-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2298
                    qemu and qemu-kvm security updates
                             3 September 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu
                   qemu-kvm
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-5745 CVE-2015-5225 CVE-2015-5165
                   CVE-2015-5154 CVE-2015-3214 

Reference:         ESB-2015.2234
                   ESB-2015.2219
                   ESB-2015.2194
                   ESB-2015.2024
                   ESB-2015.1970
                   ESB-2015.1960

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3348
   http://www.debian.org/security/2015/dsa-3349

Comment: This bulletin contains two (2) Debian security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3348-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 02, 2015                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225 
                 CVE-2015-5745
Debian Bug     : 793811 794610 795087 795461 796465

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2015-3214

    Matt Tait of Google's Project Zero security team discovered a flaw
    in the QEMU i8254 PIT emulation. A privileged guest user in a guest
    with QEMU PIT emulation enabled could potentially use this flaw to
    execute arbitrary code on the host with the privileges of the
    hosting QEMU process.

CVE-2015-5154

    Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
    IDE subsystem in QEMU while processing certain ATAPI commands. A
    privileged guest user in a guest with the CDROM drive enabled could
    potentially use this flaw to execute arbitrary code on the host with
    the privileges of the hosting QEMU process.

CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

CVE-2015-5225

    Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc
    discovered a buffer overflow flaw in the VNC display driver leading
    to heap memory corruption. A privileged guest user could use this
    flaw to mount a denial of service (QEMU process crash), or
    potentially to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only
affected by CVE-2015-5165 and CVE-2015-5745.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 1:2.4+dfsg-1a.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV5yHbAAoJEAVMuPMTQ89EL2EQAJRkjczhzMQFzfjym14afASB
pr7b2Hu/M5i+hyuSr8Pv8G2zuEw2o60ezqcseuG2153hZs/yX0yk8qltwuTdLdMk
At2FMs98XiD8xKY4mpCKHSdXcY+Cl7cjmogkcUe84dG4xfT5HUTOpZ7b2Ei22gOr
lUmFf5SdG7yhsEk12sne06ArJh7AuDEUa9ltc+cH2+2091itC9DwflRf2y7NmYaf
kM47ZBcMfmUxGbMPPxBV19T2L6ts1zTcPKMkE4FynDDsTzqDg5ndz8clBHKRF70x
ltEXjTD1gLoJkNFGo2UrnfTHlu8UO5OAx1C1si+rtt8/93ran8IXaOO+u/AssqPU
Jzwo2j4zOSLnSMlo722NuneqkneaTQabLM1tROpTOgRTXHmIvG1Uls6Rx5tQOUbZ
wMszAC9aRQZiZ32yjUu0cVu7bsSIRzadNPjW3WzljtRGSEPYUg/pLicnAC+Bq6mu
MOYllYs3nhybZoQ6NjFrJfA+sCjZuNmDhh5a3QUb/cjckygf2QMN8YBSoPy2khqX
y8hTUcrYfmsJo5/rvAkki6kxOJiqK+8+fiw0ARcAOkOIOuP4tcExTwjfNBXtWgR6
ZHZOTA68XdkptRhYnlSfAUkhR06vP6q63k/hjR+7syWu6e9n+4cq/moEdUh+77Xo
ULvsd7J2ar7JOVZ9HpWS
=QpIk
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3349-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 02, 2015                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2015-5165 CVE-2015-5745

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u9.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV5yHRAAoJEAVMuPMTQ89EB2kP/AtJsGcAf37Nthx8tbD6/LUM
6Ou6bDZBoxgFGgtlM9ijK9W1lN9m7UoJBNgOLMGSDha6xCDhUlNk6r/yyR/3bRnh
Ij2xbQwFMvbB8IG88I7H62YpZihY7O/9vqSYW/ZIu7tL4DAQNHctGZ1XocUiHh8i
Ar/gE8bQSDKpx3XG/ZmlniBjozXEcHPc7WDM5eHU1bekwJ5MlO9S+l7ikAptVWMt
fDT7pS1YcGmYftIYtt7MySTHl9F3ThcWBMuY+GeZnF9zQh0N8ltNtvaO87uJ1Oke
qSDzPKoIy6Q1Cw6SEVloBASzsB7BFu7q8S7Zx6DKVDrS43JZNnXj7xX3DXtIGvtC
yXr+xx15tk8oBVYQpg0kBgZjcU5IXC/zjL8KCzj2Nt8+e1w7ufcdgisp9X91hN5c
t/kJmTI8wj0xT0UYCjCfdPLQr1U8ph5fk5coZkt6YVWkWCp1L1fSLDAhkcqM60ql
ORZwyM7m3ZtoMRfAKNdJgjTHTyijE8CAsQDGcINEkhqz26gFuaU5TnkD/Ls5z0cc
ZwTjXpd1VrCYUB0wkdbXWDtsAIZR4nmxl43Z9lOOXRgCMysakmTGYluFW2ypEhrB
fqvXfYzV8assVcLyXnWyq8Ewh7OjX26Y5OlczgxHyBCDp2HK2ragzf93cYJL1v8t
6AheWSuueDqSs2b11Z8J
=9NK7
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVeej2X6ZAP0PgtI9AQLTXQ/8Cc/AEGWK0XOsAhXQjAFXZUlN9gs/q2Tf
l6S9uKg0qHJ5k0Z4CAreB+a8qw19vxUTuD9CxEQUaSDiAJsMu7iYwTrJoO6eX4ad
O/YL1Ry5bM7Dfx+OwSSkhnfeC38HCHTJj5yWfrbnzzzZf+1Qsuomc6DdzDvapUo9
c9fGtU+ry7eYdqmfEcTB+DxWrO7pyVB0bVvgrefkVYttEZLxS9e1+RP+ZKUPbo9A
h5K5ZWG9dCsfHri2FCSvuSRSOxliQ38TfExefiUb3zbpKnkm4eVFqy0Vzy4iTSrg
PdYayAxm70JtWl6M72XWkPgQWnT1QJ3ZoihNBugTeHKMwbFOIv4uUV6nZ0Oaf3Dt
Jmqbs8Wl4UHMN+QpZKKj+N2sb4YxbJDzeBAG3xOlw5cq6nqSifpiVlKDBi5zr2JX
gUaig/IHmUNyxKZUSNWtlS+/SIr5v6h3xMyz/tO0hds3pGomSUsZlPny2xAvWUhz
JVQt9wrmw4HsqL+P/1oe9F3OnSBfWPqJMpQ/Ep0SGRQALQTaPtsL/jsikbd+Rt5N
K9VyH3SEVBX2xHmuCxq8RZVdK5xlZQe9jZFkFvKdA+jAun+1wMPVRD4fX5C5nRbk
HzYuEtxJ2L7uAAZvZkOhfLMXt2PzrEOZIFS0HhFBBvGFuvBvAokjBgbDcdwKhIWD
5OIMARRJgeU=
=vUQX
-----END PGP SIGNATURE-----