[SECURITY] [DLA 573-1] qemu security update

2016-07-30T10:22:30
ID DEBIAN:DLA-573-1:20BBF
Type debian
Reporter Debian
Modified 2016-07-30T10:22:30

Description

Package : qemu Version : 1.1.2+dfsg-6+deb7u14 CVE ID : CVE-2015-5239 CVE-2016-2857 CVE-2016-4020 CVE-2016-4439 CVE-2016-5403 CVE-2016-6351

Multiple vulnerabilities have been discovered in QEMU, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2015-5239

Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service.

CVE-2016-2857

Ling Liu discovered that QEMU incorrectly handled IP checksum routines. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes.

CVE-2016-4020

Donghai Zdh discovered that QEMU incorrectly handled the Task Priority Register(TPR). A privileged attacker inside the guest could use this issue to possibly leak host memory bytes.

CVE-2016-4439, CVE-2016-6351

Li Qiang disovered that the emulation of the 53C9X Fast SCSI Controller is affected by out of bound access issues.

CVE-2016-5403

Zhenhao Hong discovered that a malicious guest administrator can cause unbounded memory allocation in QEMU (which can cause an Out-of-Memory condition) by submitting virtio requests without bothering to wait for completion.

For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u14.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS