Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Debian: DSA-2404-1 Moderate: QEMU Buffer Overflow Threat

debian
Calendar Grey February 5, 2012
Debian Logo
Buffer overflow in QEMU's emulated e1000e can endanger Debian, permitting guest users to gain elevated rights and cause system failures.
Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages
Topics%20covered

Topics Covered

security advisory buffer overflow Debian moderate severity network interface QEMU guest escalation

Summary

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
network interface card of QEMU, which is used in the xen-qemu-dm-4.0
packages. This vulnerability might enable to malicious guest systems
to crash the host system or escalate their privileges.

The old stable distribution (lenny) does not contain the
xen-qemu-dm-4.0 package.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-2+squeeze1.

The testing distribution (wheezy) and the unstable distribution (sid)
will be fixed soon.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/



Package: xen-qemu-dm-4.0
CVE ID: CVE-2012-0029

Topics%20covered

Topics Covered

security advisory buffer overflow Debian moderate severity network interface QEMU guest escalation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here