Debian Security Advisory DSA 3045-1 (qemu - Security Update) Network Vulnerability

Summary

Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code.A NULL pointer dereference in SLIRP may result in denial of serviceAn information leak was discovered in the VGA emulation

Solution

For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your qemu packages.

Insight

QEMU is a fast processor emulator: currently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, SPARC and x86-64 emulation. By using dynamic translation it achieves reasonable speed while being easy to port on new host CPUs. QEMU has two operating modes:

Affected

qemu on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3045.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 3045-1 (qemu - security update)

Take action and discover your vulnerabilities