Mandrake Security Advisory MDVSA-2009:008 (qemu) Network Vulnerability

Summary

The remote host is missing an update to qemu announced via advisory MDVSA-2009:008.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:008

Insight

Security vulnerabilities have been discovered and corrected in VNC server of qemu version 0.9.1 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. Affected: 2009.0

Severity

Classification

CVE CVE-2008-2382, CVE-2008-5714
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:132 (libsndfile)
Mandrake Security Advisory MDVSA-2009:088 (wireshark)
Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Mandrake Security Advisory MDVSA-2009:036 (python)

Take action and discover your vulnerabilities