MGASA-2013-0341

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0341.html

Import Source

https://advisories.mageia.org/MGASA-2013-0341.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0341

Related

CVE-2013-4344

Published

2013-11-22T18:49:20Z

Modified

2013-11-22T18:49:14Z

Summary

Updated qemu package fixes security vulnerability

Details

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2013-4344).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / qemu

Package

Name: qemu
Purl: pkg:rpm/mageia/qemu?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0-6.6.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / qemu

Package

Name: qemu
Purl: pkg:rpm/mageia/qemu?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0-8.3.mga3

Ecosystem specific

{
    "section": "core"
}