----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Debian update for qemu

SECUNIA ADVISORY ID:
SA32335

VERIFY ADVISORY:
http://secunia.com/advisories/32335/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for qemu. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

The vulnerability is caused due to temporary files being created
insecurely and can be exploited to e.g. overwrite arbitrary files via
symlink attacks.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.dsc
Size/MD5 checksum: 1130 fd503742c9e3e64be60f8ff265f05edc
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz
Size/MD5 checksum: 1501979 312eebc1386cca2e9b30a40763ab9c0d
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.diff.gz
Size/MD5 checksum: 65528 6b47c99fa9e0e99e4af47d5417bc497b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_amd64.deb
Size/MD5 checksum: 3697974 1e88b4385a82864d386fe57608c8617a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_i386.deb
Size/MD5 checksum: 3676128 cd73888cc1915af94792085994b946e3

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_powerpc.deb
Size/MD5 checksum: 3578592 86133e0b1804cc53f78f8eb71779a337

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.9.1-6

ORIGINAL ADVISORY:
DSA-1657-1:
http://www.us.debian.org/security/2008/dsa-1657

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------