CVE-2009-3616

Name	CVE-2009-3616
Source	CVE (at NVD; RH)
Description	Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
NVD severity	high
Debian Bugs	553589, 553590
Debian/oldstable	not vulnerable
Debian/stable	not vulnerable
Debian/testing	not vulnerable
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
kvm (PTS)	etch-backports	28-4~bpo.1	vulnerable
	lenny, lenny (security)	72+dfsg-5~lenny4	fixed
	squeeze (security)	72+dfsg-5+squeeze1	vulnerable
	lenny-backports	85+dfsg-4~bpo50+1	vulnerable
	experimental	88+dfsg-3	vulnerable
qemu (PTS)	etch	0.8.2-4etch2	fixed
	etch (security)	0.8.2-4etch3	fixed
	lenny, lenny (security)	0.9.1-10lenny1	fixed
	etch-backports	0.9.1-10lenny1~bpo40+1	vulnerable
	squeeze, sid	0.11.1-2	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
kvm	etch-backports	28-4~bpo.1	vulnerable	amd64, i386
	lenny, lenny (security)	72+dfsg-5~lenny4	fixed	amd64, i386
	squeeze (security)	72+dfsg-5+squeeze1	vulnerable	amd64, i386
kvm, kvm-dbg	lenny-backports	85+dfsg-4~bpo50+1	vulnerable	amd64, i386
	experimental	88+dfsg-3	vulnerable	amd64, i386
kvm-source	etch-backports	28-4~bpo.1	vulnerable	all
	lenny, lenny (security)	72+dfsg-5~lenny4	fixed	all
	squeeze	72+dfsg-5	vulnerable	all
	squeeze (security)	72+dfsg-5+squeeze1	vulnerable	all
	lenny-backports	85+dfsg-4~bpo50+1	vulnerable	all
	experimental	88+dfsg-3	vulnerable	all
libqemu-dev, qemu, qemu-system, qemu-utils	sid	0.11.1-2	fixed	amd64, armel, i386, kfreebsd-amd64, kfreebsd-i386, powerpc, sparc
	squeeze	0.11.1-2	fixed	amd64, armel, i386, powerpc, sparc
qemu	etch	0.8.2-4etch2	fixed	amd64, i386, powerpc
	etch (security)	0.8.2-4etch3	fixed	amd64, i386, powerpc
	etch-backports	0.9.1-10lenny1~bpo40+1	vulnerable	amd64, i386, powerpc, sparc
	lenny, lenny (security)	0.9.1-10lenny1	fixed	amd64, i386, powerpc, sparc
qemu-user, qemu-user-static	sid, squeeze	0.11.1-2	fixed	amd64, armel, i386, powerpc, sparc

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
kvm	source	(unstable)	(unfixed)	medium	553590
kvm	source	lenny	(not affected)
qemu	source	(unstable)	0.11.0-1	medium	553589
qemu	source	etch	(not affected)
qemu	source	lenny	(not affected)

Notes

[lenny] - qemu <not-affected> (Vulnerable code not present)
[etch] - qemu <not-affected> (Vulnerable code not present)
[lenny] - kvm <not-affected> (Vulnerable code not present)

Home - Testing Security Team - Debian Security - Imprint