drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in QEMU
Name: |
Zwei Probleme in QEMU |
|
ID: |
DSA-3573-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Mo, 9. Mai 2016, 23:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3712 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3573-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : qemu CVE ID : CVE-2016-3710 CVE-2016-3712 Debian Bug : 823830
Several vulnerabilities were discovered in qemu, a fast processor emulator.
CVE-2016-3710
Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
CVE-2016-3712
Zuozhi Fzz of Alibaba Inc discovered potential integer overflow or out-of-bounds read access issues in the QEMU VGA module. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u6.
We recommend that you upgrade your qemu packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJXMPFjAAoJEAVMuPMTQ89EQQ4P/jxdTbcjsT91JzI6wfy9gSxh sgmOrGDY89DrKq62RyckzOgN2E8s32ecmYhAFEx6LtUZW/H1L8syqHLvhbDh0tVh N4GOpg7ZmdUAG1xwKJEaWFNfqsQ8yDN/fvVb5J+2oRcAMrVCuxlyEg3CsBowpuF3 7laW65XZjt/b/jpMhzcoc9O6+T54VYDCd8P279Tk/f0B3H4P0zMKJdtgvYRizS+A oeD4NKzzgVov5zg+VHu78w2wR2Oi9cRYjNqXszTywpuiv5rvMfeidT4xssN5VMMR 2d2/vFm7DMZeDMXfG+R9VsWH3Y/OQ5SzDZpvu+/DFlN7uYWYjvxQq4MsDuXrkg60 bU0c5EDbqy40x/IZ9BnnCUJJ8P+OcXU2m5Z9q3BPPcmWf106jDZxHs3mhXJg6IoC k+SEBN73gEOF2wHS/52A0lDa8yCaedzGMbz2gni7+6CjtW9mweEzGUnMv8w0AHb0 /M86FpsYtT9f3OMfbPx1gX3DA4ORYnP1reBc5NHBVgbcR/tEPGNR7f6bkP3EnD/K S74j7JAxuQfbPsK2fNo5cgo4Slr+o6jEtVmwmvTGi6q+LbWULfTnrnERSyr9oFbx JuVAGM8Mk+KmOwXh1ChwwxdiDvNEfBH7bEe6PsuQL0x8m2X1IDtWVfejUTW+izz1 L6AMYZU8Rme0+ju43eId =Hmh5 -----END PGP SIGNATURE-----
|
|
|
|