Debian Wheezy: DLA-1129-1 Critical: QEMU Arbitary Code Execution
debian lts
October 8, 2017
Multiple vulnerabilities were discovered in qemu, a fast processor emulator
Summary
CVE-2017-14167
Incorrect validation of multiboot headers could result in the
execution of arbitrary code.
CVE-2017-15038
When using 9pfs qemu-kvm is vulnerable to an information
disclosure issue. It could occur while accessing extended attributes
of a file due to a race condition. This could be used to disclose
heap memory contents of the host.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u24.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: qemu
Version: 1.1.2+dfsg-6+deb7u24
CVE ID: CVE-2017-14167 CVE-2017-15038
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!