drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
Name: |
Mehrere Probleme in QEMU |
|
ID: |
DSA-3469-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
Mo, 8. Februar 2016, 22:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1568 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3469-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : qemu CVE ID : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 Debian Bug : 799452 806373 806741 806742 808130 808144 810519 810527 811201
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.
CVE-2015-7295
Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets.
CVE-2015-7504
Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.
CVE-2015-7512
Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.
CVE-2015-8345
Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash).
CVE-2015-8504
Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash).
CVE-2015-8558
Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion).
CVE-2015-8743
Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption.
CVE-2016-1568
Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.
CVE-2016-1714
Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.
CVE-2016-1922
Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash).
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u12.
We recommend that you upgrade your qemu packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCgAGBQJWuOWPAAoJEBC+iYPz1Z1knsoH/3rLXi0kjSWOomCiVUoXRL8O 0m6qofjGHZ2B/7DG2Vkyw1Z94GGD9RF8JEamcPToSzamptrHNa5YNxrlO+Zg7YiD jk7hd13a43PwjTudAjJmJPeDVMCslCl9DGX7GX3RDCN4s925s1PUZOvM6KB9i1HQ IDGCLNaihhHYjCmwc2ACse6ro7yjtSepoflSjqJTSaobgQOgE7mBLjqDyPcPFuqV cwGzvcjsufwwY7V1/l3nK6nRXcCr4t3Zt+KvnQvKBWu+rvpxLeHS8xevHFOZ0z2T 68fbeupSQzaMBmYanwidBcuYjh/eB9qIdICIG7YnQlV1WnfHH9ukEMWpzKzbIWs= =1mhj -----END PGP SIGNATURE-----
|
|
|
|