Debian DSA-3348-1 : qemu - security update

high Nessus Plugin ID 85754
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.8

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in qemu, a fast processor emulator.

- CVE-2015-3214 Matt Tait of Google's Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

- CVE-2015-5154 Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the IDE subsystem in QEMU while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

- CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap.

- CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc discovered a buffer overflow flaw in the VNC display driver leading to heap memory corruption. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.

- CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash).

Solution

Upgrade the qemu packages.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745.

For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794610

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795087

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795461

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796465

https://security-tracker.debian.org/tracker/CVE-2015-3214

https://security-tracker.debian.org/tracker/CVE-2015-5154

https://security-tracker.debian.org/tracker/CVE-2015-5165

https://security-tracker.debian.org/tracker/CVE-2015-5225

https://security-tracker.debian.org/tracker/CVE-2015-5745

https://security-tracker.debian.org/tracker/CVE-2015-5165

https://security-tracker.debian.org/tracker/CVE-2015-5745

https://packages.debian.org/source/wheezy/qemu

https://packages.debian.org/source/jessie/qemu

https://www.debian.org/security/2015/dsa-3348

Plugin Details

Severity: High

ID: 85754

File Name: debian_DSA-3348.nasl

Version: 2.10

Type: local

Agent: unix

Published: 9/3/2015

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 6.8

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2015

Vulnerability Publication Date: 8/12/2015

Reference Information

CVE: CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5225, CVE-2015-5745

DSA: 3348