[SECURITY] [DSA 3573-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3573-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2016-3710 CVE-2016-3712
Debian Bug : 823830
Several vulnerabilities were discovered in qemu, a fast processor
emulator.
CVE-2016-3710
Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds
read and write flaw in the QEMU VGA module. A privileged guest user
could use this flaw to execute arbitrary code on the host with the
privileges of the hosting QEMU process.
CVE-2016-3712
Zuozhi Fzz of Alibaba Inc discovered potential integer overflow
or out-of-bounds read access issues in the QEMU VGA module. A
privileged guest user could use this flaw to mount a denial of
service (QEMU process crash).
For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u6.
We recommend that you upgrade your qemu packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXMPFjAAoJEAVMuPMTQ89EQQ4P/jxdTbcjsT91JzI6wfy9gSxh
sgmOrGDY89DrKq62RyckzOgN2E8s32ecmYhAFEx6LtUZW/H1L8syqHLvhbDh0tVh
N4GOpg7ZmdUAG1xwKJEaWFNfqsQ8yDN/fvVb5J+2oRcAMrVCuxlyEg3CsBowpuF3
7laW65XZjt/b/jpMhzcoc9O6+T54VYDCd8P279Tk/f0B3H4P0zMKJdtgvYRizS+A
oeD4NKzzgVov5zg+VHu78w2wR2Oi9cRYjNqXszTywpuiv5rvMfeidT4xssN5VMMR
2d2/vFm7DMZeDMXfG+R9VsWH3Y/OQ5SzDZpvu+/DFlN7uYWYjvxQq4MsDuXrkg60
bU0c5EDbqy40x/IZ9BnnCUJJ8P+OcXU2m5Z9q3BPPcmWf106jDZxHs3mhXJg6IoC
k+SEBN73gEOF2wHS/52A0lDa8yCaedzGMbz2gni7+6CjtW9mweEzGUnMv8w0AHb0
/M86FpsYtT9f3OMfbPx1gX3DA4ORYnP1reBc5NHBVgbcR/tEPGNR7f6bkP3EnD/K
S74j7JAxuQfbPsK2fNo5cgo4Slr+o6jEtVmwmvTGi6q+LbWULfTnrnERSyr9oFbx
JuVAGM8Mk+KmOwXh1ChwwxdiDvNEfBH7bEe6PsuQL0x8m2X1IDtWVfejUTW+izz1
L6AMYZU8Rme0+ju43eId
=Hmh5
-----END PGP SIGNATURE-----
Reply to: