Debian Security Advisory
DLA-539-1 qemu-kvm -- LTS security update
- Date Reported:
- 01 Jul 2016
- Affected Packages:
- qemu-kvm
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-3710, CVE-2016-3712.
- More information:
-
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests.
- CVE-2016-3710
Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
- CVE-2016-3712
Zuozhi Fzz of Alibaba Inc discovered potential integer overflow or out-of-bounds read access issues in the QEMU VGA module. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
For Debian 7
Wheezy
, these problems have been fixed in version 1.1.2+dfsg-6+deb7u13.We recommend that you upgrade your qemu-kvm packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2016-3710