Security Information / 2011 / Security Information -- DSA-2270-1 qemu-kvm

Debian Security Advisory

DSA-2270-1 qemu-kvm -- programming error

Date Reported:

01 Jul 2011

Affected Packages:

qemu-kvm

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 631975.
In Mitre's CVE dictionary: CVE-2011-2512.

More information:

It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service or the execution of arbitrary code.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze4.

For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-2.

We recommend that you upgrade your qemu-kvm packages.