[IT-SecNots] [SECURITY] [DSA 3348-1] qemu security update

[Salvatore Bonaccorso <carnil AT debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3348-1                   security AT debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 02, 2015                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225 
                 CVE-2015-5745
Debian Bug     : 793811 794610 795087 795461 796465

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2015-3214

    Matt Tait of Google's Project Zero security team discovered a flaw
    in the QEMU i8254 PIT emulation. A privileged guest user in a guest
    with QEMU PIT emulation enabled could potentially use this flaw to
    execute arbitrary code on the host with the privileges of the
    hosting QEMU process.

CVE-2015-5154

    Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
    IDE subsystem in QEMU while processing certain ATAPI commands. A
    privileged guest user in a guest with the CDROM drive enabled could
    potentially use this flaw to execute arbitrary code on the host with
    the privileges of the hosting QEMU process.

CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

CVE-2015-5225

    Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc
    discovered a buffer overflow flaw in the VNC display driver leading
    to heap memory corruption. A privileged guest user could use this
    flaw to mount a denial of service (QEMU process crash), or
    potentially to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only
affected by CVE-2015-5165 and CVE-2015-5745.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 1:2.4+dfsg-1a.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV5yHbAAoJEAVMuPMTQ89EL2EQAJRkjczhzMQFzfjym14afASB
pr7b2Hu/M5i+hyuSr8Pv8G2zuEw2o60ezqcseuG2153hZs/yX0yk8qltwuTdLdMk
At2FMs98XiD8xKY4mpCKHSdXcY+Cl7cjmogkcUe84dG4xfT5HUTOpZ7b2Ei22gOr
lUmFf5SdG7yhsEk12sne06ArJh7AuDEUa9ltc+cH2+2091itC9DwflRf2y7NmYaf
kM47ZBcMfmUxGbMPPxBV19T2L6ts1zTcPKMkE4FynDDsTzqDg5ndz8clBHKRF70x
ltEXjTD1gLoJkNFGo2UrnfTHlu8UO5OAx1C1si+rtt8/93ran8IXaOO+u/AssqPU
Jzwo2j4zOSLnSMlo722NuneqkneaTQabLM1tROpTOgRTXHmIvG1Uls6Rx5tQOUbZ
wMszAC9aRQZiZ32yjUu0cVu7bsSIRzadNPjW3WzljtRGSEPYUg/pLicnAC+Bq6mu
MOYllYs3nhybZoQ6NjFrJfA+sCjZuNmDhh5a3QUb/cjckygf2QMN8YBSoPy2khqX
y8hTUcrYfmsJo5/rvAkki6kxOJiqK+8+fiw0ARcAOkOIOuP4tcExTwjfNBXtWgR6
ZHZOTA68XdkptRhYnlSfAUkhR06vP6q63k/hjR+7syWu6e9n+4cq/moEdUh+77Xo
ULvsd7J2ar7JOVZ9HpWS
=QpIk
-----END PGP SIGNATURE-----