Advisory from SecurityFocus, the vendor neutral website which provides a wide range of security-related information.
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.
Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.
QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.QEMU 0.9.0 is vulnerable; other versions may also be affected.
A vulnerability discovered in Mozilla’s Thunderbird email client, affecting both Linux and Windows users, has been fixed with version 2.0.0.12
{ 0 comments… add one now }