1
PublicDateAtUSN: 2013-10-04
2
Candidate: CVE-2013-4344
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344
6
http://www.openwall.com/lists/oss-security/2013/10/02/2
7
http://thread.gmane.org/gmane.comp.emulators.qemu/237161
9
https://usn.ubuntu.com/usn/usn-2092-1
11
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a
12
SCSI controller has more than 256 attached devices, allows local users to
13
gain privileges via a small transfer buffer in a REPORT LUNS command.
16
mdeslaur> needs the admin to configure more than 256 scsi devices,
17
mdeslaur> downgrading to low
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725944
21
Discovered-by: Asias He
25
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
26
upstream_qemu-kvm: needs-triage
27
lucid_qemu-kvm: not-affected (code not present)
28
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.13)
29
quantal_qemu-kvm: released (1.2.0+noroms-0ubuntu2.12.10.6)
35
upstream: http://article.gmane.org/gmane.comp.emulators.qemu/237163
36
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
37
upstream_qemu: needs-triage
41
raring_qemu: ignored (reached end-of-life)
42
saucy_qemu: released (1.5.0+dfsg-3ubuntu5.3)
43
devel_qemu: not-affected (1.7.0+dfsg-2ubuntu5)
46
upstream_xen-3.3: needs-triage
47
lucid_xen-3.3: not-affected (code not present)
55
upstream_xen: needs-triage
57
precise_xen: not-affected (code not present)
58
quantal_xen: not-affected (code not present)
59
raring_xen: not-affected (code not present)
60
saucy_xen: not-affected (code not present)
61
devel_xen: not-affected (code not present)