thr3ads.net - Secure testing team - [Secure-testing-team] Bug#646118: CVE-2011-3346: buffer overflow in scsi subsystem [Oct 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Michael Tokarev

2011-Oct-21 14:54 UTC

[Secure-testing-team] Bug#646118: CVE-2011-3346: buffer overflow in scsi subsystem

Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: important
Tags: security upstream patch

CVE-2011-3346 flaw, as described in
https://bugzilla.redhat.com/show_bug.cgi?id=736038,
also affects qemu-kvm, as shipped in squeeze, testing/unstable and experimental.

The patch to fix this issue is available at:
 http://repo.or.cz/w/qemu.git/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
 http://repo.or.cz/w/qemu.git/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a

but both requires some backporting work (which I''m doing currently).

/mjt

Secure testing team - Oct 2011 - Bug#646118: CVE-2011-3346: buffer overflow in scsi subsystem

[Secure-testing-team] Bug#646118: CVE-2011-3346: buffer overflow in scsi subsystem