[SECURITY] [DLA 249-1] qemu-kvm security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 249-1] qemu-kvm security update
From: Michael Banck <michael.banck@credativ.de>
Date: Fri, 19 Jun 2015 17:19:48 +0200
Message-id: <[🔎] 20150619151948.GK8300@raptor.chemicalconnection.dyndns.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : qemu-kvm
Version        : 0.12.5+dfsg-5+squeeze11
CVE ID         : CVE-2015-3456

A vulnerability was discovered in the qemu virtualisation solution:

CVE-2015-3456

    Jason Geffner discovered a buffer overflow in the emulated floppy
    disk drive, resulting in the potential execution of arbitrary code.

Despite the end-of-life of qemu-kvm support in the old-oldstable
distribution (squeeze-lts), this problem has been fixed in version
0.12.5+dfsg-5+squeeze11 of the qemu-kvm source package due to its
severity (the so-called VENOM vulnerability).

Further problems may still be present in the qemu-kvm package in the
old-oldstable distribution (squeeze-lts) and users who need to rely on
qemu-kvm are encouraged to upgrade to a newer version of Debian.

We recommend that you upgrade your qemu-kvm packages.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 248-1] qemu security update
Next by Date: [SECURITY] [DLA 250-1] libclamunrar security update
Previous by thread: [SECURITY] [DLA 248-1] qemu security update
Next by thread: [SECURITY] [DLA 250-1] libclamunrar security update
Index(es):
- Date
- Thread