Debian DSA-3284-1: QEMU Security Update for Multiple Vulnerabilities (RCE/DoS)

Key Information Announcement ID: DSA-3284-1 Subject: qemu security update Date: 2015-06-13 CVE IDs: - CVE-2015-3209 - CVE-2015-4037 - CVE-2015-4103 - CVE-2015-4104 - CVE-2015-4105 - CVE-2015-4106 Debian Bugs: 787547, 788460 Vulnerability Details CVE-2015-3209 - Discoverer: Matt Tait - Description: A vulnerability exists in QEMU's AMD PCnet Ethernet emulation when processing multiple TMD packets with lengths exceeding 4096 bytes. A privileged guest user can exploit this to execute arbitrary code on the host QEMU process. CVE-2015-4037 - Discoverer: Kurt Seifried - Description: When using the option, QEMU's user-mode network stack uses predictable temporary file names. Unauthorized users can exploit this to cause a denial of service. CVE-2015-4103 - Discoverer: Jan Beulich - Description: QEMU's Xen code does not properly restrict write access to the host MSI message data field. A malicious guest can exploit this to cause a denial of service. CVE-2015-4104 - Discoverer: Jan Beulich - Description: QEMU's Xen code does not properly restrict access to PCI MSI mask bits. A malicious guest can exploit this to cause a denial of service. CVE-2015-4105 - Discoverer: Jan Beulich - Description: QEMU's Xen code allows logging of erroneous PCI MSI-X pass-through messages. A malicious guest can exploit this to cause a denial of service. CVE-2015-4106 - Discoverer: Jan Beulich - Description: QEMU's Xen code does not properly restrict write access to the PCI configuration space of certain PCI pass-through devices. A malicious guest can cause a denial of service, obtain sensitive information, or execute arbitrary code. Fixed Versions Oldstable (wheezy): 1.1.2+dfsg-6a+deb7u8 Stable (jessie): 1.2.1+dfsg-12+deb8u1 Unstable (sid): 1:2.3+dfsg-6 Recommended Action Upgrade the package.

Goal Reached Thanks to every supporter — we hit 100%!

Debian DSA-3284-1: QEMU Security Update for Multiple Vulnerabilities (RCE/DoS)