Debian Security Advisory

DSA-3262-1 xen -- security update

Date Reported:
18 May 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-3456.
More information:

Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.

For the oldstable distribution (wheezy), this problem has been fixed in version 4.1.4-3+deb7u6.

The stable distribution (jessie) is already fixed through the qemu update provided as DSA-3259-1.

We recommend that you upgrade your xen packages.