From Mageia wiki
Jump to: navigation, search

MGASA-2013-0025

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated qemu-kvm packages fix security vulnerability:

It was discovered that the e1000 emulation code in QEMU does not enforce
frame size limits in the same way as the real hardware does. This could
trigger buffer overflows in the guest operating system driver for that
network card, assuming that the host system does not discard such frames
(which it will by default) (CVE-2012-6075).


Updated Packages:
i586:
qemu-1.0-6.3.mga2.i586.rpm
qemu-img-1.0-6.3.mga2.i586.rpm
qemu-debug-1.0-6.3.mga2.i586.rpm

x86_64:
qemu-1.0-6.3.mga2.x86_64.rpm
qemu-img-1.0-6.3.mga2.x86_64.rpm
qemu-debug-1.0-6.3.mga2.x86_64.rpm

SRPMS:
qemu-1.0-6.3.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
http://www.debian.org/security/2013/dsa-2607
https://bugs.mageia.org/show_bug.cgi?id=8715