Security Information / 2012 / Security Information -- DSA-2404-1 xen-qemu-dm-4.0

Debian Security Advisory

DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow

Date Reported:

05 Feb 2012

Affected Packages:

xen-qemu-dm-4.0

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0029.

More information:

Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.

The old stable distribution (lenny) does not contain the xen-qemu-dm-4.0 package.

For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1.

The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.