User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2012-0222 (qemu)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2012-0222: qemu-0.14.0-5.2.mga1 (1/core)
Date:  Sat, 18 Aug 2012 11:58:22 +0200
Message-ID:  <20120818095822.GA32129@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2012-0222 Date: August 18th, 2012 Affected releases: 1 Description: Updated qemu packages fix security vulnerabilities: The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host (CVE-2011-2527). Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets (CVE-2012-0029). Updated Packages: qemu-0.14.0-5.2.mga1 qemu-img-0.14.0-5.2.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=7006 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds