Bug 16761 - qemu new security issues CVE-2015-5278, CVE-2015-5279, and CVE-2015-7295
Summary: qemu new security issues CVE-2015-5278, CVE-2015-5279, and CVE-2015-7295
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/657989/
Whiteboard: has_procedure advisory MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-09-15 19:44 CEST by David Walser
Modified: 2015-10-14 19:23 CEST (History)
4 users (show)

See Also:
Source RPM: qemu-2.1.3-6.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-09-15 19:44:20 CEST
Two security issues in qemu have been announced today (September 15):
http://openwall.com/lists/oss-security/2015/09/15/2
http://openwall.com/lists/oss-security/2015/09/15/3

The upstream fixes are linked in the messages above.

Reproducible: 

Steps to Reproduce:
David Walser 2015-09-15 19:44:29 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2015-09-18 14:30:16 CEST
CVE request for another issue:
http://openwall.com/lists/oss-security/2015/09/18/5
Comment 2 David Walser 2015-09-18 21:22:17 CEST
(In reply to David Walser from comment #1)
> CVE request for another issue:
> http://openwall.com/lists/oss-security/2015/09/18/5

CVE-2015-7295 assigned:
http://openwall.com/lists/oss-security/2015/09/18/9

Summary: qemu new security issues CVE-2015-5278 and CVE-2015-5279 => qemu new security issues CVE-2015-5278, CVE-2015-5279, and CVE-2015-7295

Comment 3 David Walser 2015-09-21 20:16:57 CEST
Debian has issued an advisory for the first two issues on September 18:
https://www.debian.org/security/2015/dsa-3361

URL: (none) => http://lwn.net/Vulnerabilities/657989/

Comment 4 Thomas Backlund 2015-10-13 17:37:10 CEST
fixed qemu-2.1.3-7.mga6 pushed to cauldron.

fixed qemu-2.1.3-2.7.mga5 pushed to mga5 updates_testing

Advisory:
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the
NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash). (CVE-2015-5278)

Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in
the NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash), or potentially to execute
arbitrary code on the host with the privileges of the hosting QEMU process.
(CVE-2015-5279)

A flaw has been discovered in the QEMU emulator built with Virtual Network
Device(virtio-net) support. If the guest's virtio-net driver did not support
big or mergeable receive buffers, an issue could occur while receiving large
packets over the tuntap/ macvtap interfaces. An attacker on the local network
could use this flaw to disable the guest's networking; the user could send a
large number of jumbo frames to the guest, which could exhaust all receive
buffers, and lead to a denial of service. (CVE-2015-7295)

CC: (none) => tmb
Hardware: i586 => All
Version: Cauldron => 5
Assignee: joequant => qa-bugs
Whiteboard: MGA5TOO => (none)

Dave Hodgins 2015-10-13 19:34:02 CEST

CC: (none) => davidwhodgins
Whiteboard: has_procedure => has_procedure advisory

Comment 6 Thomas Backlund 2015-10-13 19:49:41 CEST
SRPM:
qemu-2.1.3-2.7.mga5.src.rpm

i586:
qemu-2.1.3-2.7.mga5.i586.rpm
qemu-img-2.1.3-2.7.mga5.i586.rpm


x86_64:
qemu-2.1.3-2.7.mga5.x86_64.rpm
qemu-img-2.1.3-2.7.mga5.x86_64.rpm
Comment 7 Yann Cantin 2015-10-13 21:44:38 CEST
mga5 x86_64

Installed packages :
 qemu-2.1.3-2.7.mga5.x86_64.rpm
 qemu-img-2.1.3-2.7.mga5.x86_64.rpm

Test :
https://bugs.mageia.org/show_bug.cgi?id=13096#c34

Update OK.

CC: (none) => yann.cantin
Whiteboard: has_procedure advisory => has_procedure advisory MGA5-64-OK

Comment 8 claire robinson 2015-10-14 00:13:13 CEST
Validating. Please push to 5 updates.

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2015-10-14 00:41:14 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0397.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 10 David Walser 2015-10-14 19:23:52 CEST
LWN reference for CVE-2015-7295:
http://lwn.net/Vulnerabilities/660669/

Note You need to log in before you can comment on or make changes to this bug.