You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa qemu

Sigurnosni nedostaci programskog paketa qemu

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3573-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : qemu
CVE ID : CVE-2016-3710 CVE-2016-3712
Debian Bug : 823830

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2016-3710

Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds
read and write flaw in the QEMU VGA module. A privileged guest user
could use this flaw to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2016-3712

Zuozhi Fzz of Alibaba Inc discovered potential integer overflow
or out-of-bounds read access issues in the QEMU VGA module. A
privileged guest user could use this flaw to mount a denial of
service (QEMU process crash).

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u6.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXMPFjAAoJEAVMuPMTQ89EQQ4P/jxdTbcjsT91JzI6wfy9gSxh
sgmOrGDY89DrKq62RyckzOgN2E8s32ecmYhAFEx6LtUZW/H1L8syqHLvhbDh0tVh
N4GOpg7ZmdUAG1xwKJEaWFNfqsQ8yDN/fvVb5J+2oRcAMrVCuxlyEg3CsBowpuF3
7laW65XZjt/b/jpMhzcoc9O6+T54VYDCd8P279Tk/f0B3H4P0zMKJdtgvYRizS+A
oeD4NKzzgVov5zg+VHu78w2wR2Oi9cRYjNqXszTywpuiv5rvMfeidT4xssN5VMMR
2d2/vFm7DMZeDMXfG+R9VsWH3Y/OQ5SzDZpvu+/DFlN7uYWYjvxQq4MsDuXrkg60
bU0c5EDbqy40x/IZ9BnnCUJJ8P+OcXU2m5Z9q3BPPcmWf106jDZxHs3mhXJg6IoC
k+SEBN73gEOF2wHS/52A0lDa8yCaedzGMbz2gni7+6CjtW9mweEzGUnMv8w0AHb0
/M86FpsYtT9f3OMfbPx1gX3DA4ORYnP1reBc5NHBVgbcR/tEPGNR7f6bkP3EnD/K
S74j7JAxuQfbPsK2fNo5cgo4Slr+o6jEtVmwmvTGi6q+LbWULfTnrnERSyr9oFbx
JuVAGM8Mk+KmOwXh1ChwwxdiDvNEfBH7bEe6PsuQL0x8m2X1IDtWVfejUTW+izz1
L6AMYZU8Rme0+ju43eId
=Hmh5
—–END PGP SIGNATURE—–

AutorAndrej Sefic
Cert idNCERT-REF-2016-05-0029-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa java-1.6.0-openjdk

Otkriveni su sigurnosni nedostaci u programskom paketu java-1.6.0-openjdk za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje sigurnosnih...

Close