[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3044-1] qemu-kvm security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3044-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 04, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 
                 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223
                 CVE-2014-3615 CVE-2014-3640

Several vulnerabilities were discovered in qemu-kvm, a full 
virtualization solution on x86 hardware: 

* Various security issues have been found in the block qemu drivers. 
  Malformed disk images might result in the execution of arbitrary code.
* A NULL pointer dereference in SLIRP may result in denial of service
* An information leak was discovered in the VGA emulation

For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6+deb7u4.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUMEnFAAoJEBDCk7bDfE42S0IQAI0GiUzZAZs8X6pOR06uRvwM
gOJSOBjbP6cvFUrQIXNAckjGeBxvLt1aI+wM8grGVw2GRJZgg1cfUsSrq8aPhaUn
rwJQHLYqJrgqBR5LA8bVvSBZMugGIMMh1s2ta9aCL2+kzAXdVYjHBGnud40MlLlc
rYmj7cuL2TsgVdlFDmlChWFXSfSEJe1Kf2vxtBDXWx8BjSFIbHz0W+UKXgsUenXe
IUtglp9Kch1HJteeOXWNDF2rS5YLdbPBR86nQo51au9G3g1IzuY9/kalUjYuB8AU
gHfMkH6qpkc+QfxJBB+KnB0d9zE5Zl4rXxqMUCvgcDmv2uKGmGoGPqXw9Oz833az
o8M/+NtvdLlqW4FXiAAM89o0SovE8N/Hnzu65p0mCaVzwL2Wt1iUYMfvNsqSHTnX
1cCF4eggILabE9yuwmX0CX+J7zrOHPuN+zHZgX67urXDp+uSpxCyp/M+SssP1XpP
jn9bizH2mbDdVek6J/W5vyQWIjpKsaNrcNLL7igyBm0OCSesOxhb4Kx47RZRtXpV
K0DSVqQ8UovOZt4otoLe5+tjk/WIM2/O2n5u44W6awzmOW+Isb8SOLl+L/3SwrEQ
YEMpqrCIb05P1jgnRBi6Rak7pP2kNZWFxvkQ4fIiRCn1ifKcWXrCBbOZ2zfE6W1Y
4WK4Zu8toz5YnAnN+FEa
=84ai
-----END PGP SIGNATURE-----


Reply to: