[2.7] qemu: various (CVE-2015-5278, CVE- 2015-5279, CVE-2015-6815)
Version 2.4.0.1 fixes the following issues:
CVE-2015-5278 Qemu: net: avoid infinite loop when receiving packets
Qemu emulator built with the NE2000 NIC emulation support is vulnerable
to an
infinite loop issue. It could occur when receiving packets over the
network.
A privileged user inside guest could use this flaw to crash the Qemu
instance
resulting in DoS.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.
A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
Reference:
—————
->http://www.openwall.com/lists/oss-security/2015/09/15/3
CVE-2015-6815 qemu: net: e1000: infinite loop issue
Qemu emulator built with the e1000 NIC emulation support is vulnerable
to an
infinite loop issue. It could occur while processing transmit descriptor
data
when sending a network packet.
A privileged user inside guest could use this flaw to crash the Qemu
instance
resulting in DoS.
Upstream fix:
——————-
->
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
(from redmine: issue id 4663, created on 2015-09-28, closed on 2015-10-07)
- Relations:
- parent #4659 (closed)
- Changesets:
- Revision 5804c8a4 by Natanael Copa on 2015-10-07T07:35:37Z:
main/qemu: various security fixes
CVE-2015-5165
CVE-2015-5225
CVE-2015-5278
CVE-2015-5279
CVE-2015-6815
fixes #4589
fixes #4663