MGASA-2013-0025
Date: | February 6th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated qemu-kvm packages fix security vulnerability:
It was discovered that the e1000 emulation code in QEMU does not enforce
frame size limits in the same way as the real hardware does. This could
trigger buffer overflows in the guest operating system driver for that
network card, assuming that the host system does not discard such frames
(which it will by default) (CVE-2012-6075).
Updated Packages:
i586:
qemu-1.0-6.3.mga2.i586.rpm
qemu-img-1.0-6.3.mga2.i586.rpm
qemu-debug-1.0-6.3.mga2.i586.rpm
x86_64:
qemu-1.0-6.3.mga2.x86_64.rpm
qemu-img-1.0-6.3.mga2.x86_64.rpm
qemu-debug-1.0-6.3.mga2.x86_64.rpm
SRPMS:
qemu-1.0-6.3.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
http://www.debian.org/security/2013/dsa-2607
https://bugs.mageia.org/show_bug.cgi?id=8715