[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3066-1 qemu -- qemu

ID: oval:org.secpod.oval:def:601830Date: (C)2014-11-14   (M)2023-12-07
Class: PATCHFamily: unix




Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest"s VNC console could use this flaw to crash the guest.

Platform:
Debian 7.0
Product:
qemu
Reference:
DSA-3066-1
CVE-2014-3689
CVE-2014-7815
CVE    2
CVE-2014-3689
CVE-2014-7815
CPE    2
cpe:/a:qemu:qemu
cpe:/o:debian:debian_linux:7.x

© SecPod Technologies