[Secure-testing-team] Bug#686973: VT100 emulation vulnerability (CVE-2012-3515, XSA-17)
Michael Tokarev
mjt at tls.msk.ru
Fri Sep 7 19:58:37 UTC 2012
Source: qemu
Version: 0.12.5+dfsg-3squeeze1
Severity: grave
Tags: security upstream patch
All versions of qemu (and qemu-kvm) since 2004 have a flaw in handling
VT100 escape sequences when emulating some devices with a virtual console
backend.
More information can be found at redhat bugreport there:
https://bugzilla.redhat.com/show_bug.cgi?id=851252
and Xen Security Advisory at http://seclists.org/oss-sec/2012/q3/381 .
This issue has been fixed in upstream version 1.1.2 (and 1.2.0),
and affects all current versions of Debian. I'll prepare the
security fixes in the nearest future.
/mjt
More information about the Secure-testing-team
mailing list