[Slackbuilds-users] Security Advisories for QEMU and MUMBLE/MURMUR

King Beowulf kingbeowulf at gmail.com
Fri Jun 12 05:21:24 UTC 2015


Willy tweeted me to qemu CVE-2015-3209, Heap overflow in QEMU PCNET
controller, allowing guest->host escape.  This is easy to mitigate:
don't use pcnet! ;-)

I'll send in an update this weekend.  But, reeaallyy, you should be
using virtio-net-pci ...

(1) http://xenbits.xen.org/xsa/advisory-135.html
(2) http://securitytracker.com/id/1032546

mumble-1.2.9 maintenance release fixes various bugs, updates
dependencies, and adds new functionality.  The current slackbuild
*should* work OOTB on 14.1 updated to latest patches as of today, but
here may be an issue with the new TLS 1.2 functionality (see (1))

I'll test as soon as my build VMs are updated this weekend.

(1) http://blog.mumble.info/mumble-1-2-9/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20150611/fdee1cee/attachment.asc>

More information about the SlackBuilds-users mailing list