|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0025 (qemu-kvm)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0025: qemu-1.0-6.3.mga2 (2/core) 


Date:
    	      Wed, 6 Feb 2013 22:52:58 +0100


Message-ID:
    	      <20130206215258.GA18207@valstar.mageia.org>



MGASA-2013-0025
Date: 	February 6th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated qemu-kvm packages fix security vulnerability:

It was discovered that the e1000 emulation code in QEMU does not enforce
frame size limits in the same way as the real hardware does. This could
trigger buffer overflows in the guest operating system driver for that
network card, assuming that the host system does not discard such frames
(which it will by default) (CVE-2012-6075).


Updated Packages:
i586:
qemu-1.0-6.3.mga2.i586.rpm
qemu-img-1.0-6.3.mga2.i586.rpm
qemu-debug-1.0-6.3.mga2.i586.rpm

x86_64:
qemu-1.0-6.3.mga2.x86_64.rpm
qemu-img-1.0-6.3.mga2.x86_64.rpm
qemu-debug-1.0-6.3.mga2.x86_64.rpm

SRPMS:
qemu-1.0-6.3.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
http://www.debian.org/security/2013/dsa-2607
https://bugs.mageia.org/show_bug.cgi?id=8715
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds