Source: qemu Version: 1.2.0+dfsg-1 Severity: important Tags: security patch upstream
CVE-2015-8613 has been reported against qemu. http://www.openwall.com/lists/oss-security/2015/12/21/7 : Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could use this flaw to crash the Qemu process instance resulting in DoS. megasas emulated device has been introduced in qemu version 1.2. _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
