Source: qemu Version: 1.3.0+dfsg-1 Severity: important Tags: security patch upstream
CVE-2015-8619 has been reported against qemu: Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size. A user/process could use this flaw to crash the Qemu process instance resulting in DoS. The function hmp_sendkey, together with this vulnerability, has been introduced upstream past 1.2.0 version (e4c8f004c55d9da3eae3e14df740238bf805b5d6). _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
