-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3284-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2015-3209 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 Debian Bug : 787547 788460 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service. CVE-2015-4103 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service. CVE-2015-4104 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service. CVE-2015-4105 Jan Beulich of SUSE reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service. CVE-2015-4106 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209 and CVE-2015-4037 affect oldstable. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 1:2.3+dfsg-6. We recommend that you upgrade your qemu packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVe2FLAAoJEAVMuPMTQ89EMUoP/3ZM/GqxfgYdY2ysKzqMFesy TJ9IU16jV6EQlQV/tXR/S5v98ZdD/8lRqGNQeBSoZhaCV5OdFk59whxkBUh+qPVQ R23Owg8fgFLEt9BnEP0p4SS/Ol/mPnffahAUcawKTm3cA2GJeuEn9bSwqsp0Dqw4 b825yj9CqFwxPSFUNEK0OdgQi9Ch7xi2lm+PPSC9czlisCOnX37wrSsPGLCdMLMJ M5TEKMLrfwkAz1anAkqanCJ76OHTA/g+BxboB00Rfxdj+vNfQ9gULLI608hNQguX mN/j650Ltiejm87/XCsY5ROXqrmxU2edNIzovkruYuQspdpNWq1tv6YNtpIsOqKA cUlQ01o0BImfP2Jxr3HO6EVQIiA+tt4Z/JIRe2Tpq14mkWQZKEqypW8segmF9Cen msuVM0pdbCT0WgAQYIZtx5r+9qKy/WY5MEAYZiipJHF2brBeEbSFjMQ/nZhEj/p8 RckM8BhQn5hhVRLku3+eVGyEitrQ+6lBwGL9H6h2iri9i0G1JRg6r9PF0s0amHht yGhfpv9tGIN6CEY9Srx527tCDfdNBduLl/rBaXpW7G3TydZDPo2wXIqiwZh2cb6s lY04+Gniq/1xanTazH0zSq0xCCRDjhK2FgnA16KITwHcXsxj4R/Vjul5Id+2LH28 pvVYLYEJbPoEooiDsI94 =atuh -----END PGP SIGNATURE-----