lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 04 Dec 2014 13:44:52 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3088-1] qemu-kvm security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3088-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 04, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2014-8106

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu-kvm, a full
virtualization solution on x86 hardware. A privileged guest user could
use this flaw to write into qemu address space on the host, potentially
escalating their privileges to those of the qemu host process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6+deb7u6.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUgGMDAAoJEAVMuPMTQ89Ei/cP/2lKY3OfHhnTGo09hhk/zTcB
GipHKSQJJ1F0tNnRGBou69tfbMI1KEZzRsdxHcw0sFJl+EjfLjStQRkqeSS1t19z
JV9u6v3APMA11HkIjP5dG43c2/mrrBTsnDFKOXjRFFxKBZHEsZmuk65FXyH1k7Wl
wJ2PTM5AeR6PyfFxHreh4FpZDH9cXNpDjtC2Afe1JUoIx6rX1C0lhz5/12B2mPnR
aadzoGTU21IQHFzikCf8MVrScwYkunLOqLuVEaCLDliqMjZF8pAmjcHEr0wAbEwp
V7WmJdYoRL1G7LLGrMttlklYlyl4llWmuU0kTMp4q3hVS1zCW/b3qaTu7E0cCpSE
H67apsNPz65TkeIw6HJOsXKY4/zzjsJ83mml2o3+Bbfq70K7oP/szwp9TrBPe79W
8mlgAL5NEVbpLYNDsbAYcpKXaRoZlmSEfqzNsDstcVCNgpPdlZoHB+lPlN8ZBJh9
VQnHZwpZ3DwA0JtqO8uOJ4M3HZ58wo3sepfjHNj++PF0Y2QFM7DmLsK0vO6wI9fP
4AOhw+jbE+FEYzKLwEEgT4eRrr/wRtIBUqLmDIusa8+ZTMyHZOAU/nxMVf/xKxTy
9htTQf29wTRA0xYweY3jqZfhOviznZW4tWEAIwp9Y6C6ZJG1rsDuHYE3JM2JICOv
04Z8sgCo36WNm4AMpN6b
=mAZ/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ