MGASA-2015-0368

Description

Updated qemu packages fix security vulnerabilities Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165). Qemu emulator built with the VNC display driver is vulnerable to an infinite loop issue. It could occur while processing a CLIENT_CUT_TEXT message with specially crafted payload message. A privileged guest user could use this flaw to crash the Qemu process on the host, resulting in DoS (CVE-2015-5239). Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815). Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6855).

Affected Systems

• mageia•qemu

  < 1.6.2-1.16.mga4

References (6)

• https://advisories.mageia.org/MGASA-2015-0368.html
• https://bugs.mageia.org/show_bug.cgi?id=16604
• https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html
• http://openwall.com/lists/oss-security/2015/09/02/7
• http://openwall.com/lists/oss-security/2015/09/05/5
• http://openwall.com/lists/oss-security/2015/09/10/2