Updated qemu package fixes security vulnerability
Publication date: 22 Nov 2013Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4344
Description
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2013-4344).
References
SRPMS
2/core
- qemu-1.0-6.6.mga2
3/core
- qemu-1.2.0-8.3.mga3