AW: [SECURITY] [DSA 2910-1] qemu-kvm security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: AW: [SECURITY] [DSA 2910-1] qemu-kvm security update
From: "Schmitz, Wolfgang" <Wolfgang.Schmitz@fiz-karlsruhe.de>
Date: Tue, 22 Apr 2014 06:09:21 +0000
Message-id: <[🔎] 38FCBD1E7D877A49B48FADDD9B3B5BB801A1959044@kaex03.fiz-karlsruhe.de>
In-reply-to: <E1Wb2PO-0005px-4N@master.debian.org>
References: <E1Wb2PO-0005px-4N@master.debian.org>

Hallo Andy,

müssen wir auf dem Host ein Update einspielen?

Gruß
Wolfgang

> -----Ursprüngliche Nachricht-----
> Von: Salvatore Bonaccorso [mailto:carnil@master.debian.org] Im Auftrag
> von Salvatore Bonaccorso
> Gesendet: Freitag, 18. April 2014 08:36
> An: debian-security-announce@lists.debian.org
> Betreff: [SECURITY] [DSA 2910-1] qemu-kvm security update
> Wichtigkeit: Hoch
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - ---------------------------------------------------------------------
> ----
> Debian Security Advisory DSA-2910-1
> security@debian.org
> http://www.debian.org/security/                      Salvatore
> Bonaccorso
> April 18, 2014
> http://www.debian.org/security/faq
> - ---------------------------------------------------------------------
> ----
> 
> Package        : qemu-kvm
> CVE ID         : CVE-2014-0150
> 
> Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the
> way qemu processed MAC addresses table update requests from the guest.
> 
> A privileged guest user could use this flaw to corrupt qemu process
> memory on the host, which could potentially result in arbitrary code
> execution on the host with the privileges of the qemu process.
> 
> For the oldstable distribution (squeeze), this problem has been fixed
> in version 0.12.5+dfsg-5+squeeze11.
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 1.1.2+dfsg-6+deb7u1.
> 
> We recommend that you upgrade your qemu-kvm packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJTUMc9AAoJEAVMuPMTQ89EfC8P/jmDbn79xiGo4I0VtzsHbh43
> PxnBgJC/raHWJU74P6Fz9oGBro7CBC4QmzR9iC+NO1AnwOWgkhty0yRD3rk2ezPw
> +poOup4ByEihHc+pzPdMgfqUaYcsfP0Wa+CQfHFeh9i21Zp7666rZtEdlQrpy5xA
> Yb4Cy4WiFMR0Ih1KNI1jiHIqX6MXSyj01ZIQpHHDhRI5K0x7bDPaTkVRKE9nvBEi
> CdhkjSHwFzREMq+r62muwIk1mQz891HxEXNKSyeAvZS3oSFaa+sQHfDV/IxCiP+v
> F/ys47HXE+P1WeOzUhkEW3hM2H6gk7Kv87uxZx5pCxAJKbVgj+QXOKHS2oMxtrTe
> CYhsdqoKl37OBcE8T6K/PpUMrcw1fT81foKottB0I9VnSXHwj41hd6WhIiZAKK/R
> 0ofZQHoV54tvcvBu4N5VLuepgIlrOyf+BslSrtFgiB3W4F7K/djUCrnvlgxJO22z
> LMH73mHS3pM4EsmBc43dCYaQTTV/3xmWn6WFZYFL1hyKBuQUmoKSfeYhYUvnq+tm
> bCu+MrqeoxCRB052eQlPvriKWmkw4EfFOBc/zSD+h4f/OEhvYSmHzWqfR6MzWFA6
> Lyyuv/mUzzGqBXuTutZJn7NVqtWneQ75xqAwy90HBI8Buld73OzuVm9ZHV+34Sjc
> n7S2AQXWYThCjqEUIkAI
> =G8ms
> -----END PGP SIGNATURE-----
> 
> 
> --
> To UNSUBSCRIBE, email to debian-security-announce-
> REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: https://lists.debian.org/E1Wb2PO-0005px-4N@master.debian.org

------------------------------------------------------------------------------

FIZ Karlsruhe - Leibniz-Institut für Informationsinfrastruktur GmbH.
Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892.
Geschäftsführerin: Sabine Brünger-Weilandt.
Vorsitzender des Aufsichtsrats: MinDirig Dr. Thomas Greiner.

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable
Next by Date: goals for hardening Debian: ideas and help wanted
Previous by thread: Re: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable
Next by thread: goals for hardening Debian: ideas and help wanted
Index(es):
- Date
- Thread