DSA-2230-1 qemu-kvm -- severalID: oval:org.secpod.oval:def:600242 | Date: (C)2011-05-02 (M)2023-02-20 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-0011 Setting the VNC password to an empty string silently disabled all authentication. CVE-2011-1750 The virtio-blk driver performed insufficient validation of read/write I/O from the guest instance, which could lead to denial of service or privilege escalation. The oldstable distribution is not affected by this problem.