Debian Local Security Checks : Debian Security Advisory DSA 3066-1 (qemu

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703066

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3066-1 (qemu - security update)

Zusammenfassung: Several vulnerabilities were discovered in qemu, a fast processor;emulator.;;CVE-2014-3689;The Advanced Threat Research team at Intel Security reported that;guest provided parameter were insufficiently validated in;rectangle functions in the vmware-vga driver. A privileged guest;user could use this flaw to write into qemu address space on the;host, potentially escalating their privileges to those of the;qemu host process.;;CVE-2014-7815;James Spadaro of Cisco reported insufficiently sanitized;bits_per_pixel from the client in the QEMU VNC display driver. An;attacker having access to the guest's VNC console could use this;flaw to crash the guest.

Beschreibung: Summary:
Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2014-3689
The Advanced Threat Research team at Intel Security reported that
guest provided parameter were insufficiently validated in
rectangle functions in the vmware-vga driver. A privileged guest
user could use this flaw to write into qemu address space on the
host, potentially escalating their privileges to those of the
qemu host process.

CVE-2014-7815
James Spadaro of Cisco reported insufficiently sanitized
bits_per_pixel from the client in the QEMU VNC display driver. An
attacker having access to the guest's VNC console could use this
flaw to crash the guest.

Affected Software/OS:
qemu on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6a+deb7u5.

For the unstable distribution (sid), these problems have been fixed in
version 2.1+dfsg-7.

We recommend that you upgrade your qemu packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3689
Debian Security Information: DSA-3066 (Google Search)
http://www.debian.org/security/2014/dsa-3066
Debian Security Information: DSA-3067 (Google Search)
http://www.debian.org/security/2014/dsa-3067
https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html
http://www.osvdb.org/114397
http://secunia.com/advisories/60923
http://secunia.com/advisories/62143
http://secunia.com/advisories/62144
http://www.ubuntu.com/usn/USN-2409-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-7815
RedHat Security Advisories: RHSA-2015:0349
http://rhn.redhat.com/errata/RHSA-2015-0349.html
RedHat Security Advisories: RHSA-2015:0624
http://rhn.redhat.com/errata/RHSA-2015-0624.html
http://secunia.com/advisories/61484
SuSE Security Announcement: SUSE-SU-2015:1782 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html

Copyright Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703066
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3066-1 (qemu - security update)
Zusammenfassung:	Several vulnerabilities were discovered in qemu, a fast processor;emulator.;;CVE-2014-3689;The Advanced Threat Research team at Intel Security reported that;guest provided parameter were insufficiently validated in;rectangle functions in the vmware-vga driver. A privileged guest;user could use this flaw to write into qemu address space on the;host, potentially escalating their privileges to those of the;qemu host process.;;CVE-2014-7815;James Spadaro of Cisco reported insufficiently sanitized;bits_per_pixel from the client in the QEMU VNC display driver. An;attacker having access to the guest's VNC console could use this;flaw to crash the guest.
Beschreibung:	Summary: Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest. Affected Software/OS: qemu on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u5. For the unstable distribution (sid), these problems have been fixed in version 2.1+dfsg-7. We recommend that you upgrade your qemu packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3689 Debian Security Information: DSA-3066 (Google Search) http://www.debian.org/security/2014/dsa-3066 Debian Security Information: DSA-3067 (Google Search) http://www.debian.org/security/2014/dsa-3067 https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html http://www.osvdb.org/114397 http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.ubuntu.com/usn/USN-2409-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 RedHat Security Advisories: RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RedHat Security Advisories: RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html http://secunia.com/advisories/61484 SuSE Security Announcement: SUSE-SU-2015:1782 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net