-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0773
                     qemu and qemu-kvm security update
                                20 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu
                   qemu-kvm
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Linux variants
                   KVM
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Access Privileged Data          -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-2894 CVE-2013-4344 

Reference:         ESB-2013.1682
                   ESB-2013.1666
                   ESB-2013.1661

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2932
   http://www.debian.org/security/2014/dsa-2933

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running qemu or qemu-kvm check for an updated version of the 
         software for their operating system.
         
         This bulletin contains two (2) Debian security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2932-1                   security@debian.org
http://www.debian.org/security/                         Giuseppe Iuculano
May 19, 2014                           http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2013-4344 CVE-2014-2894
Debian Bug     : 745157 725944

Several vulnerabilities were discovered in qemu, a fast processor emulator.

CVE-2013-4344

    Buffer overflow in the SCSI implementation in QEMU, 
    when a SCSI controller has more than 256 attached devices, allows
    local users to gain privileges via a small transfer buffer in a
    REPORT LUNS command.

CVE-2014-2894

    Off-by-one error in the cmd_smart function in the smart self test in
    hw/ide/core.c in QEMU allows local users to have
    unspecified impact via a SMART EXECUTE OFFLINE command that triggers
    a buffer underflow and memory corruption.

For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6a+deb7u3.

For the testing distribution (jessie), these problems have been fixed in
version 2.0.0+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 2.0.0+dfsg-1.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlN5008ACgkQNxpp46476aqIiQCggsIrU5Jqv/BZfrF+5I2ocoaG
vTkAoIZTmVAnZn1hc3j5rt03J3ecWguf
=gxqO
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2933-1                   security@debian.org
http://www.debian.org/security/                         Giuseppe Iuculano
May 19, 2014                           http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2013-4344 CVE-2014-2894
Debian Bug     : 745157 725944

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2013-4344

    Buffer overflow in the SCSI implementation in QEMU,
    when a SCSI controller has more than 256 attached devices, allows
    local users to gain privileges via a small transfer buffer in a
    REPORT LUNS command.

CVE-2014-2894

    Off-by-one error in the cmd_smart function in the smart self test in
    hw/ide/core.c in QEMU allows local users to have
    unspecified impact via a SMART EXECUTE OFFLINE command that triggers
    a buffer underflow and memory corruption.

For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6+deb7u3.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlN6BUYACgkQNxpp46476aojCwCZAXKnrPO692P0h2gC8ejL8LUI
jMYAoI4auIQesFeYWeCgBN4LeANJw+ZX
=64eN
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU3r7VhLndAQH1ShLAQIF1g/9GvgZnFMQaRzZ42tQYl7TaMsESJjo5fEK
Dxvd4ANiRxVV/M7y07QWTpDcZiETawv96X/5asebBBnXECgGI+Aa/KxPkcM3XKsU
apDzihoomF0Jj8k6QxuvjhgUNhtoEnaTr69/W5w4Lp94uhaAZtnyqkxC5o/VI23v
Q5UsMgdoccT5/hwzind0W0LhzpMR52g7+00XNSqN7TapDHJvZXNfllXI7Zrt1la0
D4kkHFZkrJ1BDX3H36CfJ+WZfm3HnQj9nos8ikCMdqAJOIQMLrC/jCBkzRYNgHx5
QyDIWqq25Qsc92c6ewzMDC6xV+kdPYSjrcTOd+WXlW/y4t/h43IHaQHPbp7ZrkKR
rUzBXVZmtGTXSQD52lnWO1P0TvVY6uS0fuR4oh5xuCSvBn1n22myyHydJVXDMEC9
Lo0JQstjinVShgeKEYRPYVuanOWal/OYovEVpLjq4kjIXJI7VW5cZ101RY+w89TV
wXvsf4l5v3TjZaD72qf6Gw0msrsdJZwvHl5iUDXyipZhLVAAjYFHO9ITiRqQc5FE
f1XMtFtAIabJSTwyseSOT6zbIU6Ebh7ypV6WYnno0MCoGDy8GrymGZ1D6eFfMlA6
MMv4kiGpHx29HVGekWBu+Hx8SD2ACQ1KtoqMKqU+0OYzZR7uXaVf5lCihdBOmkvr
Ed2rXcVtYss=
=+Dn8
-----END PGP SIGNATURE-----