Package: qemu-kvm Version: 0.12.5+dfsg-5 Severity: important Tags: upstream patch pending security
This is CVE-2011-1750. Patch is already available (backported from 0.14), pushing it. Petr Matousek <pmato...@redhat.com> wrote at Fri, 22 Apr 2011 05:08:15 -0400: > It was found that virtio-blk driver in qemu-kvm did not properly > validate read and write requests from the guest. A privileged guest user > could use this flaw to cause heap corruption, causing the guest to crash > (denial of service) or, possibly, resulting in the privileged guest user > escalating their privileges on the host." > > References: > http://www.spinics.net/lists/kvm/msg51877.html > https://bugzilla.redhat.com/show_bug.cgi?id=698906 > > Upstream commit: > http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org