Hallo Andy, müssen wir auf dem Host ein Update einspielen?
Gruß Wolfgang > -----Ursprüngliche Nachricht----- > Von: Salvatore Bonaccorso [mailto:car...@master.debian.org] Im Auftrag > von Salvatore Bonaccorso > Gesendet: Freitag, 18. April 2014 08:36 > An: debian-security-annou...@lists.debian.org > Betreff: [SECURITY] [DSA 2910-1] qemu-kvm security update > Wichtigkeit: Hoch > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - --------------------------------------------------------------------- > ---- > Debian Security Advisory DSA-2910-1 > secur...@debian.org > http://www.debian.org/security/ Salvatore > Bonaccorso > April 18, 2014 > http://www.debian.org/security/faq > - --------------------------------------------------------------------- > ---- > > Package : qemu-kvm > CVE ID : CVE-2014-0150 > > Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the > way qemu processed MAC addresses table update requests from the guest. > > A privileged guest user could use this flaw to corrupt qemu process > memory on the host, which could potentially result in arbitrary code > execution on the host with the privileges of the qemu process. > > For the oldstable distribution (squeeze), this problem has been fixed > in version 0.12.5+dfsg-5+squeeze11. > > For the stable distribution (wheezy), this problem has been fixed in > version 1.1.2+dfsg-6+deb7u1. > > We recommend that you upgrade your qemu-kvm packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJTUMc9AAoJEAVMuPMTQ89EfC8P/jmDbn79xiGo4I0VtzsHbh43 > PxnBgJC/raHWJU74P6Fz9oGBro7CBC4QmzR9iC+NO1AnwOWgkhty0yRD3rk2ezPw > +poOup4ByEihHc+pzPdMgfqUaYcsfP0Wa+CQfHFeh9i21Zp7666rZtEdlQrpy5xA > Yb4Cy4WiFMR0Ih1KNI1jiHIqX6MXSyj01ZIQpHHDhRI5K0x7bDPaTkVRKE9nvBEi > CdhkjSHwFzREMq+r62muwIk1mQz891HxEXNKSyeAvZS3oSFaa+sQHfDV/IxCiP+v > F/ys47HXE+P1WeOzUhkEW3hM2H6gk7Kv87uxZx5pCxAJKbVgj+QXOKHS2oMxtrTe > CYhsdqoKl37OBcE8T6K/PpUMrcw1fT81foKottB0I9VnSXHwj41hd6WhIiZAKK/R > 0ofZQHoV54tvcvBu4N5VLuepgIlrOyf+BslSrtFgiB3W4F7K/djUCrnvlgxJO22z > LMH73mHS3pM4EsmBc43dCYaQTTV/3xmWn6WFZYFL1hyKBuQUmoKSfeYhYUvnq+tm > bCu+MrqeoxCRB052eQlPvriKWmkw4EfFOBc/zSD+h4f/OEhvYSmHzWqfR6MzWFA6 > Lyyuv/mUzzGqBXuTutZJn7NVqtWneQ75xqAwy90HBI8Buld73OzuVm9ZHV+34Sjc > n7S2AQXWYThCjqEUIkAI > =G8ms > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce- > requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: https://lists.debian.org/e1wb2po-0005px...@master.debian.org ------------------------------------------------------------------------------ FIZ Karlsruhe - Leibniz-Institut für Informationsinfrastruktur GmbH. Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892. Geschäftsführerin: Sabine Brünger-Weilandt. Vorsitzender des Aufsichtsrats: MinDirig Dr. Thomas Greiner. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/38fcbd1e7d877a49b48faddd9b3b5bb801a1959...@kaex03.fiz-karlsruhe.de
