English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.130022
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2015-0369)
Summary:The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0369 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0369 advisory.

Vulnerability Insight:
Updated qemu packages fix security vulnerabilities:

Qemu emulator built with the RTL8139 emulation support is vulnerable to an
information leakage flaw. It could occur while processing network packets
under RTL8139 controller's C+ mode of operation. A guest user could use this
flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165).

Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in
the VNC display driver. A malicious guest could use this issue to cause a
denial of service, or possibly execute arbitrary code on the host as the user
running the QEMU process (CVE-2015-5225). - Mageia 5 only

Qemu emulator built with the e1000 NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing transmit descriptor data
when sending a network packet. A privileged user inside guest could use this
flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815).

Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is
vulnerable to a divide by zero issue. It could occur while executing an IDE
command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A
privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS (CVE-2015-6855).

Affected Software/OS:
'qemu' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5165
1033176
http://www.securitytracker.com/id/1033176
76153
http://www.securityfocus.com/bid/76153
DSA-3348
http://www.debian.org/security/2015/dsa-3348
DSA-3349
http://www.debian.org/security/2015/dsa-3349
FEDORA-2015-14361
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
FEDORA-2015-15944
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
FEDORA-2015-15946
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
RHSA-2015:1674
http://rhn.redhat.com/errata/RHSA-2015-1674.html
RHSA-2015:1683
http://rhn.redhat.com/errata/RHSA-2015-1683.html
RHSA-2015:1739
http://rhn.redhat.com/errata/RHSA-2015-1739.html
RHSA-2015:1740
http://rhn.redhat.com/errata/RHSA-2015-1740.html
RHSA-2015:1793
http://rhn.redhat.com/errata/RHSA-2015-1793.html
RHSA-2015:1833
http://rhn.redhat.com/errata/RHSA-2015-1833.html
SUSE-SU-2015:1421
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
SUSE-SU-2015:1643
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://support.citrix.com/article/CTX201717
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://xenbits.xen.org/xsa/advisory-140.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Common Vulnerability Exposure (CVE) ID: CVE-2015-5225
1033547
http://www.securitytracker.com/id/1033547
76506
http://www.securityfocus.com/bid/76506
FEDORA-2015-14783
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html
FEDORA-2015-15364
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html
FEDORA-2015-16368
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
GLSA-201602-01
https://security.gentoo.org/glsa/201602-01
RHSA-2015:1772
http://rhn.redhat.com/errata/RHSA-2015-1772.html
RHSA-2015:1837
http://rhn.redhat.com/errata/RHSA-2015-1837.html
[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue
http://www.openwall.com/lists/oss-security/2015/08/21/6
Common Vulnerability Exposure (CVE) ID: CVE-2015-6815
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
http://www.openwall.com/lists/oss-security/2015/09/04/4
http://www.openwall.com/lists/oss-security/2015/09/05/5
http://www.ubuntu.com/usn/USN-2745-1
https://bugzilla.redhat.com/show_bug.cgi?id=1260076
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
Common Vulnerability Exposure (CVE) ID: CVE-2015-6855
76691
http://www.securityfocus.com/bid/76691
DSA-3361
http://www.debian.org/security/2015/dsa-3361
DSA-3362
http://www.debian.org/security/2015/dsa-3362
FEDORA-2015-16369
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
FEDORA-2015-16370
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
FEDORA-2015-4896530727
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html
FEDORA-2015-8dc71ade88
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html
FEDORA-2015-d6ea74993a
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html
SUSE-SU-2015:1782
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
USN-2745-1
[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue
http://www.openwall.com/lists/oss-security/2015/09/10/1
[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue
http://www.openwall.com/lists/oss-security/2015/09/10/2
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.