Debian Security Advisory

DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow

Date Reported:
05 Feb 2012
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2012-0029.
More information:

Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.

The old stable distribution (lenny) does not contain the xen-qemu-dm-4.0 package.

For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1.

The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.