Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.
Category Archives: Debian
Debian Security Advisories
DSA-3089 jasper – security update
Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.
DSA-3086 tcpdump – security update
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service, leaking sensitive information from memory or, potentially,
execution of arbitrary code.
DSA-3085 wordpress – security update
Multiple security issues have been discovered in WordPress, a web
blogging tool, resulting in denial of service or information disclosure.
More information can be found in the upstream advisory at
DSA-3084 openvpn – security update
Dragana Damjanovic discovered that an authenticated client could crash
an OpenVPN server by sending a control packet containing less than
four bytes as payload.
DSA-3082 flac – security update
Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.
DSA-3083 mutt – security update
A flaw was discovered in mutt, a text-based mailreader. A specially
crafted mail header could cause mutt to crash, leading to a denial of
service condition.
DSA-3081 libvncserver – security update
Several vulnerabilities have been discovered in libvncserver, a library to
implement VNC server functionality. These vulnerabilities might result in the
execution of arbitrary code or denial of service in both the client and the
server side.
DSA-3080 openjdk-7 – security update
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.
DSA-3079 ppp – security update
A vulnerability was discovered in ppp, an implementation of the
Point-to-Point Protocol: an integer overflow in the routine
responsible for parsing user-supplied options potentially allows a
local attacker to gain root privileges.