Test ID:	1.3.6.1.4.1.25623.1.0.70056
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2282-1)
Summary:	The remote host is missing an update for the Debian 'qemu-kvm' package(s) announced via the DSA-2282-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'qemu-kvm' package(s) announced via the DSA-2282-1 advisory. Vulnerability Insight: Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation. For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-3. We recommend that you upgrade your qemu-kvm packages. Affected Software/OS: 'qemu-kvm' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2212 45158 http://secunia.com/advisories/45158 45170 http://secunia.com/advisories/45170 45187 http://secunia.com/advisories/45187 45188 http://secunia.com/advisories/45188 45301 http://secunia.com/advisories/45301 45354 http://secunia.com/advisories/45354 74751 http://www.osvdb.org/74751 DSA-2282 https://www.debian.org/security/2011/dsa-2282 RHSA-2011:0919 http://rhn.redhat.com/errata/RHSA-2011-0919.html SUSE-SU-2011:0806 https://hermes.opensuse.org/messages/9605323 USN-1165-1 http://ubuntu.com/usn/usn-1165-1 https://bugzilla.redhat.com/show_bug.cgi?id=713589 openSUSE-SU-2011:0803 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2527 45419 http://secunia.com/advisories/45419 47157 http://secunia.com/advisories/47157 47992 http://secunia.com/advisories/47992 48659 http://www.securityfocus.com/bid/48659 74752 http://www.osvdb.org/74752 FEDORA-2012-8604 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html RHSA-2011:1531 http://rhn.redhat.com/errata/RHSA-2011-1531.html USN-1177-1 http://ubuntu.com/usn/usn-1177-1 [oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups http://www.openwall.com/lists/oss-security/2011/07/12/5 [oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups http://www.openwall.com/lists/oss-security/2011/07/12/15 https://bugs.launchpad.net/qemu/+bug/807893 openSUSE-SU-2012:0207 http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html qemu-runas-priv-escalation(68539) https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.