Bug #1260076 - CVE-2015-6815 qemu: net: e1000: infinite loop issue https://bugzilla.redhat.com/show_bug.cgi?id=1260076 [ 3 ] Bug #1260080 - CVE-2015-6855 Qemu: ide: divide by zero issue https://bugzilla.redhat.com/show_bug.cgi?id=1260080 [ 4 ] Bug #1256661 - CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256661

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update qemu' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: qemu
Product: Fedora 23
Version: 2.4.0
Release: 4.fc23
URL: https://www.qemu.org/
Summary: QEMU is a FAST! processor emulator

Topics%20covered

Topics Covered

security advisory critical issue Fedora heap overflow infinite loop qemu processor emulator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here