-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3044-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu-kvm CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An information leak was discovered in the VGA emulation For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your qemu-kvm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUMEnFAAoJEBDCk7bDfE42S0IQAI0GiUzZAZs8X6pOR06uRvwM gOJSOBjbP6cvFUrQIXNAckjGeBxvLt1aI+wM8grGVw2GRJZgg1cfUsSrq8aPhaUn rwJQHLYqJrgqBR5LA8bVvSBZMugGIMMh1s2ta9aCL2+kzAXdVYjHBGnud40MlLlc rYmj7cuL2TsgVdlFDmlChWFXSfSEJe1Kf2vxtBDXWx8BjSFIbHz0W+UKXgsUenXe IUtglp9Kch1HJteeOXWNDF2rS5YLdbPBR86nQo51au9G3g1IzuY9/kalUjYuB8AU gHfMkH6qpkc+QfxJBB+KnB0d9zE5Zl4rXxqMUCvgcDmv2uKGmGoGPqXw9Oz833az o8M/+NtvdLlqW4FXiAAM89o0SovE8N/Hnzu65p0mCaVzwL2Wt1iUYMfvNsqSHTnX 1cCF4eggILabE9yuwmX0CX+J7zrOHPuN+zHZgX67urXDp+uSpxCyp/M+SssP1XpP jn9bizH2mbDdVek6J/W5vyQWIjpKsaNrcNLL7igyBm0OCSesOxhb4Kx47RZRtXpV K0DSVqQ8UovOZt4otoLe5+tjk/WIM2/O2n5u44W6awzmOW+Isb8SOLl+L/3SwrEQ YEMpqrCIb05P1jgnRBi6Rak7pP2kNZWFxvkQ4fIiRCn1ifKcWXrCBbOZ2zfE6W1Y 4WK4Zu8toz5YnAnN+FEa =84ai -----END PGP SIGNATURE-----