Your message dated Mon, 28 Dec 2009 02:02:00 +0000
with message-id <e1np4vo-0006fl...@ries.debian.org>
and subject line Bug#562075: fixed in kvm 72+dfsg-5~lenny4
has caused the Debian Bug report #562075,
regarding CVE-2009-4031
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
562075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kvm
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kvm.
CVE-2009-4031[0]:
| The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
| emulator in the KVM subsystem in the Linux kernel before
| 2.6.32-rc8-next-20091125 tries to interpret instructions that contain
| too many bytes to be valid, which allows guest OS users to cause a
| denial of service (increased scheduling latency) on the host OS via
| unspecified manipulations related to SMP support.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4031
http://security-tracker.debian.org/tracker/CVE-2009-4031
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkswxagACgkQNxpp46476apvJwCdGK+7p3RZ2Cd7j9ry75NcPxj0
O1kAoIsb3bru1h7Q71yjMDJpMWVEODrZ
=Wsbg
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: kvm
Source-Version: 72+dfsg-5~lenny4
We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:
kvm-source_72+dfsg-5~lenny4_all.deb
to main/k/kvm/kvm-source_72+dfsg-5~lenny4_all.deb
kvm_72+dfsg-5~lenny4.diff.gz
to main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
kvm_72+dfsg-5~lenny4.dsc
to main/k/kvm/kvm_72+dfsg-5~lenny4.dsc
kvm_72+dfsg-5~lenny4_i386.deb
to main/k/kvm/kvm_72+dfsg-5~lenny4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 562...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 22 Dec 2009 20:57:32 +0100
Source: kvm
Binary: kvm kvm-source
Architecture: source all i386
Version: 72+dfsg-5~lenny4
Distribution: stable-security
Urgency: high
Maintainer: Jan Lübbe <jlue...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
kvm - Full virtualization on x86 hardware
kvm-source - Source for the KVM driver
Closes: 557739 562075 562076
Changes:
kvm (72+dfsg-5~lenny4) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3638: Integer overflow in the
kvm_dev_ioctl_get_supported_cpuid function (Closes: #562076)
* Fixed CVE-2009-3722: denial of service (trap) on the host OS via a crafted
application. (Closes: #557739)
* Fixed CVE-2009-4031: denial of service (increased scheduling latency) on
the host OS via unspecified manipulations related to SMP support.
(Closes: #562075)
Checksums-Sha1:
2ddbf4c1b4f3365c641d1e1d3d55693836e010d1 1349 kvm_72+dfsg-5~lenny4.dsc
9d8961d1f6a1e37578cbcc19ea72db400946a0c0 42354 kvm_72+dfsg-5~lenny4.diff.gz
cbc4f7f6dbcebb407319211db7733a371a99cb40 158524
kvm-source_72+dfsg-5~lenny4_all.deb
30e5aa546939b82009db2ecb7c25691863cb81cf 1030580 kvm_72+dfsg-5~lenny4_i386.deb
Checksums-Sha256:
5eaf406ba9acc7abbdcca1f9b44cebbf5aba248885a2e5d294ddc1bf37b0d6d4 1349
kvm_72+dfsg-5~lenny4.dsc
db01fe69530696e099f81df1473e780d801b788a7726f123b9ea2afb413b22da 42354
kvm_72+dfsg-5~lenny4.diff.gz
c1d63147ccd5b6733bed998ec796dddaae45c7efc484af1d265f9c8cd2c0f875 158524
kvm-source_72+dfsg-5~lenny4_all.deb
2be750e3d3d0cfd2af11f0b65b966c96379f27193d87608e4d3147dcf448c057 1030580
kvm_72+dfsg-5~lenny4_i386.deb
Files:
95ea1b5511954549694e198b838e308c 1349 misc optional kvm_72+dfsg-5~lenny4.dsc
12a3490ebcba2c1e9aa2a86140eaa2e3 42354 misc optional
kvm_72+dfsg-5~lenny4.diff.gz
70f46f694afd3169ce16a4c84ee32eb6 158524 misc optional
kvm-source_72+dfsg-5~lenny4_all.deb
ffdfcfce508514828bf455183e45f581 1030580 misc optional
kvm_72+dfsg-5~lenny4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksx9ZsACgkQNxpp46476arv7ACdHtOELjAFjKidmw07hxndjwDC
J4MAoInBxw0zIJh9cDyIHepGlkLRCk28
=/BIJ
-----END PGP SIGNATURE-----
--- End Message ---
