Debian DSA-3470-1 : qemu-kvm - security update

critical Nessus Plugin ID 88629

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

- CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets.

- CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.

- CVE-2015-7512 Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.

- CVE-2015-8345 Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash).

- CVE-2015-8504 Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash).

- CVE-2015-8558 Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion).

- CVE-2015-8743 Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption.

- CVE-2016-1568 Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.

- CVE-2016-1714 Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.

- CVE-2016-1922 Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a NULL pointer dereference issue, that could lead to denial-of-service (via application crash).

Solution

Upgrade the qemu-kvm packages.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u12.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799452

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806373

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806741

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806742

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808130

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808144

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810519

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810527

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811201

https://security-tracker.debian.org/tracker/CVE-2015-7295

https://security-tracker.debian.org/tracker/CVE-2015-7504

https://security-tracker.debian.org/tracker/CVE-2015-7512

https://security-tracker.debian.org/tracker/CVE-2015-8345

https://security-tracker.debian.org/tracker/CVE-2015-8504

https://security-tracker.debian.org/tracker/CVE-2015-8558

https://security-tracker.debian.org/tracker/CVE-2015-8743

https://security-tracker.debian.org/tracker/CVE-2016-1568

https://security-tracker.debian.org/tracker/CVE-2016-1714

https://security-tracker.debian.org/tracker/CVE-2016-1922

https://packages.debian.org/source/wheezy/qemu-kvm

https://www.debian.org/security/2016/dsa-3470

Plugin Details

Severity: Critical

ID: 88629

File Name: debian_DSA-3470.nasl

Version: 2.15

Type: local

Agent: unix

Published: 2/9/2016

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu-kvm, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2/8/2016

Vulnerability Publication Date: 11/9/2015

Reference Information

CVE: CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981

DSA: 3470