Security Information / 2015 / Security Information -- DSA-3362-1 qemu-kvm

Debian Security Advisory

DSA-3362-1 qemu-kvm -- security update

Date Reported:

18 Sep 2015

Affected Packages:

qemu-kvm

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855.

More information:

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

• CVE-2015-5278

  Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

• CVE-2015-5279

  Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.

• CVE-2015-6815

  Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

• CVE-2015-6855

  Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u11.

We recommend that you upgrade your qemu-kvm packages.