[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 248-1] qemu security update

Package        : qemu
Version        : 0.12.5+dfsg-3squeeze4
CVE ID         : CVE-2015-3456

A vulnerability was discovered in the qemu virtualisation solution:


    Jason Geffner discovered a buffer overflow in the emulated floppy
    disk drive, resulting in the potential execution of arbitrary code.

Despite the end-of-life of qemu support in the old-oldstable
distribution (squeeze-lts), this problem has been fixed in version
0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity
(the so-called VENOM vulnerability).

Further problems may still be present in the qemu package in the
old-oldstable distribution (squeeze-lts) and users who need to rely on
qemu are encouraged to upgrade to a newer version of Debian.

We recommend that you upgrade your qemu packages.

Attachment: signature.asc
Description: Digital signature

Reply to: