Debian-LTS alert DLA-539-1 (qemu-kvm)
| From: | Guido Günther <agx@sigxcpu.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 539-1] qemu-kvm security update | |
| Date: | Fri, 1 Jul 2016 10:46:52 +0200 | |
| Message-ID: | <20160701084652.GA27651@bogon.m.sigxcpu.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2016-3712 Zuozhi Fzz of Alibaba Inc discovered potential integer overflow or out-of-bounds read access issues in the QEMU VGA module. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u13. We recommend that you upgrade your qemu-kvm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXdi34AAoJEAe4t7DqmBIL+M0QAJqfm8NtbE2Xkte+ArvWj5TW x+22r4n8nLrvPCD/h49x6ATJtmyW9xt1dRqJhN3kuPm+kDnEj4d2iELPrpkSyWbR 2r89vMa+YwQElFBItw3Use78UnPOVatgVUSm7IMboI39wKRV6Be2XNELYWq5/PGZ ncW1GukHKwd8ZAhs6Yc0uRVuT1KgENGdZ5uLZBTmlvk7tixd1sbu2KLlIRRGiUx9 u5GIFZc/zq3Cje5tIVbZGeYa08cYe8ai+0SryraTcSGfu4xPh3LTgyHqxBOx9oHK 6BWJJsti6dyA2OfLhYQwteDhWRjudDR/ZwLQEcxjWEfl6XguPW+FLvI0RDj4HPKN Cv2z1JrVxuQxryhNQkiZoxurhfzxmYcEXU3TTLNHBYExi0RkKQdWFy0fibOKfvNi cKnUJfnkTk9ImVOOqacTVV7fMBNcLZpsoIQkcgWv/bDfsawqjqwcCSFjHd1B+OHk FAT8HHLpK7gqyF9me50XGp3yJOv/PK5I1sAg2omHdemPk3N/fzITj14oFeRJXtTx UgT5i88HeJ6jANXR3Xm7WiXNrUJ386lvJJj7VUs6wNCjmE+lc3LUg0ooQInDP5dV S+v6zulb+zVra8Qnq42PX7arKRSPuhzBI2xjpda5fx7BRFrBfL63nBFs9Y4gtAoG 9SgBNe7caRe4SkY60+eu =FhLP -----END PGP SIGNATURE-----