Date: 06 February 2012
References: ESB-2012.0091
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0136
xen-qemu-dm-4.0 security update
6 February 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen-qemu-dm-4.0
Publisher: Debian
Operating System: Debian GNU/Linux 6
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2012-0029
Reference: ESB-2012.0091
Original Bulletin:
http://www.debian.org/security/2012/dsa-2404
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2404-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
February 05, 2012 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : xen-qemu-dm-4.0
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0029
Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
network interface card of QEMU, which is used in the xen-qemu-dm-4.0
packages. This vulnerability might enable to malicious guest systems
to crash the host system or escalate their privileges.
The old stable distribution (lenny) does not contain the
xen-qemu-dm-4.0 package.
For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-2+squeeze1.
The testing distribution (wheezy) and the unstable distribution (sid)
will be fixed soon.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJPLnzXAAoJEL97/wQC1SS+AroH/RktLoquNfqGZDXA8APP3TJG
EhKsSPz4WH2ddt3uEWuEFacHjTqZ54QaXpgth4osr684yXd3K1L2bMtJKGDQ1GT0
xtsAJqNCYSfootqPeMOxCHX4/dS28dsDxRBR3cTV4L8Kk2VAosrDmvbMRN2nu2IH
/Y5qYpXlV9DKlQuBu5FIpQIaR1/liOvRq3tmcnpqZEU5yJ90AIqCeesU1v/aGFLv
bmFI9d8rVI6TxC3jEBKnV9+z/CroxPIIsUUUNnLRUa63TSPIWT0FyEaDhdnyGAd4
7Q+/lhUSLyNai4h2E0LrWCOwf05g4AuQ1Z27YgNTdNqcei2hhaTpI97885HtLPk=
=VKgf
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTy9p1u4yVqjM2NGpAQKAiA/+M8VLhLLBZMxEGhWOUE0rbZJ2cOeFuK2i
+oktoOMax93N7/QkPVW4mIk4pjBrLnJZtXu3KlfcybdiOMjZWIP9cG2lMJpBvVjQ
D4Pe9lUnBoFO3aLfq6KDAzHxtZ849FwhxA1pJXgP4EWo1azJ8KBUnXprdjOIuhGb
q06wkdh+DneZOWulX3vYtCNVnF4RQrD5nJ8EX7smwQznGp2JfPTiqVdB5CpmXdT+
lCz1Sx1/wwefL5FQJKWi+Sbqk4PVmMyjMSc2d1n3cnDtw0pgpXfjKdfHNV9qmzYg
YO/SgLySNsN5q1WZ2hg4RkQRne5XLnb+XYvWywfU6kHzpOucMdP6lnI52u1bah1F
4J/UYhqkQSmujJiK14Li7JiGuITTsLRRWNfJH1tIxMIQoCUYvQkpWCTnSqy35fDf
Fkc+wBUojP/+55wAtZkFAKCw4uPAdGSj54JhA5hhSh121JObWHHcbeLt3RM4jGPg
9XNWYCwE/sB/OqhCOxX/zfj5mn8usVFvk3v7MUoXyugAdsE1faWVGC0P4t3OviMS
WNf7fCAMBXRKOxQyrfJSGRtqiasYQ8eJauItvqv+gbaY6oP6mxPylxtvUlLpdXp0
dMx5LzZD9Xn1l9xeOQHrTBI+Q/iHq5MaLQjTGAt8a9wCenLN8XWYI8Mra80w4dPB
Mp+HFU1hcuE=
=EYyK
-----END PGP SIGNATURE-----
|