Lucene search

K
debianDebianDEBIAN:DSA-3259-1:EB11E
HistoryMay 13, 2015 - 4:07 p.m.

[SECURITY] [DSA 3259-1] qemu security update

2015-05-1316:07:57
lists.debian.org
8

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

39.6%


Debian Security Advisory DSA-3259-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2015 http://www.debian.org/security/faq


Package : qemu
CVE ID : CVE-2014-9718 CVE-2015-1779 CVE-2015-2756 CVE-2015-3456

Several vulnerabilities were discovered in the qemu virtualisation
solution:

CVE-2014-9718

It was discovered that the IDE controller emulation is susceptible
to denial of service.

CVE-2015-1779

Daniel P. Berrange discovered a denial of service vulnerability in
the VNC web socket decoder. 

CVE-2015-2756

Jan Beulich discovered that unmediated PCI command register could
result in denial of service.

CVE-2015-3456

Jason Geffner discovered a buffer overflow in the emulated floppy
disk drive, resulting in the potential execution of arbitrary code.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version
1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456
affects oldstable.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

39.6%