Ok, Looks like we're running 4.0.1-2 everywhere, from what I can see (or will be soon, once squeeze is on all VPS's).
All the issues in the notice are addressed in 4.0.1-4 (squeeze (security)): "squeeze (security) 4.0.1-4 fixed" CVE-2011-1166 references the following: DSA-2337-1 - which references the following (all that where listed in the notice we where sent): CVE-2011-1898 (ref DSA-2337-1) NVD severity high (attack range: remote) "...when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."" CVE-2011-1583 (ref DSA-2337-1) NVD severity medium (attack range: local) CVE-2011-3262 (ref DSA-2337-1) NVD severity low (attack range: local) As far as patching is concerned, I can't seem to find any discernible way to tell if the program and associated libraries have had a patch applied on Debian? Is there and easy way in Debian to tell this? Thanks, Wrex -- Wrex Allen Cadre Web Hosting Systems Administration & Support -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0d9a4642ca4cdd02515a6f4f66923...@billing.advomatic.com
