Debian Security Advisory
DSA-2396-1 qemu-kvm -- buffer underflow
- Date Reported:
- 27 Jan 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0029.
- More information:
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
This update also fixes a guest-triggerable memory corruption in VNC handling.
For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze8.
For the unstable distribution (sid), this problem has been fixed in version 1.0+dfsg-5.
We recommend that you upgrade your qemu-kvm packages.