DSA-2545-1 qemu -- multipleID: oval:org.secpod.oval:def:600883 | Date: (C)2012-09-13 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks due to a race condition. CVE-2012-3515: QEMU does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of QEMU and escalate privileges to that of the qemu process.