SynopsisThe remote Debian host is missing a security-related update.
DescriptionJason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
SolutionUpgrade the xen packages.
For the oldstable distribution (wheezy), this problem has been fixed in version 4.1.4-3+deb7u6.
The stable distribution (jessie) is already fixed through the qemu update provided as DSA-3259-1.