lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XwWhj-0000Hf-Ka@master.debian.org>
Date: Thu, 04 Dec 2014 13:44:23 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3087-1] qemu security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3087-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 04, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2014-8106

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6a+deb7u6.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5
ZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I
Dd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP
PRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4
ArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX
pAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk
oooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB
IxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/
Rhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I
Uv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG
nGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15
B49r56dZcgZVzKzI8Zix
=uUu3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ