| Description: | Summary:
The remote host is missing an update for the Debian 'qemu-kvm' package(s) announced via the DSA-3362-1 advisory.
Vulnerability Insight:
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
CVE-2015-5278
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
CVE-2015-5279
Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.
CVE-2015-6815
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
CVE-2015-6855
Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u11.
We recommend that you upgrade your qemu-kvm packages.
Affected Software/OS:
'qemu-kvm' package(s) on Debian 7.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
