Bug#823830: qemu: CVE-2016-3710 CVE-2016-3712

[Cristian Aires]

thx

On Tue, May 17, 2016 at 3:40 AM, Geert Stappers <stapp...@stappers.nl>
wrote:

> On Mon, May 16, 2016 at 05:04:29PM -0300, Cristian Aires wrote:
> > On Mon, 09 May 2016 14:22:37 +0200 Salvatore Bonaccorso wrote:
> > >
> > > For further information see:
> > >
> > > [0] https://security-tracker.debian.org/tracker/CVE-2016-3710
> > > [1] https://security-tracker.debian.org/tracker/CVE-2016-3712
> > > [2] http://xenbits.xen.org/xsa/advisory-179.html
> > >
> >
> > All types of video models are affected?
> >
>
> In [2] is a section vulnerable systems, which answers your question.
>
>
> Groeten
> Geert Stappers
>
> P.S.
> Visit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823830
> to see the noise that is generated by top quoting.
>
> Please reply below the text.
> So make reading in the discussion order possible.
> Thanks.
>



-- 

*Cristian Aires*
Infraestrutura
(51) 3301.1432 - (51) 9994.3218
www.Under.com.br <http://www.under.com.br/>

Bug#823830: qemu: CVE-2016-3710 CVE-2016-3712

[Cristian Aires]

Hello,

All types of video models are affected?

The default is cirrus.

On Mon, 09 May 2016 14:22:37 +0200 Salvatore Bonaccorso 
wrote:
> Source: qemu
> Version: 2.1+dfsg-1
> Severity: grave
> Tags: security upstream
>
> Hi,
>
> the following vulnerabilities were published for qemu.
>
> CVE-2016-3710[0]:
> incorrect banked access bounds checking in vga module
>
> CVE-2016-3712[1]:
> Out-of-bounds read when creating weird vga screen surface
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-3710
> [1] https://security-tracker.debian.org/tracker/CVE-2016-3712
> [2] http://xenbits.xen.org/xsa/advisory-179.html
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
>