news 28 Posted July 1, 2016 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : qemu Version : 1.1.2+dfsg-6a+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Debian Bug : 823830 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2016-3712 Zuozhi Fzz of Alibaba Inc discovered potential integer overflow or out-of-bounds read access issues in the QEMU VGA module. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6a+deb7u13. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXdjx5AAoJEAe4t7DqmBILIfgP/Awm4V4j5GXthrTxd3hSzyXv pzNHMbnbsIEqyQaDFGp7GiKSWUE9lsnKKQpvaZouIPB+aqIajZ+P56x1tiJI+j+M 0wI76AfZcm9pgWofhJRSsPozo3A8bVKqDvUSl5ClaqliX5Vak25C6Np9uEhtCFD4 o12OryYCAJqeikHqL+KoFBgCIDeBraURi2ICXL5xGx6YlwF3FLU+b4Q04hbBjyMn aya7NiS4NVOYAqL4BnRw8bb3N21hboQbh/rZDc2IzLT/8ITssBkax7K5L99klHnD 56PHIpVfYp75KNykgzKk7zXy+LPz0bEuZsCwQO4MIW2mrli8nQFdz8p8oDgywQPo DoxMufl0xYa5AuHwPyQzRBxhq3Zfwvnp3NRByidl6uueWfVz2E+Abhx4S/H40q91 LBTStJfEiGM0yHYvcsLz8oqduQQAFgbPgqLkzW/NWgjqU9Xhtf/OwD2FGvUuRzGe fCi31t3WMCjic6pH7mH8hB3F9euLO5R8pE/Y5YiIKAtCo635T9v6gdB8z9m+64Xm Zn6Q4rWUM+hDmyx0c7Yg6y4q7+fZScV3v0YesnajBr8zH9k4Q9w2nVNE43xGLJ+g kCv3+WTkC+JMEFJPcNG678G56kEMdpjBV0J86/E3bn7pP4S/BGxP4OWZbFaeAvkJ p0orsn/euaiuHTxpmopA =MJIR -----END PGP SIGNATURE----- Share this post Link to post
