Debian Security Advisory
DSA-2270-1 qemu-kvm -- programming error
- Date Reported:
- 01 Jul 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 631975.
In Mitre's CVE dictionary: CVE-2011-2512.
- More information:
It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service or the execution of arbitrary code.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze4.
For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-2.
We recommend that you upgrade your qemu-kvm packages.