[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 539-1] qemu-kvm security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : qemu-kvm
Version        : 1.1.2+dfsg-6+deb7u13
CVE ID         : CVE-2016-3710 CVE-2016-3712

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests.

CVE-2016-3710

    Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds
    read and write flaw in the QEMU VGA module. A privileged guest user
    could use this flaw to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

CVE-2016-3712

    Zuozhi Fzz of Alibaba Inc discovered potential integer overflow
    or out-of-bounds read access issues in the QEMU VGA module. A
    privileged guest user could use this flaw to mount a denial of
    service (QEMU process crash).

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u13.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXdi34AAoJEAe4t7DqmBIL+M0QAJqfm8NtbE2Xkte+ArvWj5TW
x+22r4n8nLrvPCD/h49x6ATJtmyW9xt1dRqJhN3kuPm+kDnEj4d2iELPrpkSyWbR
2r89vMa+YwQElFBItw3Use78UnPOVatgVUSm7IMboI39wKRV6Be2XNELYWq5/PGZ
ncW1GukHKwd8ZAhs6Yc0uRVuT1KgENGdZ5uLZBTmlvk7tixd1sbu2KLlIRRGiUx9
u5GIFZc/zq3Cje5tIVbZGeYa08cYe8ai+0SryraTcSGfu4xPh3LTgyHqxBOx9oHK
6BWJJsti6dyA2OfLhYQwteDhWRjudDR/ZwLQEcxjWEfl6XguPW+FLvI0RDj4HPKN
Cv2z1JrVxuQxryhNQkiZoxurhfzxmYcEXU3TTLNHBYExi0RkKQdWFy0fibOKfvNi
cKnUJfnkTk9ImVOOqacTVV7fMBNcLZpsoIQkcgWv/bDfsawqjqwcCSFjHd1B+OHk
FAT8HHLpK7gqyF9me50XGp3yJOv/PK5I1sAg2omHdemPk3N/fzITj14oFeRJXtTx
UgT5i88HeJ6jANXR3Xm7WiXNrUJ386lvJJj7VUs6wNCjmE+lc3LUg0ooQInDP5dV
S+v6zulb+zVra8Qnq42PX7arKRSPuhzBI2xjpda5fx7BRFrBfL63nBFs9Y4gtAoG
9SgBNe7caRe4SkY60+eu
=FhLP
-----END PGP SIGNATURE-----


Reply to: