User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2012-0222 (qemu)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2012-0222: qemu-0.14.0-5.2.mga1 (1/core)
Date:  Sat, 18 Aug 2012 11:58:22 +0200
Message-ID:  <>
Archive-link:  Article, Thread

MGASA-2012-0222 Date: August 18th, 2012 Affected releases: 1 Description: Updated qemu packages fix security vulnerabilities: The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host (CVE-2011-2527). Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets (CVE-2012-0029). Updated Packages: qemu-0.14.0-5.2.mga1 qemu-img-0.14.0-5.2.mga1 References:

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds