blob: feeca8ab0f6250400b42eb6875d83e56818c2697 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200711-21">
<title>Bochs: Multiple vulnerabilities</title>
Multiple vulnerabilities have been discovered in Bochs, possibly allowing
for the execution of arbitrary code or a Denial of Service.
<product type="ebuild">bochs</product>
<announced>November 17, 2007</announced>
<revised>November 17, 2007: 01</revised>
<package name="app-emulation/bochs" auto="yes" arch="*">
<unaffected range="ge">2.3</unaffected>
<vulnerable range="lt">2.3</vulnerable>
Bochs is a IA-32 (x86) PC emulator written in C++.
Tavis Ormandy of the Google Security Team discovered a heap-based
overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also
discovered a divide-by-zero error in the emulated floppy disk
controller (CVE-2007-2894).
<impact type="high">
A local attacker in the guest operating system could exploit these
issues to execute code outside of the virtual machine, or cause Bochs
to crash.
There is no known workaround at this time.
All Bochs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/bochs-2.3&quot;</code>
<uri link="">CVE-2007-2893</uri>
<uri link="">CVE-2007-2894</uri>
<metadata tag="requester" timestamp="Sat, 29 Sep 2007 14:10:20 +0000">
<metadata tag="bugReady" timestamp="Sat, 29 Sep 2007 14:11:15 +0000">
<metadata tag="submitter" timestamp="Thu, 01 Nov 2007 20:22:24 +0000">