diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2007-05-24 18:19:21 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2007-05-24 18:19:21 +0000 |
commit | d14c79dd56f4c1194683e2ba4755efe6e42125eb (patch) | |
tree | a488651304ada2a399d3a633571df9f00cf3b46b | |
parent | a88d50cd2074f50393bbee0124996d0a6e91428c (diff) |
qemu adv
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5913 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/DTSA/advs/39-qemu.adv | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/data/DTSA/advs/39-qemu.adv b/data/DTSA/advs/39-qemu.adv new file mode 100644 index 0000000000..8e349cc2fb --- /dev/null +++ b/data/DTSA/advs/39-qemu.adv @@ -0,0 +1,40 @@ +source: samba +date: May 24th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: local +debian-specifc: no +cve: CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 +vendor-advisory: http://taviso.decsystem.org/virtsec.pdf +testing-fix: 0.8.2-5lenny1 +sid-fix: 0.9.0-2 +upgrade: apt-get upgrade + +Several vulnerabilities have been discovered in the QEMU processor +emulator, which may lead to the execution of arbitrary code or denial of +service. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2007-1320 + Tavis Ormandy discovered that a memory management routine of the Cirrus + video driver performs insufficient bounds checking, which might + allow the execution of arbitrary code through a heap overflow. + +CVE-2007-1321 + Tavis Ormandy discovered that the NE2000 network driver and the socket + code perform insufficient input validation, which might allow the + execution of arbitrary code through a heap overflow. + +CVE-2007-1322 + Tavis Ormandy discovered that the "icebp" instruction can be abused to + terminate the emulation, resulting in denial of service. + +CVE-2007-1323 + Tavis Ormandy discovered that the NE2000 network driver and the socket + code perform insufficient input validation, which might allow the + execution of arbitrary code through a heap overflow. + +CVE-2007-1366 + Tavis Ormandy discovered that the "aam" instruction can be abused to + crash qemu through a division by zero, resulting in denial of + service. |