Bug#657529: marked as done (e1000: process_tx_desc legacy mode packets heap overflow (CVE-2012-0029))

Debian Bug Tracking System Thu, 26 Jan 2012 13:03:30 -0800

Your message dated Thu, 26 Jan 2012 21:02:39 +0000
with message-id <e1rqwst-0001j5...@franck.debian.org>
and subject line Bug#657529: fixed in qemu-kvm 1.0+dfsg-5
has caused the Debian Bug report #657529,
regarding e1000: process_tx_desc legacy mode packets heap overflow 
(CVE-2012-0029)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
657529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: serious
Tags: patch security squeeze upstream sid

There is a buffer overflow in handling of network
packets transmitted from guest to qemu/kvm process
in e1000 emulated device.  A malicious guest running
on a virtual machine with emulated e1000 device can
trigger a heap overflow in host process and gain
host privileges.

This is assigned CVE-2012-0029.

Both stable (squeeze) and testing/unstable versions
are affected (and actually oldstable as well, but
there, kvm package is severly broken anyway).

--- End Message ---

--- Begin Message ---

Source: qemu-kvm
Source-Version: 1.0+dfsg-5

We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive:

kvm_1.0+dfsg-5_i386.deb
  to main/q/qemu-kvm/kvm_1.0+dfsg-5_i386.deb
qemu-kvm-dbg_1.0+dfsg-5_i386.deb
  to main/q/qemu-kvm/qemu-kvm-dbg_1.0+dfsg-5_i386.deb
qemu-kvm_1.0+dfsg-5.debian.tar.gz
  to main/q/qemu-kvm/qemu-kvm_1.0+dfsg-5.debian.tar.gz
qemu-kvm_1.0+dfsg-5.dsc
  to main/q/qemu-kvm/qemu-kvm_1.0+dfsg-5.dsc
qemu-kvm_1.0+dfsg-5_i386.deb
  to main/q/qemu-kvm/qemu-kvm_1.0+dfsg-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 657...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu-kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 27 Jan 2012 00:42:11 +0400
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source i386
Version: 1.0+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Michael Tokarev <m...@tls.msk.ru>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu-kvm   - Full virtualization on x86 hardware
 qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 657529
Changes: 
 qemu-kvm (1.0+dfsg-5) unstable; urgency=high
 .
   * urgency high due to security fix
   * e1000-bounds-packet-size-against-buffer-size-CVE-2012-0029.diff
     patch from upstream to fix CVE-2012-0029 (Closes: #657529)
Checksums-Sha1: 
 34c71dbe1a026098336f0fd9f1adbfdfeee6fcb4 1891 qemu-kvm_1.0+dfsg-5.dsc
 9370413759a6b7c3e24b01e977b450e2d74d2449 28037 
qemu-kvm_1.0+dfsg-5.debian.tar.gz
 7b7b6db7a0ce2d67d2bf89e3ec5ae640aacdd07a 1597560 qemu-kvm_1.0+dfsg-5_i386.deb
 629a82b707285ff27013f180aeb1d029d8f21508 3820486 
qemu-kvm-dbg_1.0+dfsg-5_i386.deb
 8085b098f5a04e5a0cec78f07d3d70f1fd0afd5e 10250 kvm_1.0+dfsg-5_i386.deb
Checksums-Sha256: 
 bda86ea64455ae4c2e7b544ece0db0733269d587730dd140dbf2f2cf7fc4c995 1891 
qemu-kvm_1.0+dfsg-5.dsc
 7044d2f2810120d27c5dafee2d801d110f4c6c75d0820f4c918ecb07f7e0b3e6 28037 
qemu-kvm_1.0+dfsg-5.debian.tar.gz
 286ffe40842c178eed8539d529b0b73d6ef229004972fa03932316b7b72f9dc9 1597560 
qemu-kvm_1.0+dfsg-5_i386.deb
 370fd23532230c6a0751eff94d123b0850138b56ee68c6cff1af57c240126326 3820486 
qemu-kvm-dbg_1.0+dfsg-5_i386.deb
 d00a9ddebd83501482a1c534b515cb6916f6dca05ebd085129300ced9790fed7 10250 
kvm_1.0+dfsg-5_i386.deb
Files: 
 36e21d66799e3956cda939afa048f505 1891 misc optional qemu-kvm_1.0+dfsg-5.dsc
 32de8e7129fd2ecc32f362c4d8e5df4f 28037 misc optional 
qemu-kvm_1.0+dfsg-5.debian.tar.gz
 2f91980ccc2ce92f00f6c10c1972cd83 1597560 misc optional 
qemu-kvm_1.0+dfsg-5_i386.deb
 66853e37603e8b87977a199ee9719c6b 3820486 debug extra 
qemu-kvm-dbg_1.0+dfsg-5_i386.deb
 975aaea2b1703a236747a22a5d2541e7 10250 oldlibs extra kvm_1.0+dfsg-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iJwEAQECAAYFAk8hvIIACgkQUlPFrXTwyDgl+gQA0iF/a9wAQoCUQZV7P5u2JkCw
JlPCS9F6JVvEpD40/bMGiyVLJGcVE/qYmfjrhbZFgOY8qfGjWlhwo1XBaBz4jy0R
1+kvsQNoWl5oi25+9rqrZPrMo9KN9brwJhF1HNbqe1umfgA+QuL/igh7e7zlUZoL
wdlAx2tcH1ZhfSpNug0=
=o4aT
-----END PGP SIGNATURE-----

--- End Message ---

Bug#657529: marked as done (e1000: process_tx_desc legacy mode packets heap overflow (CVE-2012-0029))

Reply via email to