Source: qemu Version: 2.1+dfsg-1 Severity: important Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for qemu. CVE-2016-5126[0]: | Heap-based buffer overflow in the iscsi_aio_ioctl function in | block/iscsi.c in QEMU allows local OS guest users to cause a denial of | service (QEMU process crash) or possibly execute arbitrary code via a | crafted iSCSI asynchronous I/O ioctl call. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5126 [1] http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1340924 Regards, Salvatore
