[ MDVSA-2015:210 ] qemu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:210
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : qemu
 Date    : April 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated qemu packages fix security vulnerabilities:
 
 A denial of service flaw was found in the way QEMU handled malformed
 Physical Region Descriptor Table (PRDT) data sent to the host's IDE
 and/or AHCI controller emulation. A privileged guest user could use
 this flaw to crash the system (rhbz#1204919).
 
 It was found that the QEMU's websocket frame decoder processed incoming
 frames without limiting resources used to process the header and the
 payload. An attacker able to access a guest's V

Leave a Reply