Details of VAR-201506-0038

ID

VAR-201506-0038

CVE

CVE-2015-3209

TITLE

QEMU of PCNET Controller heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003134

DESCRIPTION

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Xen is a virtualization technology for the Linux kernel that allows multiple operating systems to run simultaneously. QEMU is prone to a heap-based buffer-overflow vulnerability. Failed attacks will cause denial-of-service conditions. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. CVE-2015-4163 Jan Beulich discovered that a missing version check in the GNTTABOP_swap_grant_ref hypercall handler may result in denial of service. This only applies to Debian stable/jessie. CVE-2015-4164 Andrew Cooper discovered a vulnerability in the iret hypercall handler, which may result in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u8. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable jessie, it uses the standard qemu package and has already been fixed in DSA-3284-1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen packages. From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <57035F2D.8090108@gentoo.org> Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5" All Xen 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9" All Xen tools 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5" All Xen tools 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9" All Xen pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"= References ========== [ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201604-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2015:1089-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1089.html Issue date: 2015-06-10 CVE Names: CVE-2015-3209 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. (CVE-2015-3209) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3209 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVeHTiXlSAg2UNWIIRAt/NAJ90ZnxpEVDqj+pWL8lXmaXc0rh9cgCgkcgz k2jSKgC736nQWQ8Np03I4WI= =/QWm -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2630-1 June 10, 2015 qemu, qemu-kvm vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3209) Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. (CVE-2015-4037) Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the host MSI message data field. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103) Jan Beulich discovered that the QEMU Xen code incorrectly restricted access to the PCI MSI mask bits. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104) Jan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X error messages. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105) Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the PCI config space. A malicious guest could use this issue to cause a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.2 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.2 qemu-system-arm 1:2.2+dfsg-5expubuntu9.2 qemu-system-mips 1:2.2+dfsg-5expubuntu9.2 qemu-system-misc 1:2.2+dfsg-5expubuntu9.2 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.2 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.2 qemu-system-x86 1:2.2+dfsg-5expubuntu9.2 Ubuntu 14.10: qemu-system 2.1+dfsg-4ubuntu6.7 qemu-system-aarch64 2.1+dfsg-4ubuntu6.7 qemu-system-arm 2.1+dfsg-4ubuntu6.7 qemu-system-mips 2.1+dfsg-4ubuntu6.7 qemu-system-misc 2.1+dfsg-4ubuntu6.7 qemu-system-ppc 2.1+dfsg-4ubuntu6.7 qemu-system-sparc 2.1+dfsg-4ubuntu6.7 qemu-system-x86 2.1+dfsg-4ubuntu6.7 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.13 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.13 qemu-system-arm 2.0.0+dfsg-2ubuntu1.13 qemu-system-mips 2.0.0+dfsg-2ubuntu1.13 qemu-system-misc 2.0.0+dfsg-2ubuntu1.13 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.13 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.13 qemu-system-x86 2.0.0+dfsg-2ubuntu1.13 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.23 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. http://creativecommons.org/licenses/by-sa/2.5

Trust: 3.06

sources: NVD: CVE-2015-3209 // JVNDB: JVNDB-2015-003134 // CNVD: CNVD-2015-03820 // BID: 75123 // VULHUB: VHN-81170 // PACKETSTORM: 132289 // PACKETSTORM: 132290 // PACKETSTORM: 136587 // PACKETSTORM: 132241 // PACKETSTORM: 132251 // PACKETSTORM: 134165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03820

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	5.0	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.15	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.12	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	15.1	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	21	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.13	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.10	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.04	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	22	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	lte	version:	2.3.1	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5.0	Trust: 1.0
vendor:	fabrice bellard	model:	qemu	scope:	-	version:	-	Trust: 0.8
vendor:	xen	model:	xen	scope:	lte	version:	4.5.0	Trust: 0.8
vendor:	xensource	model:	xen	scope:	eq	version:	4.2.x	Trust: 0.6
vendor:	xensource	model:	xen	scope:	eq	version:	4.3.x	Trust: 0.6
vendor:	xensource	model:	xen	scope:	eq	version:	4.4.x	Trust: 0.6
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.5.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4 ltss	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.06	Trust: 0.3
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux virtualization server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.6.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop multi os client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	qemu	model:	qemu	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.9.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.8.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.0.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: CNVD: CNVD-2015-03820 // BID: 75123 // JVNDB: JVNDB-2015-003134 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3209
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3209
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03820
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201506-282
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81170
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3209
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03820
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-81170
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03820 // VULHUB: VHN-81170 // JVNDB: JVNDB-2015-003134 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-81170 // JVNDB: JVNDB-2015-003134 // NVD: CVE-2015-3209

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-282

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201506-282

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003134

PATCH

title:	Top Page	url:	http://wiki.qemu.org/Main_Page	Trust: 0.8
title:	JSA10698	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698	Trust: 0.8
title:	XSA-135	url:	http://xenbits.xen.org/xsa/advisory-135.html	Trust: 0.8
title:	Xen QEMU PCNET Controller Heap Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/59683	Trust: 0.6
title:	xsa135-qemut-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56387	Trust: 0.6
title:	xsa135-qemuu-4.2-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56391	Trust: 0.6
title:	xsa135-qemuu-4.5-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56395	Trust: 0.6
title:	xsa135-qemuu-4.2-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56390	Trust: 0.6
title:	xsa135-qemuu-4.5-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56394	Trust: 0.6
title:	xsa135-qemuu-unstable	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56389	Trust: 0.6
title:	xsa135-qemuu-4.3-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56393	Trust: 0.6
title:	xsa135-qemut-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56388	Trust: 0.6
title:	xsa135-qemuu-4.3-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56392	Trust: 0.6

sources: CNVD: CNVD-2015-03820 // JVNDB: JVNDB-2015-003134 // CNNVD: CNNVD-201506-282

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3209	Trust: 4.0
db:	BID	id:	75123	Trust: 2.6
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	SECTRACK	id:	1032545	Trust: 1.7
db:	JUNIPER	id:	JSA10698	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-003134	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-282	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03820	Trust: 0.6
db:	PACKETSTORM	id:	132290	Trust: 0.2
db:	PACKETSTORM	id:	134165	Trust: 0.2
db:	PACKETSTORM	id:	132289	Trust: 0.2
db:	PACKETSTORM	id:	132241	Trust: 0.2
db:	PACKETSTORM	id:	132251	Trust: 0.2
db:	PACKETSTORM	id:	132240	Trust: 0.1
db:	PACKETSTORM	id:	132447	Trust: 0.1
db:	PACKETSTORM	id:	132242	Trust: 0.1
db:	VULHUB	id:	VHN-81170	Trust: 0.1
db:	PACKETSTORM	id:	136587	Trust: 0.1

sources: CNVD: CNVD-2015-03820 // VULHUB: VHN-81170 // BID: 75123 // JVNDB: JVNDB-2015-003134 // PACKETSTORM: 132289 // PACKETSTORM: 132290 // PACKETSTORM: 136587 // PACKETSTORM: 132241 // PACKETSTORM: 132251 // PACKETSTORM: 134165 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

REFERENCES

url:	http://xenbits.xen.org/xsa/advisory-135.html	Trust: 2.6
url:	http://rhn.redhat.com/errata/rhsa-2015-1089.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1087.html	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-1088.html	Trust: 2.0
url:	https://security.gentoo.org/glsa/201510-02	Trust: 1.8
url:	https://security.gentoo.org/glsa/201604-03	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2630-1	Trust: 1.8
url:	http://www.securitytracker.com/id/1032545	Trust: 1.7
url:	http://www.securityfocus.com/bid/75123	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3284	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3285	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3286	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160669.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160685.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160677.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-1189.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3209	Trust: 1.4
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1225882	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3209	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2015-3209	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3209	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1189	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1088	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1089	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1087	Trust: 0.6
url:	https://www.mail-archive.com/qemu-devel@nongnu.org/msg302403.html	Trust: 0.3
url:	http://wiki.qemu.org/main_page	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/101011972	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4105	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4103	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4106	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4104	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4037	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154	Trust: 0.2
url:	https://security.gentoo.org/	Trust: 0.2
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4164	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4163	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4535	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6036	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3259	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3498	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2151	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6033	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.23	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.13	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.2	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3214	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5158	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5158	Trust: 0.1

CREDITS

Matt Tait of Google's Project Zero security team.

Trust: 0.3

sources: BID: 75123

SOURCES

db:	CNVD	id:	CNVD-2015-03820
db:	VULHUB	id:	VHN-81170
db:	BID	id:	75123
db:	JVNDB	id:	JVNDB-2015-003134
db:	PACKETSTORM	id:	132289
db:	PACKETSTORM	id:	132290
db:	PACKETSTORM	id:	136587
db:	PACKETSTORM	id:	132241
db:	PACKETSTORM	id:	132251
db:	PACKETSTORM	id:	134165
db:	CNNVD	id:	CNNVD-201506-282
db:	NVD	id:	CVE-2015-3209

LAST UPDATE DATE

2024-11-13T21:19:02.559000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03820	date:	2015-06-17T00:00:00
db:	VULHUB	id:	VHN-81170	date:	2023-02-13T00:00:00
db:	BID	id:	75123	date:	2017-04-18T00:05:00
db:	JVNDB	id:	JVNDB-2015-003134	date:	2015-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201506-282	date:	2023-04-10T00:00:00
db:	NVD	id:	CVE-2015-3209	date:	2023-02-13T00:48:06.167

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03820	date:	2015-06-17T00:00:00
db:	VULHUB	id:	VHN-81170	date:	2015-06-15T00:00:00
db:	BID	id:	75123	date:	2015-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-003134	date:	2015-06-18T00:00:00
db:	PACKETSTORM	id:	132289	date:	2015-06-15T15:43:00
db:	PACKETSTORM	id:	132290	date:	2015-06-15T15:43:07
db:	PACKETSTORM	id:	136587	date:	2016-04-06T13:30:13
db:	PACKETSTORM	id:	132241	date:	2015-06-10T23:39:14
db:	PACKETSTORM	id:	132251	date:	2015-06-10T23:41:07
db:	PACKETSTORM	id:	134165	date:	2015-11-02T16:49:11
db:	CNNVD	id:	CNNVD-201506-282	date:	2015-06-16T00:00:00
db:	NVD	id:	CVE-2015-3209	date:	2015-06-15T15:59:00.070