Debian DLA-765-1 : qemu-kvm security update
Low Nessus Plugin ID 96100
SynopsisThe remote Debian host is missing a security update.
DescriptionMultiple vulnerabilities have been found in qemu-kvm :
qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
For Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u19.
We recommend that you upgrade your qemu-kvm packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected kvm, qemu-kvm, and qemu-kvm-dbg packages.