Debian Security Advisory DSA 1284-1 securitydebian.org http://www.debian.org/security/ Moritz Muehlenhoff May 1st, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : qemu Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1320 Tavis Ormandy discovered that a memory management routine of the Cirrus video driver performs insufficient bounds checking, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1321 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1322 Tavis Ormandy discovered that the "icebp" instruction can be abused to terminate the emulation, resulting in denial of service. CVE-2007-1323 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1366 Tavis Ormandy discovered that the "aam" instruction can be abused to crash qemu through a division by zero, resulting in denial of service. For the oldstable distribution (sarge) these problems have been fixed in version 0.6.1+20050407-1sarge1. For the stable distribution (etch) these problems have been fixed in version 0.8.2-4etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your qemu packages.
*** Bug 176955 has been marked as a duplicate of this bug. ***
lu_zero please advise and bump as necessary.
qemu-0.9 is in portage, I'd advise to use it since it has also major feature and performance improvements.
Thx Luca. Arches please test and mark stable. Target keywords are: qemu-0.9.0.ebuild:KEYWORDS="amd64 ppc x86"
Stable on x86
@Luca: Can you handle the stabilization for ppc, please?
ppc done
amd64 stable, last arch
This one is ready for GLSA decision. I tend to vote NO.
I vote no.
I tend to vote NO.
i vote Yes (buffer overflows -> B2 or B1, i don't really understand why you have voted no)
I'm not familiar with qemu. If they use the NE2000 and the Cirrus by default for virtualization I would vote yes. I assumed that you needed the hardware...
Closing with [noglsa] since most of votes are No. Feel free to reopen if you disagree.
