[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update

2012-02-0512:46:59

lists.debian.org

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.8%

JSON

Debian Security Advisory DSA-2404-1 [email protected]
http://www.debian.org/security/ Florian Weimer
February 05, 2012 http://www.debian.org/security/faq

Package : xen-qemu-dm-4.0
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0029

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
network interface card of QEMU, which is used in the xen-qemu-dm-4.0
packages. This vulnerability might enable to malicious guest systems
to crash the host system or escalate their privileges.

The old stable distribution (lenny) does not contain the
xen-qemu-dm-4.0 package.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-2+squeeze1.

The testing distribution (wheezy) and the unstable distribution (sid)
will be fixed soon.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6allxen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_all.deb
Debian6amd64xen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_amd64.deb
Debian6amd64qemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6i386kvm< 1:0.12.5+dfsg-5+squeeze8kvm_1:0.12.5+dfsg-5+squeeze8_i386.deb
Debian6amd64qemu-kvm-dbg< 0.12.5+dfsg-5+squeeze8qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6amd64kvm< 1:0.12.5+dfsg-5+squeeze8kvm_1:0.12.5+dfsg-5+squeeze8_amd64.deb
Debian6allqemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_all.deb
Debian6i386qemu-kvm-dbg< 0.12.5+dfsg-5+squeeze8qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
Debian6i386qemu-kvm< 0.12.5+dfsg-5+squeeze8qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Debian6i386xen-qemu-dm-4.0< 4.0.1-2+squeeze1xen-qemu-dm-4.0_4.0.1-2+squeeze1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_all.deb
Debian	6	amd64	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_amd64.deb
Debian	6	amd64	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	i386	kvm	< 1:0.12.5+dfsg-5+squeeze8	kvm_1:0.12.5+dfsg-5+squeeze8_i386.deb
Debian	6	amd64	qemu-kvm-dbg	< 0.12.5+dfsg-5+squeeze8	qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	amd64	kvm	< 1:0.12.5+dfsg-5+squeeze8	kvm_1:0.12.5+dfsg-5+squeeze8_amd64.deb
Debian	6	all	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_all.deb
Debian	6	i386	qemu-kvm-dbg	< 0.12.5+dfsg-5+squeeze8	qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
Debian	6	i386	qemu-kvm	< 0.12.5+dfsg-5+squeeze8	qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Debian	6	i386	xen-qemu-dm-4.0	< 4.0.1-2+squeeze1	xen-qemu-dm-4.0_4.0.1-2+squeeze1_i386.deb