GLSA-200711-21 : Bochs: Multiple vulnerabilities
High Nessus Plugin ID 28260
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200711-21 (Bochs: Multiple vulnerabilities)
Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also discovered a divide-by-zero error in the emulated floppy disk controller (CVE-2007-2894).
A local attacker in the guest operating system could exploit these issues to execute code outside of the virtual machine, or cause Bochs to crash.
There is no known workaround at this time.
SolutionAll Bochs users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/bochs-2.3'