—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3087-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
– ————————————————————————-

Package : qemu
CVE ID : CVE-2014-8106

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6a+deb7u6.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5
ZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I
Dd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP
PRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4
ArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX
pAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk
oooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB
IxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/
Rhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I
Uv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG
nGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15
B49r56dZcgZVzKzI8Zix
=uUu3
—–END PGP SIGNATURE—–

—
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/E1XwWhj-0000Hf-Ka@master.debian.org

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3088-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
– ————————————————————————-

Package : qemu-kvm
CVE ID : CVE-2014-8106

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu-kvm, a full
virtualization solution on x86 hardware. A privileged guest user could
use this flaw to write into qemu address space on the host, potentially
escalating their privileges to those of the qemu host process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6+deb7u6.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUgGMDAAoJEAVMuPMTQ89Ei/cP/2lKY3OfHhnTGo09hhk/zTcB
GipHKSQJJ1F0tNnRGBou69tfbMI1KEZzRsdxHcw0sFJl+EjfLjStQRkqeSS1t19z
JV9u6v3APMA11HkIjP5dG43c2/mrrBTsnDFKOXjRFFxKBZHEsZmuk65FXyH1k7Wl
wJ2PTM5AeR6PyfFxHreh4FpZDH9cXNpDjtC2Afe1JUoIx6rX1C0lhz5/12B2mPnR
aadzoGTU21IQHFzikCf8MVrScwYkunLOqLuVEaCLDliqMjZF8pAmjcHEr0wAbEwp
V7WmJdYoRL1G7LLGrMttlklYlyl4llWmuU0kTMp4q3hVS1zCW/b3qaTu7E0cCpSE
H67apsNPz65TkeIw6HJOsXKY4/zzjsJ83mml2o3+Bbfq70K7oP/szwp9TrBPe79W
8mlgAL5NEVbpLYNDsbAYcpKXaRoZlmSEfqzNsDstcVCNgpPdlZoHB+lPlN8ZBJh9
VQnHZwpZ3DwA0JtqO8uOJ4M3HZ58wo3sepfjHNj++PF0Y2QFM7DmLsK0vO6wI9fP
4AOhw+jbE+FEYzKLwEEgT4eRrr/wRtIBUqLmDIusa8+ZTMyHZOAU/nxMVf/xKxTy
9htTQf29wTRA0xYweY3jqZfhOviznZW4tWEAIwp9Y6C6ZJG1rsDuHYE3JM2JICOv
04Z8sgCo36WNm4AMpN6b
=mAZ/
—–END PGP SIGNATURE—–

—
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/E1XwWiC-0000KY-Vn@master.debian.org