Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.703470 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 3470-1 (qemu-kvm - security update) |
Summary: | Several vulnerabilities were discovered;in qemu-kvm, a full virtualization solution on x86 hardware.;;CVE-2015-7295;Jason Wang of Red Hat Inc. discovered that the Virtual Network;Device support is vulnerable to denial-of-service (via resource;exhaustion), that could occur when receiving large packets.;;CVE-2015-7504;Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.;discovered that the PC-Net II ethernet controller is vulnerable to;a heap-based buffer overflow that could result in;denial-of-service (via application crash) or arbitrary code;execution.;;CVE-2015-7512;Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.;discovered that the PC-Net II ethernet controller is vulnerable to;a buffer overflow that could result in denial-of-service (via;application crash) or arbitrary code execution.;;CVE-2015-8345;Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100;emulator contains a flaw that could lead to an infinite loop when;processing Command Blocks, eventually resulting in;denial-of-service (via application crash).;;CVE-2015-8504;Lian Yihan of Qihoo 360 Inc. discovered that the VNC display;driver support is vulnerable to an arithmetic exception flaw that;could lead to denial-of-service (via application crash).;;CVE-2015-8558;Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI;emulation support contains a flaw that could lead to an infinite;loop during communication between the host controller and a device;driver. This could lead to denial-of-service (via resource;exhaustion).;;CVE-2015-8743;Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is;vulnerable to an out-of-bound read/write access issue, potentially;resulting in information leak or memory corruption.;;CVE-2016-1568;Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI;emulation support is vulnerable to a use-after-free issue, that;could lead to denial-of-service (via application crash) or;arbitrary code execution.;;CVE-2016-1714;Donghai Zhu of Alibaba discovered that the Firmware Configuration;emulation support is vulnerable to an out-of-bound read/write;access issue, that could lead to denial-of-service (via;application crash) or arbitrary code execution.;;CVE-2016-1922;Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests;support is vulnerable to a null pointer dereference issue, that;could lead to denial-of-service (via application crash). |
Description: | Summary: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-7512 Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution. CVE-2015-8345 Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash). CVE-2015-8504 Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash). CVE-2015-8558 Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion). CVE-2015-8743 Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption. CVE-2016-1568 Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1714 Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution. CVE-2016-1922 Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash). Affected Software/OS: qemu-kvm on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u12. We recommend that you upgrade your qemu-kvm packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7295 BugTraq ID: 82672 http://www.securityfocus.com/bid/82672 Debian Security Information: DSA-3469 (Google Search) http://www.debian.org/security/2016/dsa-3469 Debian Security Information: DSA-3470 (Google Search) http://www.debian.org/security/2016/dsa-3470 Debian Security Information: DSA-3471 (Google Search) http://www.debian.org/security/2016/dsa-3471 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html https://security.gentoo.org/glsa/201602-01 http://www.openwall.com/lists/oss-security/2015/09/18/5 http://www.openwall.com/lists/oss-security/2015/09/18/9 Common Vulnerability Exposure (CVE) ID: CVE-2015-7504 BugTraq ID: 78227 http://www.securityfocus.com/bid/78227 https://security.gentoo.org/glsa/201604-03 https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html http://www.openwall.com/lists/oss-security/2015/11/30/2 RedHat Security Advisories: RHSA-2015:2694 http://rhn.redhat.com/errata/RHSA-2015-2694.html RedHat Security Advisories: RHSA-2015:2695 http://rhn.redhat.com/errata/RHSA-2015-2695.html RedHat Security Advisories: RHSA-2015:2696 http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.securitytracker.com/id/1034268 Common Vulnerability Exposure (CVE) ID: CVE-2015-7512 BugTraq ID: 78230 http://www.securityfocus.com/bid/78230 http://www.openwall.com/lists/oss-security/2015/11/30/3 http://www.securitytracker.com/id/1034527 Common Vulnerability Exposure (CVE) ID: CVE-2015-8345 BugTraq ID: 77985 http://www.securityfocus.com/bid/77985 http://www.openwall.com/lists/oss-security/2015/11/25/11 https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8504 BugTraq ID: 78708 http://www.securityfocus.com/bid/78708 http://www.openwall.com/lists/oss-security/2015/12/08/7 Common Vulnerability Exposure (CVE) ID: CVE-2015-8558 BugTraq ID: 80694 http://www.securityfocus.com/bid/80694 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.openwall.com/lists/oss-security/2015/12/14/16 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8743 BugTraq ID: 79820 http://www.securityfocus.com/bid/79820 http://www.openwall.com/lists/oss-security/2016/01/04/1 http://www.openwall.com/lists/oss-security/2016/01/04/2 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html http://www.securitytracker.com/id/1034574 Common Vulnerability Exposure (CVE) ID: CVE-2016-1568 BugTraq ID: 80191 http://www.securityfocus.com/bid/80191 http://www.openwall.com/lists/oss-security/2016/01/09/1 http://www.openwall.com/lists/oss-security/2016/01/09/2 RedHat Security Advisories: RHSA-2016:0084 http://rhn.redhat.com/errata/RHSA-2016-0084.html RedHat Security Advisories: RHSA-2016:0086 http://rhn.redhat.com/errata/RHSA-2016-0086.html RedHat Security Advisories: RHSA-2016:0087 http://rhn.redhat.com/errata/RHSA-2016-0087.html RedHat Security Advisories: RHSA-2016:0088 http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.securitytracker.com/id/1034859 Common Vulnerability Exposure (CVE) ID: CVE-2016-1714 BugTraq ID: 80250 http://www.securityfocus.com/bid/80250 https://security.gentoo.org/glsa/201604-01 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html http://www.openwall.com/lists/oss-security/2016/01/11/7 http://www.openwall.com/lists/oss-security/2016/01/12/10 http://www.openwall.com/lists/oss-security/2016/01/12/11 RedHat Security Advisories: RHSA-2016:0081 http://rhn.redhat.com/errata/RHSA-2016-0081.html RedHat Security Advisories: RHSA-2016:0082 http://rhn.redhat.com/errata/RHSA-2016-0082.html RedHat Security Advisories: RHSA-2016:0083 http://rhn.redhat.com/errata/RHSA-2016-0083.html RedHat Security Advisories: RHSA-2016:0085 http://rhn.redhat.com/errata/RHSA-2016-0085.html http://www.securitytracker.com/id/1034858 Common Vulnerability Exposure (CVE) ID: CVE-2016-1922 BugTraq ID: 81058 http://www.securityfocus.com/bid/81058 http://www.openwall.com/lists/oss-security/2016/01/16/1 http://www.openwall.com/lists/oss-security/2016/01/16/6 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |