Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2294
qemu security update
5 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu
Publisher: Debian
Operating System: Debian GNU/Linux 7
Linux variants
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2014-8106
Original Bulletin:
http://www.debian.org/security/2014/dsa-3087
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running qemu check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3087-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2014-8106
Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.
For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6a+deb7u6.
We recommend that you upgrade your qemu packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5
ZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I
Dd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP
PRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4
ArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX
pAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk
oooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB
IxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/
Rhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I
Uv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG
nGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15
B49r56dZcgZVzKzI8Zix
=uUu3
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVID3TRLndAQH1ShLAQLOoBAAhUjr0vVxGO1M55gtmQ5cpU1pMF4STRgf
fLdO+JhkORzArkscwK1xP996sqgvCIeXziJXYgAsi0g8j4JUeY7o3oNlAjP6Qynf
YSfxacTXzi3qwLOznsdL4uX75VJ+KBw481jfHV+iQAR5ssp2Cl25r5C8Y53Lyo8A
PNtWI0QrDb6+gnrgk+AS7cffCcTkVHO9kpPioKJ4C0RdHDfW/xRgWQubT42wCddS
q+TohQkfV2ibiFGK991/Y3ND2iydDWgZfQzjC/HwaT0+nMldFRMgHUHX0nxYNsrZ
FBHhJ8dqkKNV1PoLSx1FvxEsH2jV4jzwkzkgqyT/od/SKtRoCbsDZzRx7bhwkDIb
y+qMjzfyKxyhEMg9otI2GOfb8am9FSp1IhAAL7xj9sLG4mvEUBJyqAqkIDBlX8ab
ZDC5j/JGDL7CEjcd09L8uJlUUL1M1ycDsuOczDsh3tCwmr0ZD5n0ajVS9d3uS2Ms
dCYO39CeZ0Ke9dY4nrPgW/Lszw35ogBr3/chIeawqbhaSrJIRUpFQ6lzir5DM3CV
sHoLLzWeHzEpDUosOE7PlxRFOIzSqaqUbldAwrsyeuomquqfvfcUWRejUXwVRmu1
qvtuuuKbt87N8VjBtQuj/WyvLWFSq95WohDIVDxy/9tAAJ7v6ZCmLNxOYI8u4s8z
RoPYNamS52o=
=d9yE
-----END PGP SIGNATURE-----