drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in qemu
Name: |
Mehrere Probleme in qemu |
|
ID: |
DSA-3362-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
Sa, 19. September 2015, 08:57 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3362-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : qemu-kvm CVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
CVE-2015-5278
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
CVE-2015-5279
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.
CVE-2015-6815
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
CVE-2015-6855
Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u11.
We recommend that you upgrade your qemu-kvm packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJV/G8LAAoJEAVMuPMTQ89EBW0P/R+Gc/di08JOEyai7DregXfn NDss2LyL4xI2v5VVEhgCYpY3WA8DOi2bc3UqgmzMAEwAhpUTkhtc2NX1wQU/rba1 Lf44lBPPuUKP/nYcz1CSn0xQHTGla7R0qpgYetdLDwSiN4rnHIDreSpSVWXh4R3H NrAf5pIRPmnOGRuNkx907ptZ9SD26we1fcpZaKv43kjnmlmrul1OEgYdrbXw+qQc xT36dZSSxq3bfpiKQFAWwNt/Jp+2CaNysVJyBIGM2PZ1H33IQtwcr0ub06sZOQIU btOgVmICIMXtZF0/OcxusOkS8t097tBM/v+f+WrwG17Y46QomD0gK0f2tYq5MW8U PbWmZem0Lkv+EThTDCay1DR060YhUmaKHG6PHgJMRSAzGK9ElMxHNuJUdjwJQjgI cvfJK0Z6GGhx3x+1BOMNwU877JLlFJhkPVN2CpP8NYNxT0Sk5ripvioUI11p2ZjC IiOgitLApZmI9IQ9AZWulriNf5sMIZyAgyVfebZ1vIjd8M/XQiTdmGkAFgGDodni DNdY4x8/efFRTqfaKC0XnE5m8LO1qX1YwyaCBIM9Ky+e6k2HpbEbrqPdx+HXr+WN WkytBnj7REnQMK0JDC/iU5SvlqVj8OOwKyyEVmtF9rtZIbWWKdE64FKuWhTZPpGB r7Q3etxkoWtKMowCVOrA =c8Zw -----END PGP SIGNATURE-----
|
|
|
|