Package: qemu-kvm Version: 0.12.5+dfsg-5+squeeze6 Severity: serious Tags: patch security squeeze upstream sid
There is a buffer overflow in handling of network packets transmitted from guest to qemu/kvm process in e1000 emulated device. A malicious guest running on a virtual machine with emulated e1000 device can trigger a heap overflow in host process and gain host privileges. This is assigned CVE-2012-0029. Both stable (squeeze) and testing/unstable versions are affected (and actually oldstable as well, but there, kvm package is severly broken anyway). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org