From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Bareiro Subject: Status of KVM vulnerabilities Date: Thu, 11 Mar 2010 06:52:52 -0300 Message-ID: <20100311095252.GA29115@defiant.freesoftware> Reply-To: dbareiro@gmx.net Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" To: KVM General Return-path: Received: from mail.gmx.net ([213.165.64.20]:57538 "HELO mail.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1755285Ab0CKJw7 (ORCPT ); Thu, 11 Mar 2010 04:52:59 -0500 Received: from defiant (defiant.freesoftware [10.1.0.65]) by hermes.freesoftware (Postfix) with ESMTP id 6EDE21BD for ; Thu, 11 Mar 2010 06:59:16 -0300 (ART) Content-Disposition: inline Sender: kvm-owner@vger.kernel.org List-ID: --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, all. Recently Debian has published the DSA-2010-1 [1] where the following vulnerabilities are fixed: * CVE-2010-0298 & CVE-2010-0306 (Gleb Natapov) * CVE-2010-0309 (Marcelo Tosatti) * CVE-2010-0419 (Paolo Bonzini) I'm using Linux 2.6.32.3 with qemu-kvm-0.12.1.2 and I would like to know if it is necessary to update kvm-kmod or qemu-kvm, if some of these versions presents this vulnerability and some new version already exists and fix it. Thanks in advance for your replies. Regards, Daniel [1] http://seclists.org/bugtraq/2010/Mar/98 --=20 Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37 Powered by Debian GNU/Linux Lenny - Linux user #188.598 --wac7ysb48OaltWcw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuYvXQACgkQZpa/GxTmHTfH9gCgg3V2ZcFakBymThD1cWsoMlHZ vzsAmgJJB6W5NfA6HJZQnEDRIb95pLFB =NYyk -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--