Debian Security Advisory
DSA-3361-1 qemu -- security update
- Date Reported:
- 18 Sep 2015
- Affected Packages:
- qemu
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 798101, Bug 799073, Bug 799074.
In Mitre's CVE dictionary: CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855. - More information:
-
Several vulnerabilities were discovered in qemu, a fast processor emulator.
- CVE-2015-5278
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
- CVE-2015-5279
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.
- CVE-2015-6815
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
- CVE-2015-6855
Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u11.
For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u4.
For the testing distribution (stretch), these problems have been fixed in version 1:2.4+dfsg-3 or earlier.
For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-3 or earlier.
We recommend that you upgrade your qemu packages.
- CVE-2015-5278