[SECURITY] [DSA 2396-1] qemu-kvm security update

2012-01-2718:37:10

lists.debian.org

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.8%

JSON

Debian Security Advisory DSA-2396-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2012 http://www.debian.org/security/faq

Package : qemu-kvm
Vulnerability : buffer underflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0029

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
network interface card of KVM, a solution for full virtualization on
x86 hardware, which could result in denial of service or privilege
escalation.

This update also fixes a guest-triggerable memory corruption in
VNC handling.

For the stable distribution (squeeze), this problem has been fixed in
version 0.12.5+dfsg-5+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 1.0+dfsg-5.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6amd64qemu-kvm-dbg< 0.12.5+dfsg-5+squeeze8qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6i386qemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Debian6allxen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_all.deb
Debian6amd64kvm< 1:0.12.5+dfsg-5+squeeze8kvm_1:0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6amd64qemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6allqemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_all.deb
Debian6amd64xen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_amd64.deb
Debian6i386xen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_i386.deb
Debian6i386qemu-kvm-dbg< 0.12.5+dfsg-5+squeeze8qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
Debian6i386kvm< 1:0.12.5+dfsg-5+squeeze8kvm_1:0.12.5+dfsg-5+squeeze8_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	amd64	qemu-kvm-dbg	< 0.12.5+dfsg-5+squeeze8	qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	i386	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Debian	6	all	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_all.deb
Debian	6	amd64	kvm	< 1:0.12.5+dfsg-5+squeeze8	kvm_1:0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	amd64	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	all	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_all.deb
Debian	6	amd64	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_amd64.deb
Debian	6	i386	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_i386.deb
Debian	6	i386	qemu-kvm-dbg	< 0.12.5+dfsg-5+squeeze8	qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
Debian	6	i386	kvm	< 1:0.12.5+dfsg-5+squeeze8	kvm_1:0.12.5+dfsg-5+squeeze8_i386.deb