Advisories ยป MGASA-2015-0310

Updated qemu package fixes security vulnerability

Publication date: 11 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3209 , CVE-2015-3214 , CVE-2015-4037 , CVE-2015-4103 , CVE-2015-4104 , CVE-2015-4105 , CVE-2015-4106 , CVE-2015-5154 , CVE-2015-5745

Description

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET
driver. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user
running the QEMU process (CVE-2015-3209).

Kurt Seifried discovered that QEMU incorrectly handled certain temporary
files. A local attacker could use this issue to cause a denial of service
(CVE-2015-4037).

Jan Beulich discovered that the QEMU Xen code incorrectly restricted write
access to the host MSI message data field. A malicious guest could use
this issue to cause a denial of service (CVE-2015-4103).

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
access to the PCI MSI mask bits. A malicious guest could use this issue to
cause a denial of service (CVE-2015-4104).

Jan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X
error messages. A malicious guest could use this issue to cause a denial
of service (CVE-2015-4105).

Jan Beulich discovered that the QEMU Xen code incorrectly restricted write
access to the PCI config space. A malicious guest could use this issue to
cause a denial of service, obtain sensitive information, or possibly
execute arbitrary code (CVE-2015-4106).

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem
handled I/O buffer access while processing certain ATAPI commands.
A privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest
(CVE-2015-5154).

An out-of-bounds memory access flaw, leading to memory corruption or
possibly an information leak, was found in QEMU's pit_ioport_read()
function. A privileged guest user in a QEMU guest, which had QEMU PIT
emulation enabled, could potentially, in rare cases, use this flaw to
execute arbitrary code on the host with the privileges of the hosting QEMU
process (CVE-2015-3214).

Qemu emulator built with the virtio-serial vmchannel support is vulnerable
to a buffer overflow issue. It could occur while exchanging virtio control
messages between guest & the host. A malicious guest could use this flaw
to corrupt few bytes of Qemu memory area, potentially crashing the Qemu
process (CVE-2015-5745).
                

References

SRPMS

4/core

5/core