Overview

File _patchinfo of Package patchinfo.313

<patchinfo incident="313">
  <issue id="907805" tracker="bnc">VUL-0: CVE-2014-8106: qemu: cirrus: insufficient blit region checks</issue>
  <issue id="908380" tracker="bnc">qemu-img convert occassionally corrupts images</issue>
  <issue id="905097" tracker="bnc">VUL-0: qemu: CVE-2014-7840: Insufficient parameter validation during ram load</issue>
  <issue id="CVE-2014-7840" tracker="cve" />
  <issue id="CVE-2014-8106" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>bfrogers</packager>
  <description>
QEMU was updated to fix various bugs and security issues.

Following security issues were fixed:
CVE-2014-8106: Heap-based buffer overflow in the Cirrus VGA emulator
(hw/display/cirrus_vga.c) in QEMU allowed local guest users to execute
arbitrary code via vectors related to blit regions.

CVE-2014-7840: The host_from_stream_offset function in arch_init.c in
QEMU, when loading RAM during migration, allowed remote attackers to
execute arbitrary code via a crafted (1) offset or (2) length value in
savevm data.

Also a bug was fixed where qemu-img convert could occasionaly corrupt
images. (bsc#908380)
</description>
  <summary>Security update for qemu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places