[SECURITY] Fedora 8 Update: qemu-0.9.0-6.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Feb 26 00:27:48 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-1995
2008-02-25 22:16:48
--------------------------------------------------------------------------------

Name        : qemu
Product     : Fedora 8
Version     : 0.9.0
Release     : 6.fc8
URL         : http://www.qemu.org/
Summary     : QEMU is a FAST! processor emulator
Description :
QEMU is a generic and open source processor emulator which achieves a good
emulation speed by using dynamic translation. QEMU has two operating modes:

 * Full system emulation. In this mode, QEMU emulates a full system (for
   example a PC), including a processor and various peripherials. It can be
   used to launch different Operating Systems without rebooting the PC or
   to debug system code.
 * User mode emulation. In this mode, QEMU can launch Linux processes compiled
   for one CPU on another CPU.

As QEMU requires no host kernel patches to run, it is safe and easy to use.

--------------------------------------------------------------------------------
Update Information:

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices
can result in accesses to emulator's virtual memory space accesses and thus can
allow user with sufficient privilege in guest (root, as this would need
modification to kernel's driver) to break out of VM.    http://marc.info/?l
=debian-security&m=120343592917055&w=2
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 23 2008 Daniel P. Berrange <berrange at redhat.com> - 0.9.0-6.fc8
- Fix block device extents check (rhbz #433560)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #433560 - Qemu insufficient block device address range checking
        https://bugzilla.redhat.com/show_bug.cgi?id=433560
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qemu' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list