[Tech ARP] The HP OMEN Gaming Laptop & Desktop PCs Revealed!

[news 28]

Package : qemu

Version : 1.1.2+dfsg-6+deb7u22

CVE ID : CVE-2016-9602 CVE-2016-9603 CVE-2017-7377 CVE-2017-7471

CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086

 

Several vulnerabilities were discovered in qemu, a fast processor

emulator. The Common Vulnerabilities and Exposures project identifies

the following problems:

 

CVE-2016-9603

 

qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the VNC

display driver support is vulnerable to a heap buffer overflow

issue. It could occur when Vnc client attempts to update its

display after a vga operation is performed by a guest.

 

A privileged user/process inside guest could use this flaw to crash

the Qemu process resulting in DoS OR potentially leverage it to

execute arbitrary code on the host with privileges of the Qemu

process.

 

CVE-2017-7718

 

qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is

vulnerable to an out-of-bounds access issue. It could occur while

copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_

and/or cirrus_bitblt_rop_fwd_.

 

A privileged user inside guest could use this flaw to crash the

Qemu process resulting in DoS.

 

CVE-2017-7980

 

qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is

vulnerable to an out-of-bounds r/w access issues. It could occur

while copying VGA data via various bitblt functions.

 

A privileged user inside guest could use this flaw to crash the

Qemu process resulting in DoS OR potentially execute arbitrary code

on a host with privileges of Qemu process on the host.

 

CVE-2016-9602

 

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via

Plan 9 File System(9pfs) support, is vulnerable to an improper link

following issue. It could occur while accessing symbolic link files

on a shared host directory.

 

A privileged user inside guest could use this flaw to access host file

system beyond the shared folder and potentially escalating their

privileges on a host.

 

CVE-2017-7377

 

Quick Emulator(Qemu) built with the virtio-9p back-end support is

vulnerable to a memory leakage issue. It could occur while doing a I/O

operation via v9fs_create/v9fs_lcreate routine.

 

A privileged user/process inside guest could use this flaw to leak

host memory resulting in Dos.

 

CVE-2017-7471

 

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via

Plan 9 File System(9pfs) support, is vulnerable to an improper access

control issue. It could occur while accessing files on a shared host

directory.

 

A privileged user inside guest could use this flaw to access host file

system beyond the shared folder and potentially escalating their

privileges on a host.

 

CVE-2017-7493

 

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via

Plan 9 File System(9pfs) support, is vulnerable to an improper access

control issue. It could occur while accessing virtfs metadata files

in mapped-file security mode.

 

A guest user could use this flaw to escalate their privileges inside

guest.

 

CVE-2017-8086

 

Quick Emulator(Qemu) built with the virtio-9p back-end support is

vulnerable to a memory leakage issue. It could occur while querying

file system extended attributes via 9pfs_list_xattr() routine.

 

A privileged user/process inside guest could use this flaw to leak

host memory resulting in Dos.

 

 

For Debian 7 "Wheezy", these problems have been fixed in version

1.1.2+dfsg-6+deb7u22.

 

We recommend that you upgrade your qemu packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS