| Description: | Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2016-0176 advisory.
Vulnerability Insight:
Updated qemu packages fix security vulnerabilities:
An out-of-bounds flaw was found in the QEMU emulator built using
'address_space_translate' to map an address to a MemoryRegionSection. The
flaw could occur while doing pci_dma_read/write calls, resulting in an
out-of-bounds read-write access error. A privileged user inside a guest could
use this flaw to crash the guest instance (denial of service) (CVE-2015-8817,
CVE-2015-8818).
A NULL-pointer dereference flaw was found in the QEMU emulator built with TPR
optimization for 32-bit Windows guests support. The flaw occurs when doing
I/O-port write operations from the HMP interface. The 'current_cpu' value
remains null because it is not called from the cpu_exec() loop, and
dereferencing it results in the flaw. An attacker with access to the HMP
interface could use this flaw to crash the QEMU instance (denial of service)
(CVE-2016-1922).
It was discovered that QEMU incorrectly handled the e1000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service (CVE-2016-1981).
Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service (CVE-2016-2197).
Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service (CVE-2016-2198).
Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service (CVE-2016-2391).
Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service (CVE-2016-2392).
Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
host memory bytes (CVE-2016-2538).
Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service (CVE-2016-2841).
Ling Liu discovered that QEMU incorrectly handled IP checksum routines. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly leak host memory bytes
(CVE-2016-2857).
It was discovered that QEMU incorrectly handled the PRNG back-end support.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service (CVE-2016-2858).
Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled access
in the VGA module. A privileged ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'qemu' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
