The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of QEMU: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities of QEMU permit a local attacker to elevate his privileges or to generate a denial of service.
Vulnerable software: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 02/05/2007.
Références of this computer vulnerability: BID-23731, CERTA-2002-AVI-088, CERTA-2007-AVI-197, CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323-REJECT, CVE-2007-1366, CVE-2007-5729, CVE-2007-5730, DSA-1284-1, DSA-1384-1, FEDORA-2007-2270, FEDORA-2007-713, FEDORA-2008-4386, FEDORA-2008-4604, MDKSA-2007:203, MDVSA-2008:162, RHSA-2008:0194-01, SUSE-SR:2009:002, VIGILANCE-VUL-6781.

Description of the vulnerability 

A malicious application executed in a QEMU emulation environment can exploit several vulnerabilities.

An attacker can corrupt memory via the cirrus_invalidate_region() function of Cirrus video driver. [severity:2/4; CERTA-2007-AVI-197, CVE-2007-1320]

An attacker can create an heap overflow in the NE2000 network driver. [severity:2/4; CVE-2007-1321, CVE-2007-5729]

An attacker can create an integer overflow in the NE2000 network driver. [severity:2/4; CVE-2007-1321, CVE-2007-1323-REJECT]

An attacker can create an heap overflow via the "net socket listen" option. [severity:2/4; CVE-2007-5730]

An attacker can exploit several denial of service (sb16, dma, aam, icebp, etc.). [severity:2/4; CVE-2007-1322, CVE-2007-1366]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat announce impacts software or systems such as Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity alert.

Solutions for this threat 

Xen: version 3.1.
Version 3.1 is corrected:
  http://xen.xensource.com/download/

Debian: new qemu packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
  Source archives:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1.dsc
      Size/MD5 checksum: 860 0d4d669e862d4249af1fd6d4e62ed21e
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1.diff.gz
      Size/MD5 checksum: 456776 9940e2b1c7e3edce24a941d79cc45f1c
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407.orig.tar.gz
      Size/MD5 checksum: 991912 a4cb70b9b701668c1c37705f9b5baae6
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1_i386.deb
      Size/MD5 checksum: 1888278 b3fd3a2a4c01ccd3a22ffb079c2da48a
  PowerPC architecture:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1_powerpc.deb
      Size/MD5 checksum: 1819756 d95ad449adf33a288cb509a5cf580593

Debian GNU/Linux 4.0 alias etch
  Source archives:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.dsc
      Size/MD5 checksum: 1122 9d55f0fd6f5261bff1a83f6ea0652afb
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
      Size/MD5 checksum: 63407 e4f93234058f38d4fffbacb9524bbaa4
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz
      Size/MD5 checksum: 1501979 312eebc1386cca2e9b30a40763ab9c0d
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_amd64.deb
      Size/MD5 checksum: 3700158 ced2cb8925aadb4abb1d0bf9f49aaace
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_i386.deb
      Size/MD5 checksum: 3675760 20e6e9eb0ea92b043397e3ea348a3925
  PowerPC architecture:
    http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_powerpc.deb
      Size/MD5 checksum: 3578440 e604fc75cead026b2581800f35c1f5b4

Debian: new xen-utils packages.
New packages are available:
Debian GNU/Linux 4.0 alias etch
amd64 architecture (AMD x86_64 (AMD64))
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb
    Size/MD5 checksum: 368012 b4ceb2935cf07339c98b7aa67709a508
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb
    Size/MD5 checksum: 331438 f7f8a51f48c87072fe2c0ffd03e066aa
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb
    Size/MD5 checksum: 269956 7957630a8fcd612e7492b7d14a36512d
i386 architecture (Intel ia32)
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-3_i386.deb
    Size/MD5 checksum: 273756 f36f6d51efa2c545d98275e63965569c
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_i386.deb
    Size/MD5 checksum: 326526 b198abda8622589fb4dd0141744dddf0
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_i386.deb
    Size/MD5 checksum: 347860 954ccb3ddf9aea5fa5a09e08abd6c95c
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-3_i386.deb
    Size/MD5 checksum: 253984 b92b82d449805ff4a8d8f90b655be600

Fedora 7: new xen packages.
New packages are available:
314a0c19e1ea7c6511775bb27603b4ca64336ce3 xen-devel-3.1.0-6.fc7.i386.rpm
7d62407bd1470b6df7878c594f16d9cdcaaba2c2 xen-3.1.0-6.fc7.i386.rpm
e7af639972801128410926468e8f13b5c790ab3a xen-libs-3.1.0-6.fc7.i386.rpm
2499de56aafec2ff23c32957e092c3b6c6d68a6b xen-debuginfo-3.1.0-6.fc7.i386.rpm
3bfb809dac6cc7589b5232e5c70f27fb9ef14264 xen-debuginfo-3.1.0-6.fc7.x86_64.rpm
102bc8e81305815da907a0c9d28e16f687435b09 xen-devel-3.1.0-6.fc7.x86_64.rpm
50b994595fce00d113f091f40f3abca4436813b7 xen-3.1.0-6.fc7.x86_64.rpm
edf2ae923a432118d51e6d572384379f2d04718a xen-libs-3.1.0-6.fc7.x86_64.rpm
79aa182050cb17e2c761116631d2e02c80722994 xen-3.1.0-6.fc7.src.rpm

Fedora Core 6: new xen packages.
New packages are available:
484613b34cc8a413fe1b3572b848def93901e2ee SRPMS/xen-3.0.3-12.fc6.src.rpm
484613b34cc8a413fe1b3572b848def93901e2ee noarch/xen-3.0.3-12.fc6.src.rpm
ff66d2e5a02144749c5a7ee1eede9a79f1d42292 x86_64/xen-libs-3.0.3-12.fc6.x86_64.rpm
c2cf66a1fea52fafaba74f1e3f7270a16498ee0f x86_64/xen-devel-3.0.3-12.fc6.x86_64.rpm
0571bf8254866a0444e1f72a4885a9a020b70712 x86_64/debug/xen-debuginfo-3.0.3-12.fc6.x86_64.rpm
2f31b5236539b93cc21d8d9c327ec8c7ff70a661 x86_64/xen-3.0.3-12.fc6.x86_64.rpm
32b9d45323e7f20a698ecbdb1f592f091198448e i386/debug/xen-debuginfo-3.0.3-12.fc6.i386.rpm
36acff8e249a726970af02f449a5bd412ca0ccff i386/xen-3.0.3-12.fc6.i386.rpm
2c58be5ce5b7affc54bde794d9120aa64830e232 i386/xen-devel-3.0.3-12.fc6.i386.rpm
1e31c12dab0fdd018eb5ed93962ef7058e1e4f30 i386/xen-libs-3.0.3-12.fc6.i386.rpm

Fedora: new kvm packages.
New packages are available:
  kvm-60-6.fc8
  kvm-65-7.fc9

Mandriva 2008: new qemu packages.
New packages are available:
Mandriva Linux 2008.0: qemu*-0.9.0-16.2mdv2008.0
Mandriva Linux 2008.1: qemu*-0.9.0-18.2mdv2008.1

Mandriva: new xen packages.
New packages are available:
 Mandriva Linux 2007.0:
 70b7495f9eb6597b8dcff92a6a698a28 2007.0/i586/xen-3.0.3-0.20060703.3.1mdv2007.0.i586.rpm
 c939b93cb67251235a9c8f2824609702 2007.0/SRPMS/xen-3.0.3-0.20060703.3.1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 f35d3563e67a0a887c439657b2e29afb 2007.0/x86_64/xen-3.0.3-0.20060703.3.1mdv2007.0.x86_64.rpm
 c939b93cb67251235a9c8f2824609702 2007.0/SRPMS/xen-3.0.3-0.20060703.3.1mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 183ef09d8ed8171adc894cbb606f922f 2007.1/i586/xen-3.0.3-0.20060703.5.1mdv2007.1.i586.rpm
 f4a0bfc9c6d5ae01664c8a906580b873 2007.1/SRPMS/xen-3.0.3-0.20060703.5.1mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 c05336d0eef357b2b2c191286c4d679e 2007.1/x86_64/xen-3.0.3-0.20060703.5.1mdv2007.1.x86_64.rpm
 f4a0bfc9c6d5ae01664c8a906580b873 2007.1/SRPMS/xen-3.0.3-0.20060703.5.1mdv2007.1.src.rpm
 Corporate 4.0:
 ec6876abb87e57d61257f3b3c6659c22 corporate/4.0/i586/xen-3.0.1-3.1.20060mlcs4.i586.rpm
 72a302b77a88766cc43276e431dabf79 corporate/4.0/SRPMS/xen-3.0.1-3.1.20060mlcs4.src.rpm
 Corporate 4.0/X86_64:
 894c37bcf10d4ec8973ed11a5613aeb5 corporate/4.0/x86_64/xen-3.0.1-3.1.20060mlcs4.x86_64.rpm
 72a302b77a88766cc43276e431dabf79 corporate/4.0/SRPMS/xen-3.0.1-3.1.20060mlcs4.src.rpm

RHEL 5: new xen packages.
New packages are available:
Red Hat Enterprise Linux version 5: xen-3.0.3-41.el5_1.5

SUSE: new imlib2, valgrind, kvm, cups, lynx, xterm packages.
New packages are available.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security announces. The Vigil@nce vulnerability database contains several thousand vulnerabilities.