Updated qemu packages fix security vulnerabilities
Publication date: 15 Sep 2015Modification date: 15 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5165 , CVE-2015-5225 , CVE-2015-6815 , CVE-2015-6855
Description
Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165). Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in the VNC display driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process (CVE-2015-5225). - Mageia 5 only Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815). Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6855).
References
- https://bugs.mageia.org/show_bug.cgi?id=16604
- https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html
- http://www.ubuntu.com/usn/usn-2724-1/
- http://openwall.com/lists/oss-security/2015/09/05/5
- http://openwall.com/lists/oss-security/2015/09/10/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855
SRPMS
5/core
- qemu-2.1.3-2.6.mga5