[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU Various Vulnerabilities
|
From: |
Juergen Lock |
|
Subject: |
Re: [Qemu-devel] QEMU Various Vulnerabilities |
|
Date: |
Thu, 3 May 2007 21:22:08 +0200 (CEST) |
In article <address@hidden> Kirill A. Shutemov wrote:
>On [Wed, 02.05.2007 18:21], malc wrote:
>> On Wed, 2 May 2007, Kirill A. Shutemov wrote:
>>=20
>> >http://secunia.com/advisories/25073/
>> >
>> >Any comments ?
>>=20
>> AAM - http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
>> SB16/DMA - in attachment
>
>Thanks. Other Vulnerabilities?
Yesterday I added the debian security patch (90_security.patch from
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
) to the FreeBSD qemu ports (had to modify it slightly), cvsweb location
of the one for qemu 0.9.0 is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/patch-90_security
and the one for the 20070405 cvs snapshot is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-90_security
(I haven't checked if it still applies to today's cvs, but it might :)
I also disabled the -vmwarevga acceleration code because of the missing
range checks, cvsweb of that patch is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-hw-vmware_vga.c
HTH,
Juergen