[3.0] qemu: various (CVE-2015-5278, CVE- 2015-5279, CVE-2015-6815, CVE-2015-5225)
Version 2.4.0.1 fixes the following issues:
CVE-2015-5278 Qemu: net: avoid infinite loop when receiving packets
Qemu emulator built with the NE2000 NIC emulation support is vulnerable
to an
infinite loop issue. It could occur when receiving packets over the
network.
A privileged user inside guest could use this flaw to crash the Qemu
instance
resulting in DoS.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.
A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
Reference:
—————
->http://www.openwall.com/lists/oss-security/2015/09/15/3
CVE-2015-6815 qemu: net: e1000: infinite loop issue
Qemu emulator built with the e1000 NIC emulation support is vulnerable
to an
infinite loop issue. It could occur while processing transmit descriptor
data
when sending a network packet.
A privileged user inside guest could use this flaw to crash the Qemu
instance
resulting in DoS.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-5225 Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface
Qemu emulator built with the VNC display driver support is vulnerable to
a
buffer overflow flaw leading to heap memory corruption. It could occur
while
refreshing the server display surface via routine
vnc_refresh_server_surface().
A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
Issue introduced by:
——————————
->
http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b
(from redmine: issue id 4662, created on 2015-09-28, closed on 2015-10-07)
- Relations:
- parent #4659 (closed)
- Changesets:
- Revision 6117013b by Natanael Copa on 2015-10-06T12:46:15Z:
main/qemu: various security fixes
CVE-2015-5165
CVE-2015-5225
CVE-2015-5278
CVE-2015-5279
CVE-2015-6815
fixes #4590
fixes #4662