Debian 4.0: DSA-1799-1 Critical: QEMU Local Exploitation Issues
debian
May 11, 2009
Several vulnerabilities have been discovered in the QEMU processor emulator
Topics Covered
Summary
Several vulnerabilities have been discovered in the QEMU processor
emulator. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-0928
Ian Jackson discovered that range checks of file operations on
emulated disk devices were insufficiently enforced.
CVE-2008-1945
It was discovered that an error in the format auto detection of
removable media could lead to the disclosure of files in the
host system.
CVE-2008-4539
A buffer overflow has been found in the emulation of the Cirrus
graphics adaptor.
For the old stable distribution (etch), these problems have been fixed in
version 0.8.2-4etch3.
For the stable distribution (lenny), these problems have been fixed in
version 0.9.1-10lenny1.
For the unstable distribution (sid), these problems have been fixed in
version 0.9.1+svn20081101-1.
We recommend that you upgrade your qemu packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: qemu
CVE ID: CVE-2008-0928 CVE-2008-4539 CVE-2008-1945
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!