From Mageia wiki
Jump to: navigation, search

MGASA-2012-0263

Date: September 9th, 2012
Affected releases: 1, 2


Description:
Updated qemu-kvm packages fix security vulnerability:

A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host (CVE-2012-3515).


Updated Packages:
Mageia 1:
qemu-0.14.0-5.3.mga1
qemu-img-0.14.0-5.3.mga1

Mageia 2:
qemu-1.0-6.2.mga2
qemu-img-1.0-6.2.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
https://rhn.redhat.com/errata/RHSA-2012-1234.html
https://bugs.mageia.org/show_bug.cgi?id=7367