Debian Security Advisory
DLA-1845-1 dosbox -- LTS security update
- Date Reported:
- 07 Jul 2019
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 931222.
In Mitre's CVE dictionary: CVE-2019-7165, CVE-2019-12594.
- More information:
Several security vulnerabilities were discovered in DOSBox, an emulator for running old DOS programs.
A very long line inside a bat file would overflow the parsing buffer which could be used by an attacker to execute arbitrary code.
Insufficient access controls inside DOSBox allowed attackers to access resources on the host system and execute arbitrary code.
For Debian 8
Jessie, these problems have been fixed in version 0.74-4+deb8u1.
We recommend that you upgrade your dosbox packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS