[SECURITY] [DLA 678-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : qemu
Version : 1.1.2+dfsg-6+deb7u17
CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669
Multiple vulnerabilities have been found in QEMU:
CVE-2016-8576
Quick Emulator (Qemu) built with the USB xHCI controller emulation support
is vulnerable to an infinite loop issue. It could occur while processing USB
command ring in 'xhci_ring_fetch'.
CVE-2016-8577
Quick Emulator (Qemu) built with the virtio-9p back-end support is
vulnerable to a memory leakage issue. It could occur while doing a I/O read
operation in v9fs_read() routine.
CVE-2016-8578
Quick Emulator (Qemu) built with the virtio-9p back-end support is
vulnerable to a null pointer dereference issue. It could occur while doing
an I/O vector unmarshalling operation in v9fs_iov_vunmarshal() routine.
CVE-2016-8669
Quick Emulator (Qemu) built with the 16550A UART emulation support is
vulnerable to a divide by zero issue. It could occur while updating serial
device parameters in 'serial_update_parameters'.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u17.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYD728AAoJEKyQrD7FJAZeJucP/RycVg07WfsX5c98ChEZQHCo
DpZCpjf6U719Om5oUVwksTWFCR0bXkpCJK8+SSGJeeLy/U0ZNe2HsUzT0eKkTFd6
t8UyuNKt0QQ5RCpUBI4u+IMcpgbioxtlbx4mAbo3e0/1utoGxwtqgRMr5SYnEmHh
NgZcQ4dexm5BMoxAArPCrSRrItVClAhObf33RU+n1HVQe8gO4dqOmPKwB83mYK+t
2p+bTDbmrqSPI8xVoADhKjgDhUv1XuB3ftpGPE7EfHk7Y5KnEguZXibGZeEsT8tk
qp8ThWVL0a8my3iSUYydTxb3BYsI/b/OZ5gadXWGIBnmJ4E+AeJmnamV0pMYTIwh
keJ0QKfK7u/QayQ9EJxUsH9FMHFsr3a412bx9NET3UHg/GynJOvXLwOAmJnQa5i3
mQk6vh7dNsdOhwxYNm0u/Cj29YH/jsc7Mn9ysuzqz2hEgq+ZanoSZ7V1fc+ZklW9
9w+dqt444y98dSvFSwag+sY4aXzLLUS7102lRkx2LNUGyeRRQxnCdsKUY172fTD6
XpObL3N7EbgypATGc9k8Dp9y9xbXp2YVpFXtTeA4in4XjBcjLtxh0wKKk90i1URU
BdJjHINtsmGhZtexBYoNfRj6UGOAEml96AOgcXGoMcg2X9MoNb/8tTYQoCiNODWB
4id/5+4DhpTflj6TbYd6
=XFrm
-----END PGP SIGNATURE-----
Reply to: