-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:257 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qemu Date : October 5, 2009 Affected: 2009.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 57bef154e8cd25b642dce57763e16554 2009.0/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.i586.rpm 329a667ed2903819014161849d344861 2009.0/i586/qemu-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm db1ca03164a5ff2de841c4037c450bd6 2009.0/i586/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm 93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8ac6d994096bf85f3e4b4e708148e13c 2009.0/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.x86_64.rpm 2f8acf7a55e0c6e68a41da161c28d8e8 2009.0/x86_64/qemu-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm 5dd666c65695a3a3db651455e735d5df 2009.0/x86_64/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm 93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm Mandriva Enterprise Server 5: 3438296928c91d6622555fc99b1f351a mes5/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.i586.rpm 37c18d0d549fc3820f010b11dc59fabf mes5/i586/qemu-0.9.1-0.r5137.1.2mdvmes5.i586.rpm e53fcf1dac65b13c16dbdc78dcb05ecd mes5/i586/qemu-img-0.9.1-0.r5137.1.2mdvmes5.i586.rpm b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 2969010fc07ede667a6638a2826aa2fc mes5/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.x86_64.rpm ef9508b52fc4f1f16e077d37f34ea63c mes5/x86_64/qemu-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm cccc034235886f9799bda18d9e8018e4 mes5/x86_64/qemu-img-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKy4clmqjQ0CJFipgRAnk+AJ9LASPFW6fXHJ0sDZUT9RbJo8Wt/QCg5+NK R/D7OiJge6nzf7peU/UWjuQ= =S5Q3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/