Advisories » MGASA-2013-0341

Updated qemu package fixes security vulnerability

Publication date: 22 Nov 2013
Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4344

Description

A buffer overflow flaw was found in the way QEMU processed the SCSI
"REPORT LUNS" command when more than 256 LUNs were specified for a single
SCSI target. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, which could potentially result in arbitrary
code execution on the host with the privileges of the QEMU process
(CVE-2013-4344).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11422
• https://rhn.redhat.com/errata/RHSA-2013-1553.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344

SRPMS

2/core

• qemu-1.0-6.6.mga2

3/core

• qemu-1.2.0-8.3.mga3