{"id":997,"date":"2015-05-15T01:24:50","date_gmt":"2015-05-15T01:24:50","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=997"},"modified":"2015-05-15T01:24:50","modified_gmt":"2015-05-15T01:24:50","slug":"how-to-patch-venom-vulnerability-cve-2015-3456-on-linux","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=997","title":{"rendered":"How to Patch VENOM Vulnerability [CVE-2015-3456] on Linux"},"content":{"rendered":"

Recently a new vulnerability known as VENOM<\/strong> discover by Jason GeFFner<\/strong><\/em> \u00a0a buffer overflow vulnerability affecting the Floppy Disk Controller emulation<\/em> and this bug FDC<\/em> mostly affected are virtualization platforms and applications including KVM,, Virtualbox ,Xen and\u00a0native QEMU client<\/em>
\nWhat is the VENOM security bug (CVE-2015-3456)?<\/strong>
\nAn out-of-bounds memory access flaw was found in the way QEMU’s virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the hosting QEMU process.
\nHow was the Venom vulnerability discovered?<\/strong>
\nJason Geffner, CrowdStrike Senior Security Researcher, discovered the vulnerability while performing a security review of virtual machine hypervisors.\u00a0After verifying the vulnerability, CrowdStrike responsibly disclosed VENOM to the QEMU Security Contact List, Xen Security mailing list, Oracle security mailing list, and the Operating System Distribution Security mailing list on April 30, 2015.
\nA list of affected Linux distrobutions:<\/strong>
\nUbuntu:<\/strong><\/p>\n