Debian DLA-1128-1 : qemu-kvm security update

Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-14167 Incorrect validation of multiboot headers could result in the execution of arbitrary code. CVE-2017-15038 When using...

[SECURITY] [DLA 1128-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u24 CVE ID : CVE-2017-14167 CVE-2017-15038 Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-14167 Incorrect validation of...

DEBIAN-CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

CVE-2017-14167

CVE-2017-14167 affects QEMU’s multiboot header handling in the PC System Emulator. An integer overflow in the load_multiboot function can cause an out-of-bounds access/write when processing multiboot headers, which local guest users could leverage to execute arbitrary code on the host. Public ref...