From d14c79dd56f4c1194683e2ba4755efe6e42125eb Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 24 May 2007 18:19:21 +0000
Subject: qemu adv

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5913 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 data/DTSA/advs/39-qemu.adv | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 data/DTSA/advs/39-qemu.adv

(limited to 'data/DTSA/advs')

diff --git a/data/DTSA/advs/39-qemu.adv b/data/DTSA/advs/39-qemu.adv
new file mode 100644
index 0000000000..8e349cc2fb
--- /dev/null
+++ b/data/DTSA/advs/39-qemu.adv
@@ -0,0 +1,40 @@
+source: samba
+date: May 24th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: local
+debian-specifc: no
+cve:  CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
+vendor-advisory: http://taviso.decsystem.org/virtsec.pdf
+testing-fix: 0.8.2-5lenny1
+sid-fix: 0.9.0-2
+upgrade: apt-get upgrade
+
+Several vulnerabilities have been discovered in the QEMU processor
+emulator, which may lead to the execution of arbitrary code or denial of
+service. The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2007-1320
+    Tavis Ormandy discovered that a memory management routine of the Cirrus
+    video driver performs insufficient bounds checking, which might
+    allow the execution of arbitrary code through a heap overflow.
+
+CVE-2007-1321
+    Tavis Ormandy discovered that the NE2000 network driver and the socket
+    code perform insufficient input validation, which might allow the
+    execution of arbitrary code through a heap overflow.
+
+CVE-2007-1322
+    Tavis Ormandy discovered that the "icebp" instruction can be abused to
+    terminate the emulation, resulting in denial of service.
+
+CVE-2007-1323
+    Tavis Ormandy discovered that the NE2000 network driver and the socket
+    code perform insufficient input validation, which might allow the
+    execution of arbitrary code through a heap overflow.
+
+CVE-2007-1366
+    Tavis Ormandy discovered that the "aam" instruction can be abused to
+    crash qemu through a division by zero, resulting in denial of
+    service.
-- 
cgit v1.2.3