Debian Security Advisory DSA 2270-1 (qemu-kvm) Network Vulnerability

Summary

The remote host is missing an update to qemu-kvm announced via advisory DSA 2270-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202270-1

Insight

It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-2. We recommend that you upgrade your qemu-kvm packages.

Severity

Classification

CVE CVE-2011-2512

CVSS	Base Score: 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1155-1 (sendmail)
Debian Security Advisory DSA 1107-1 (gnupg)
Debian Security Advisory DSA 1066-1 (phpbb2)
Debian Security Advisory DSA 1140-1 (gnupg)
Debian Security Advisory DSA 1056-1 (webcalendar)

Take action and discover your vulnerabilities