Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 540-1] qemu security update

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : qemu

Version : 1.1.2+dfsg-6a+deb7u13

CVE ID : CVE-2016-3710 CVE-2016-3712

Debian Bug : 823830

 

Several vulnerabilities were discovered in qemu, a fast processor

emulator.

 

CVE-2016-3710

 

Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds

read and write flaw in the QEMU VGA module. A privileged guest user

could use this flaw to execute arbitrary code on the host with the

privileges of the hosting QEMU process.

 

CVE-2016-3712

 

Zuozhi Fzz of Alibaba Inc discovered potential integer overflow

or out-of-bounds read access issues in the QEMU VGA module. A

privileged guest user could use this flaw to mount a denial of

service (QEMU process crash).

 

For Debian 7 "Wheezy", these problems have been fixed in version

1.1.2+dfsg-6a+deb7u13.

 

We recommend that you upgrade your qemu packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

 

iQIcBAEBCAAGBQJXdjx5AAoJEAe4t7DqmBILIfgP/Awm4V4j5GXthrTxd3hSzyXv

pzNHMbnbsIEqyQaDFGp7GiKSWUE9lsnKKQpvaZouIPB+aqIajZ+P56x1tiJI+j+M

0wI76AfZcm9pgWofhJRSsPozo3A8bVKqDvUSl5ClaqliX5Vak25C6Np9uEhtCFD4

o12OryYCAJqeikHqL+KoFBgCIDeBraURi2ICXL5xGx6YlwF3FLU+b4Q04hbBjyMn

aya7NiS4NVOYAqL4BnRw8bb3N21hboQbh/rZDc2IzLT/8ITssBkax7K5L99klHnD

56PHIpVfYp75KNykgzKk7zXy+LPz0bEuZsCwQO4MIW2mrli8nQFdz8p8oDgywQPo

DoxMufl0xYa5AuHwPyQzRBxhq3Zfwvnp3NRByidl6uueWfVz2E+Abhx4S/H40q91

LBTStJfEiGM0yHYvcsLz8oqduQQAFgbPgqLkzW/NWgjqU9Xhtf/OwD2FGvUuRzGe

fCi31t3WMCjic6pH7mH8hB3F9euLO5R8pE/Y5YiIKAtCo635T9v6gdB8z9m+64Xm

Zn6Q4rWUM+hDmyx0c7Yg6y4q7+fZScV3v0YesnajBr8zH9k4Q9w2nVNE43xGLJ+g

kCv3+WTkC+JMEFJPcNG678G56kEMdpjBV0J86/E3bn7pP4S/BGxP4OWZbFaeAvkJ

p0orsn/euaiuHTxpmopA

=MJIR

-----END PGP SIGNATURE-----

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×