Debian Security Advisory
DSA-3284-1 qemu -- security update
- Date Reported:
- 13 Jun 2015
- Affected Packages:
- qemu
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 787547, Bug 788460.
In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4037, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106. - More information:
-
Several vulnerabilities were discovered in qemu, a fast processor emulator.
- CVE-2015-3209
Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
- CVE-2015-4037
Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.
- CVE-2015-4103
Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.
- CVE-2015-4104
Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.
- CVE-2015-4105
Jan Beulich of SUSE reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.
- CVE-2015-4106
Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209 and CVE-2015-4037 affect oldstable.
For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 1:2.3+dfsg-6.
We recommend that you upgrade your qemu packages.
- CVE-2015-3209