kvm - several vulnerabilities

Several vulnerabilities have been discovered in kvm, a full virtualization system.
The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2009-3638
  It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid
  function. This allows local users to have an unspecified impact via a
  KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
• CVE-2009-3722
  It was discovered that the handle_dr function in the KVM subsystem does not
  properly verify the Current Privilege Level (CPL) before accessing a debug
  register, which allows guest OS users to cause a denial of service (trap) on the
  host OS via a crafted application.
• CVE-2009-4031
  It was discovered that the do_insn_fetch function in the x86 emulator in the KVM
  subsystem tries to interpret instructions that contain too many bytes to be
  valid, which allows guest OS users to cause a denial of service (increased
  scheduling latency) on the host OS via unspecified manipulations related to SMP
  support.

For the stable distribution (lenny), these problems have been fixed in version
72+dfsg-5~lenny4.

For the testing distribution (squeeze), and the unstable distribution (sid),
these problems will be fixed soon.

We recommend that you upgrade your kvm package.