http://www.mandriva.com/en/
______________________________
Package : qemu
Date : November 21, 2014
Affected: Business Server 1.0
______________________________
Problem Description:
Updated qemu packages fix security vulnerabilities:
Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host
(CVE-2013-4544).
Multiple integer overflow, input validation, logic error, and buffer
overflow flaws were discovered in various QEMU block drivers. An
attacker able to modify a disk image file loaded by a guest could
use these flaws to crash the guest, or corrupt QEMU process memory
on the host, potentially resulting in arbitrary code execution on
the host with the privileges of the QEMU process (CVE-2014-0143,
CVE-2014-0144, CVE-2014-0145, CVE-2014-0147).
A buffer overflow flaw was found in the way the virtio_net_handle_mac()
function of QEMU processed guest requests to update the table of MAC
addresses. A privileged guest user could use this flaw to corrupt
QEMU process memory on the host, potentially resulting in arbitrary
code execution on the host with the privileges of the QEMU process
(CVE-2014-0150).
A divide-by-zero flaw was found in the seek_to_sector() function of
the parallels block driver in QEMU. An attacker able to modify a disk
image file loaded by a guest could use this flaw to crash the guest
(CVE-2014-0142).
A NULL pointer dereference flaw was found in the QCOW2 block driver
in QEMU. An attacker able to modify a disk image file loaded by a
guest could use this flaw to crash the guest (CVE-2014-0146).
It was found that the block driver for Hyper-V VHDX images did not
correctly calculate BAT (Block Allocation Table) entries due to
a missing bounds check. An attacker able to modify a disk image
file loaded by a guest could use this flaw to crash the guest
(CVE-2014-0148).
An out-of-bounds memory access flaw was found in the way QEMU's
IDE device driver handled the execution of SMART EXECUTE OFFLINE
commands. A privileged guest user could use this flaw to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process (CVE-2014-2894).
Two integer overflow flaws were found in the QEMU block driver for
QCOW version 1 disk images. A user able to alter the QEMU disk image
files loaded by a guest could use either of these flaws to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process (CVE-2014-0222, CVE-2014-0223).
Multiple buffer overflow, input validation, and out-of-bounds write
flaws were found in the way the virtio, virtio-net, virtio-scsi, and
usb drivers of QEMU handled state loading after migration. A user
able to alter the savevm data (either on the disk or over the wire
during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges
of the QEMU process (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535,
CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399,
CVE-2014-0182, CVE-2014-3461).
An information leak flaw was found in the way QEMU's VGA emulator
accessed frame buffer memory for high resolution displays. A privileged
guest user could use this flaw to leak memory contents of the host to
the guest by setting the display to use a high resolution in the guest
(CVE-2014-3615).
When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_
guests using qemu user networking are affected (CVE-2014-3640).
The Advanced Threat Research team at Intel Security reported that guest
provided parameter were insufficiently validated in rectangle functions
in the vmware-vga driver. A privileged guest user could use this flaw
to write into qemu address space on the host, potentially escalating
their privileges to those of the qemu host process (CVE-2014-3689).
It was discovered that QEMU incorrectly handled USB xHCI controller
live migration. An attacker could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code (CVE-2014-5263).
James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel
from the client in the QEMU VNC display driver. An attacker having
access to the guest's VNC console could use this flaw to crash the
guest (CVE-2014-7815).
Additionally qemu-1.6+ requires usbredir-0.6+ for USB redirection
support which is also being provided with this advisory.
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
http://advisories.mageia.org/
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
7f36fbcae0e720a7b18e318462c086
5dada10711cfbcb8ed96c13e8dfe28
fdaed5f5fe87862e1061036761ea74
ebb64169af682de4cc744aa3a53a6f
a115c0d8df0978370670c045d55d8c
ef03d856097f0b2208e2f242889c59
094bc6fd01b3159cacc349664741aa
496daeeb13d59090f602241b45f6b0
e1d0cb5cf20cc99e3a739d1623a0bf
8f60583fe76898ae2dad71fe78967f
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą