Updated qemu packages fixes security vulnerabilities
Publication date: 13 Oct 2015Modification date: 13 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5278 , CVE-2015-5279 , CVE-2015-7295
Description
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the
NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash). (CVE-2015-5278)
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in
the NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash), or potentially to execute
arbitrary code on the host with the privileges of the hosting QEMU
process. (CVE-2015-5279)
A flaw has been discovered in the QEMU emulator built with Virtual Network
Device(virtio-net) support. If the guest's virtio-net driver did not
support big or mergeable receive buffers, an issue could occur while
receiving large packets over the tuntap/ macvtap interfaces. An attacker
on the local network could use this flaw to disable the guest's
networking; the user could send a large number of jumbo frames to the
guest, which could exhaust all receive buffers, and lead to a denial of
service. (CVE-2015-7295)
References
- https://bugs.mageia.org/show_bug.cgi?id=16761
- https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
- http://openwall.com/lists/oss-security/2015/09/18/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5279
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295
SRPMS
5/core
- qemu-2.1.3-2.7.mga5