Univention Bugzilla – Bug 38669
qemu-kvm: multiple issues (3.2)
Last modified: 2015-06-22 20:49:55 CEST
+++ This bug was initially created as a clone of Bug #38668 +++ * Denial of service due to insecure temporary file use in /net/slirp.c (CVE-2015-4037) [minor]
* A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process (CVE-2015-3209)
Fixed in wheezy-security package version 1.1.2+dfsg-6+deb7u8. *** This bug has been marked as a duplicate of bug 33279 ***