Lucene search

K
mageiaGentoo FoundationMGASA-2016-0176
HistoryMay 18, 2016 - 11:14 p.m.

Updated qemu packages fix security vulnerabilities

2016-05-1823:14:22
Gentoo Foundation
advisories.mageia.org
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.5%

Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using ‘address_space_translate’ to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service) (CVE-2015-8817, CVE-2015-8818). A NULL-pointer dereference flaw was found in the QEMU emulator built with TPR optimization for 32-bit Windows guests support. The flaw occurs when doing I/O-port write operations from the HMP interface. The ‘current_cpu’ value remains null because it is not called from the cpu_exec() loop, and dereferencing it results in the flaw. An attacker with access to the HMP interface could use this flaw to crash the QEMU instance (denial of service) (CVE-2016-1922). It was discovered that QEMU incorrectly handled the e1000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-1981). Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2197). Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2198). Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2391). Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2392). Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes (CVE-2016-2538). Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2841). Ling Liu discovered that QEMU incorrectly handled IP checksum routines. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes (CVE-2016-2857). It was discovered that QEMU incorrectly handled the PRNG back-end support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-2858). Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile (CVE-2016-3710). Zuozhi Fzz discovered that QEMU incorrectly handled access in the VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile (CVE-2016-3712). Oleksandr Bazhaniuk discovered that QEMU incorrectly handled Luminary Micro Stellaris ethernet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-4001). Oleksandr Bazhaniuk discovered that QEMU incorrectly handled MIPSnet controller emulation. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service (CVE-2016-4002). Donghai Zdh discovered that QEMU incorrectly handled the Task Priority Register(TPR). A privileged attacker inside the guest could use this issue to possibly leak host memory bytes (CVE-2016-4020). Du Shaobo discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service (CVE-2016-4037). The qemu package has been updated to version 2.4.1 and patched to fix these issues.

OSVersionArchitecturePackageVersionFilename
Mageia5noarchqemu< 2.4.1-5qemu-2.4.1-5.mga5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.5%

Related for MGASA-2016-0176