[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 540-1] qemu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : qemu
Version        : 1.1.2+dfsg-6a+deb7u13
CVE ID         : CVE-2016-3710 CVE-2016-3712
Debian Bug     : 823830

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2016-3710

    Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds
    read and write flaw in the QEMU VGA module. A privileged guest user
    could use this flaw to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

CVE-2016-3712

    Zuozhi Fzz of Alibaba Inc discovered potential integer overflow
    or out-of-bounds read access issues in the QEMU VGA module. A
    privileged guest user could use this flaw to mount a denial of
    service (QEMU process crash).

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6a+deb7u13.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXdjx5AAoJEAe4t7DqmBILIfgP/Awm4V4j5GXthrTxd3hSzyXv
pzNHMbnbsIEqyQaDFGp7GiKSWUE9lsnKKQpvaZouIPB+aqIajZ+P56x1tiJI+j+M
0wI76AfZcm9pgWofhJRSsPozo3A8bVKqDvUSl5ClaqliX5Vak25C6Np9uEhtCFD4
o12OryYCAJqeikHqL+KoFBgCIDeBraURi2ICXL5xGx6YlwF3FLU+b4Q04hbBjyMn
aya7NiS4NVOYAqL4BnRw8bb3N21hboQbh/rZDc2IzLT/8ITssBkax7K5L99klHnD
56PHIpVfYp75KNykgzKk7zXy+LPz0bEuZsCwQO4MIW2mrli8nQFdz8p8oDgywQPo
DoxMufl0xYa5AuHwPyQzRBxhq3Zfwvnp3NRByidl6uueWfVz2E+Abhx4S/H40q91
LBTStJfEiGM0yHYvcsLz8oqduQQAFgbPgqLkzW/NWgjqU9Xhtf/OwD2FGvUuRzGe
fCi31t3WMCjic6pH7mH8hB3F9euLO5R8pE/Y5YiIKAtCo635T9v6gdB8z9m+64Xm
Zn6Q4rWUM+hDmyx0c7Yg6y4q7+fZScV3v0YesnajBr8zH9k4Q9w2nVNE43xGLJ+g
kCv3+WTkC+JMEFJPcNG678G56kEMdpjBV0J86/E3bn7pP4S/BGxP4OWZbFaeAvkJ
p0orsn/euaiuHTxpmopA
=MJIR
-----END PGP SIGNATURE-----


Reply to: