{"id":"MGASA-2015-0369","summary":"Updated qemu packages fix security vulnerabilities","details":"Updated qemu packages fix security vulnerabilities:\n\nQemu emulator built with the RTL8139 emulation support is vulnerable to an\ninformation leakage flaw. It could occur while processing network packets\nunder RTL8139 controller's C+ mode of operation. A guest user could use this\nflaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165).\n\nQinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in\nthe VNC display driver. A malicious guest could use this issue to cause a\ndenial of service, or possibly execute arbitrary code on the host as the user\nrunning the QEMU process (CVE-2015-5225). - Mageia 5 only\n\nQemu emulator built with the e1000 NIC emulation support is vulnerable to an\ninfinite loop issue. It could occur while processing transmit descriptor data\nwhen sending a network packet. A privileged user inside guest could use this\nflaw to crash the Qemu instance resulting in DoS (CVE-2015-6815).\n\nQemu emulator built with the IDE disk and CD/DVD-ROM emulation support is\nvulnerable to a divide by zero issue. It could occur while executing an IDE\ncommand WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A\nprivileged user inside guest could use this flaw to crash the Qemu instance\nresulting in DoS (CVE-2015-6855).\n","modified":"2026-04-16T06:26:23.495617425Z","published":"2015-09-15T14:55:06Z","upstream":["CVE-2015-5165","CVE-2015-5225","CVE-2015-6815","CVE-2015-6855"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0369.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16604"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2724-1/"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/09/05/5"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/09/10/2"}],"affected":[{"package":{"name":"qemu","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/qemu?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.3-2.6.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0369.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}