Debian Security Advisory
DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow
- Date Reported:
- 05 Feb 2012
- Affected Packages:
- xen-qemu-dm-4.0
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0029.
- More information:
-
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
The old stable distribution (lenny) does not contain the xen-qemu-dm-4.0 package.
For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1.
The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.