Release date:
Updated on:
Affected Systems:
QEMU 0.6-1.7.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66821
CVE (CAN) ID: CVE-2014-0150
QEMU is an open source simulator software.
The buffer overflow vulnerability exists when the QEMU 0.6-1.7.1 virtio_net_handle_mac () function processes client MAC Address Table upgrade requests. authorized client users can exploit this vulnerability to damage the host qemu process memory, arbitrary code execution.
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
<* Source: Michael S. Tsirkin
Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2014-0150
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://fabrice.bellard.free.fr/qemu/
Http://article.gmane.org/gmane.comp.emulators.qemu/266713
QEMU details: click here
QEMU: click here