| Beschreibung: | Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0368 advisory.
Vulnerability Insight:
Updated qemu packages fix security vulnerabilities:
Qemu emulator built with the RTL8139 emulation support is vulnerable to an
information leakage flaw. It could occur while processing network packets
under RTL8139 controller's C+ mode of operation. A guest user could use this
flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165).
Qemu emulator built with the VNC display driver is vulnerable to an infinite
loop issue. It could occur while processing a CLIENT_CUT_TEXT message with
specially crafted payload message. A privileged guest user could use this flaw
to crash the Qemu process on the host, resulting in DoS (CVE-2015-5239).
Qemu emulator built with the e1000 NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing transmit descriptor data
when sending a network packet. A privileged user inside guest could use this
flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815).
Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is
vulnerable to a divide by zero issue. It could occur while executing an IDE
command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A
privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS (CVE-2015-6855).
Affected Software/OS:
'qemu' package(s) on Mageia 4.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
