[Secure-testing-team] Bug#744221: CVE-2014-0150: guest-triggerable buffer overrun in virtio-net
Michael Tokarev
mjt at tls.msk.ru
Fri Apr 11 14:26:00 UTC 2014
Source: qemu
Version: 0.6.1-1
Severity: grave
Tags: security patch upstream squeeze wheezy jessie sid
This is a guest-triggerable buffer overrun in virtio-net device in qemu.
The relevant code has been added to qemu in version 0.6, which means it
is in all versions of debian. The network device is one of the most
important network devices which qemu implements, so impact might be
very high.
Upstream commit fixing this issue:
http://thread.gmane.org/gmane.comp.emulators.qemu/266713
Thanks,
/mjt
More information about the Secure-testing-team
mailing list