MDVSA-2009:008

Package name

qemu

Date

2009-01-14

Advisory ID

MDVSA-2009:008

Affected versions

2009.0 x86_64 , 2009.0 i586

Problem description

Security vulnerabilities have been discovered and corrected in
VNC server of qemu version 0.9.1 and earlier, which could lead to
denial-of-service attacks (CVE-2008-2382), and make it easier for
remote crackers to guess the VNC password (CVE-2008-5714).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 99f7c6b4de73bcab46664c90ae6edc50  2009.0/x86_64/dkms-kqemu-1.4.0-0.pre1.0.1mdv2009.0.x86_64.rpm
 a22b95b6a4673f1300742b4777c4149b  2009.0/x86_64/qemu-0.9.1-0.r5137.1.1mdv2009.0.x86_64.rpm
 502371419a98b187c9db90e4217242de  2009.0/x86_64/qemu-img-0.9.1-0.r5137.1.1mdv2009.0.x86_64.rpm 
 5a32fdf2019085e4c3d386bad34b1900  2009.0/SRPMS/qemu-0.9.1-0.r5137.1.1mdv2009.0.src.rpm

2009.0 i586

 502c50a55fdb3e3e8ab0456be79a08b1  2009.0/i586/dkms-kqemu-1.4.0-0.pre1.0.1mdv2009.0.i586.rpm
 bf48619b2f7cb0275d379682a4795dc1  2009.0/i586/qemu-0.9.1-0.r5137.1.1mdv2009.0.i586.rpm
 4fb74c4d8356442ccd9c6ddd063f4191  2009.0/i586/qemu-img-0.9.1-0.r5137.1.1mdv2009.0.i586.rpm 
 5a32fdf2019085e4c3d386bad34b1900  2009.0/SRPMS/qemu-0.9.1-0.r5137.1.1mdv2009.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5714
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382