Test ID:	1.3.6.1.4.1.25623.1.0.703348
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3348-1)
Summary:	The remote host is missing an update for the Debian 'qemu' package(s) announced via the DSA-3348-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'qemu' package(s) announced via the DSA-3348-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google's Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5154 Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the IDE subsystem in QEMU while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc discovered a buffer overflow flaw in the VNC display driver leading to heap memory corruption. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-1a. We recommend that you upgrade your qemu packages. Affected Software/OS: 'qemu' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3214 1032598 http://www.securitytracker.com/id/1032598 37990 https://www.exploit-db.com/exploits/37990/ 75273 http://www.securityfocus.com/bid/75273 DSA-3348 http://www.debian.org/security/2015/dsa-3348 GLSA-201510-02 https://security.gentoo.org/glsa/201510-02 RHSA-2015:1507 http://rhn.redhat.com/errata/RHSA-2015-1507.html RHSA-2015:1508 http://rhn.redhat.com/errata/RHSA-2015-1508.html RHSA-2015:1512 http://rhn.redhat.com/errata/RHSA-2015-1512.html [oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function http://www.openwall.com/lists/oss-security/2015/06/25/7 [qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read() https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 https://bugzilla.redhat.com/show_bug.cgi?id=1229640 https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 https://support.lenovo.com/product_security/qemu https://support.lenovo.com/us/en/product_security/qemu https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Common Vulnerability Exposure (CVE) ID: CVE-2015-5154 1033074 http://www.securitytracker.com/id/1033074 76048 http://www.securityfocus.com/bid/76048 FEDORA-2015-12657 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html FEDORA-2015-12679 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html FEDORA-2015-12714 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 SUSE-SU-2015:1299 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html SUSE-SU-2015:1302 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html SUSE-SU-2015:1409 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1426 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html SUSE-SU-2015:1455 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://support.citrix.com/article/CTX201593 http://xenbits.xen.org/xsa/advisory-138.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 1033176 http://www.securitytracker.com/id/1033176 76153 http://www.securityfocus.com/bid/76153 DSA-3349 http://www.debian.org/security/2015/dsa-3349 FEDORA-2015-14361 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html FEDORA-2015-15944 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html FEDORA-2015-15946 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html http://support.citrix.com/article/CTX201717 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xenbits.xen.org/xsa/advisory-140.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5225 1033547 http://www.securitytracker.com/id/1033547 76506 http://www.securityfocus.com/bid/76506 FEDORA-2015-14783 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html FEDORA-2015-15364 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html FEDORA-2015-16368 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html GLSA-201602-01 https://security.gentoo.org/glsa/201602-01 RHSA-2015:1772 http://rhn.redhat.com/errata/RHSA-2015-1772.html RHSA-2015:1837 http://rhn.redhat.com/errata/RHSA-2015-1837.html [Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html [Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225) https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html [oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue http://www.openwall.com/lists/oss-security/2015/08/21/6 Common Vulnerability Exposure (CVE) ID: CVE-2015-5745 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/08/06/3 http://www.openwall.com/lists/oss-security/2015/08/06/5 https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295 https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.