Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2298 qemu and qemu-kvm security updates 3 September 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu qemu-kvm Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-5745 CVE-2015-5225 CVE-2015-5165 CVE-2015-5154 CVE-2015-3214 Reference: ESB-2015.2234 ESB-2015.2219 ESB-2015.2194 ESB-2015.2024 ESB-2015.1970 ESB-2015.1960 Original Bulletin: http://www.debian.org/security/2015/dsa-3348 http://www.debian.org/security/2015/dsa-3349 Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3348-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225 CVE-2015-5745 Debian Bug : 793811 794610 795087 795461 796465 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google's Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5154 Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the IDE subsystem in QEMU while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc discovered a buffer overflow flaw in the VNC display driver leading to heap memory corruption. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-1a. We recommend that you upgrade your qemu packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV5yHbAAoJEAVMuPMTQ89EL2EQAJRkjczhzMQFzfjym14afASB pr7b2Hu/M5i+hyuSr8Pv8G2zuEw2o60ezqcseuG2153hZs/yX0yk8qltwuTdLdMk At2FMs98XiD8xKY4mpCKHSdXcY+Cl7cjmogkcUe84dG4xfT5HUTOpZ7b2Ei22gOr lUmFf5SdG7yhsEk12sne06ArJh7AuDEUa9ltc+cH2+2091itC9DwflRf2y7NmYaf kM47ZBcMfmUxGbMPPxBV19T2L6ts1zTcPKMkE4FynDDsTzqDg5ndz8clBHKRF70x ltEXjTD1gLoJkNFGo2UrnfTHlu8UO5OAx1C1si+rtt8/93ran8IXaOO+u/AssqPU Jzwo2j4zOSLnSMlo722NuneqkneaTQabLM1tROpTOgRTXHmIvG1Uls6Rx5tQOUbZ wMszAC9aRQZiZ32yjUu0cVu7bsSIRzadNPjW3WzljtRGSEPYUg/pLicnAC+Bq6mu MOYllYs3nhybZoQ6NjFrJfA+sCjZuNmDhh5a3QUb/cjckygf2QMN8YBSoPy2khqX y8hTUcrYfmsJo5/rvAkki6kxOJiqK+8+fiw0ARcAOkOIOuP4tcExTwjfNBXtWgR6 ZHZOTA68XdkptRhYnlSfAUkhR06vP6q63k/hjR+7syWu6e9n+4cq/moEdUh+77Xo ULvsd7J2ar7JOVZ9HpWS =QpIk - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3349-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 02, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2015-5165 CVE-2015-5745 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u9. We recommend that you upgrade your qemu-kvm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV5yHRAAoJEAVMuPMTQ89EB2kP/AtJsGcAf37Nthx8tbD6/LUM 6Ou6bDZBoxgFGgtlM9ijK9W1lN9m7UoJBNgOLMGSDha6xCDhUlNk6r/yyR/3bRnh Ij2xbQwFMvbB8IG88I7H62YpZihY7O/9vqSYW/ZIu7tL4DAQNHctGZ1XocUiHh8i Ar/gE8bQSDKpx3XG/ZmlniBjozXEcHPc7WDM5eHU1bekwJ5MlO9S+l7ikAptVWMt fDT7pS1YcGmYftIYtt7MySTHl9F3ThcWBMuY+GeZnF9zQh0N8ltNtvaO87uJ1Oke qSDzPKoIy6Q1Cw6SEVloBASzsB7BFu7q8S7Zx6DKVDrS43JZNnXj7xX3DXtIGvtC yXr+xx15tk8oBVYQpg0kBgZjcU5IXC/zjL8KCzj2Nt8+e1w7ufcdgisp9X91hN5c t/kJmTI8wj0xT0UYCjCfdPLQr1U8ph5fk5coZkt6YVWkWCp1L1fSLDAhkcqM60ql ORZwyM7m3ZtoMRfAKNdJgjTHTyijE8CAsQDGcINEkhqz26gFuaU5TnkD/Ls5z0cc ZwTjXpd1VrCYUB0wkdbXWDtsAIZR4nmxl43Z9lOOXRgCMysakmTGYluFW2ypEhrB fqvXfYzV8assVcLyXnWyq8Ewh7OjX26Y5OlczgxHyBCDp2HK2ragzf93cYJL1v8t 6AheWSuueDqSs2b11Z8J =9NK7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVeej2X6ZAP0PgtI9AQLTXQ/8Cc/AEGWK0XOsAhXQjAFXZUlN9gs/q2Tf l6S9uKg0qHJ5k0Z4CAreB+a8qw19vxUTuD9CxEQUaSDiAJsMu7iYwTrJoO6eX4ad O/YL1Ry5bM7Dfx+OwSSkhnfeC38HCHTJj5yWfrbnzzzZf+1Qsuomc6DdzDvapUo9 c9fGtU+ry7eYdqmfEcTB+DxWrO7pyVB0bVvgrefkVYttEZLxS9e1+RP+ZKUPbo9A h5K5ZWG9dCsfHri2FCSvuSRSOxliQ38TfExefiUb3zbpKnkm4eVFqy0Vzy4iTSrg PdYayAxm70JtWl6M72XWkPgQWnT1QJ3ZoihNBugTeHKMwbFOIv4uUV6nZ0Oaf3Dt Jmqbs8Wl4UHMN+QpZKKj+N2sb4YxbJDzeBAG3xOlw5cq6nqSifpiVlKDBi5zr2JX gUaig/IHmUNyxKZUSNWtlS+/SIr5v6h3xMyz/tO0hds3pGomSUsZlPny2xAvWUhz JVQt9wrmw4HsqL+P/1oe9F3OnSBfWPqJMpQ/Ep0SGRQALQTaPtsL/jsikbd+Rt5N K9VyH3SEVBX2xHmuCxq8RZVdK5xlZQe9jZFkFvKdA+jAun+1wMPVRD4fX5C5nRbk HzYuEtxJ2L7uAAZvZkOhfLMXt2PzrEOZIFS0HhFBBvGFuvBvAokjBgbDcdwKhIWD 5OIMARRJgeU= =vUQX -----END PGP SIGNATURE-----