Debian Security Advisory DSA 1846-1 (kvm) Network Vulnerability

Summary

The remote host is missing an update to kvm announced via advisory DSA 1846-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201846-1

Insight

Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~lenny2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your kvm packages, and rebuild any kernel

Severity

Classification

CVE CVE-2009-2287

CVSS	Base Score: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1074-1 (mpg123)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 084-1 (gftp)
Debian Security Advisory DSA 1058-1 (awstats)
Debian Security Advisory DSA 1099-1 (horde2)

Take action and discover your vulnerabilities