Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Tech ARP] Workstation & Server CPU Comparison Guide Rev. 8.0

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3469-1 security ( -at -) debian.org

https://www.debian.org/security/ Sebastien Delafond

February 08, 2016 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : qemu

CVE ID : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345

CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922

Debian Bug : 799452 806373 806741 806742 808130 808144 810519 810527 811201

 

Several vulnerabilities were discovered in qemu, a full virtualization

solution on x86 hardware.

 

CVE-2015-7295

 

Jason Wang of Red Hat Inc. discovered that the Virtual Network

Device support is vulnerable to denial-of-service (via resource

exhaustion), that could occur when receiving large packets.

 

CVE-2015-7504

 

Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.

discovered that the PC-Net II ethernet controller is vulnerable to

a heap-based buffer overflow that could result in

denial-of-service (via application crash) or arbitrary code

execution.

 

CVE-2015-7512

 

Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.

discovered that the PC-Net II ethernet controller is vulnerable to

a buffer overflow that could result in denial-of-service (via

application crash) or arbitrary code execution.

 

CVE-2015-8345

 

Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100

emulator contains a flaw that could lead to an infinite loop when

processing Command Blocks, eventually resulting in

denial-of-service (via application crash).

 

CVE-2015-8504

 

Lian Yihan of Qihoo 360 Inc. discovered that the VNC display

driver support is vulnerable to an arithmetic exception flaw that

could lead to denial-of-service (via application crash).

 

CVE-2015-8558

 

Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI

emulation support contains a flaw that could lead to an infinite

loop during communication between the host controller and a device

driver. This could lead to denial-of-service (via resource

exhaustion).

 

CVE-2015-8743

 

Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is

vulnerable to an out-of-bound read/write access issue, potentially

resulting in information leak or memory corruption.

 

CVE-2016-1568

 

Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI

emulation support is vulnerable to a use-after-free issue, that

could lead to denial-of-service (via application crash) or

arbitrary code execution.

 

CVE-2016-1714

 

Donghai Zhu of Alibaba discovered that the Firmware Configuration

emulation support is vulnerable to an out-of-bound read/write

access issue, that could lead to denial-of-service (via

application crash) or arbitrary code execution.

 

CVE-2016-1922

 

Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests

support is vulnerable to a null pointer dereference issue, that

could lead to denial-of-service (via application crash).

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 1.1.2+dfsg-6a+deb7u12.

 

We recommend that you upgrade your qemu packages.

 

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×