Mandriva Linux Security Advisory 2009-257 - Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. The updated packages have been patched to prevent this.
be48ee1c71c8dd6c4fb363c3fa58f5695a47fce884c18f36e0bc083481cc2dc9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:257
http://www.mandriva.com/security/
_______________________________________________________________________
Package : qemu
Date : October 5, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Qemu 0.9.1 and earlier does not perform range checks for block
device read or write requests, which allows guest host users with
root privileges to access arbitrary memory and escape the virtual
machine. (CVE-2008-0928)
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
57bef154e8cd25b642dce57763e16554 2009.0/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.i586.rpm
329a667ed2903819014161849d344861 2009.0/i586/qemu-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm
db1ca03164a5ff2de841c4037c450bd6 2009.0/i586/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm
93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
8ac6d994096bf85f3e4b4e708148e13c 2009.0/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.x86_64.rpm
2f8acf7a55e0c6e68a41da161c28d8e8 2009.0/x86_64/qemu-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm
5dd666c65695a3a3db651455e735d5df 2009.0/x86_64/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm
93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm
Mandriva Enterprise Server 5:
3438296928c91d6622555fc99b1f351a mes5/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.i586.rpm
37c18d0d549fc3820f010b11dc59fabf mes5/i586/qemu-0.9.1-0.r5137.1.2mdvmes5.i586.rpm
e53fcf1dac65b13c16dbdc78dcb05ecd mes5/i586/qemu-img-0.9.1-0.r5137.1.2mdvmes5.i586.rpm
b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
2969010fc07ede667a6638a2826aa2fc mes5/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.x86_64.rpm
ef9508b52fc4f1f16e077d37f34ea63c mes5/x86_64/qemu-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm
cccc034235886f9799bda18d9e8018e4 mes5/x86_64/qemu-img-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm
b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKy4clmqjQ0CJFipgRAnk+AJ9LASPFW6fXHJ0sDZUT9RbJo8Wt/QCg5+NK
R/D7OiJge6nzf7peU/UWjuQ=
=S5Q3
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed