Mageia Advisory: MGASA-2015-0220 - Updated qemu packages fix CVE-2015-3456

Updated qemu packages fix CVE-2015-3456

Publication date: 13 May 2015
Modification date: 13 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3456

Description

Updated qemu packages fix security vulnerability:

An out-of-bounds memory access flaw was found in the way QEMU's virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest
(CVE-2015-3456).

References

https://bugs.mageia.org/show_bug.cgi?id=15929
https://rhn.redhat.com/errata/RHSA-2015-0999.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456

SRPMS

4/core

qemu-1.6.2-1.10.mga4

Advisories » MGASA-2015-0220

Updated qemu packages fix CVE-2015-3456

Description

References

SRPMS

4/core