Source: qemu Version: 1:2.6+dfsg-3.1 Severity: normal Tags: security upstream
Hi, the following vulnerability was published for qemu. CVE-2016-7907[0]: | The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick | Emulator) does not properly limit the buffer descriptor count when | transmitting packets, which allows local guest OS administrators to | cause a denial of service (infinite loop and QEMU process crash) via | vectors involving a buffer descriptor with a length of 0 and crafted | values in bd.flags. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7907 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
