[SECURITY] [DLA 678-1] qemu security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 678-1] qemu security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Tue, 25 Oct 2016 22:20:15 +0200
Message-id: <[🔎] 20161025202015.fckkstjl5jcld553@hle.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu
Version        : 1.1.2+dfsg-6+deb7u17
CVE ID         : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669

Multiple vulnerabilities have been found in QEMU:

CVE-2016-8576

    Quick Emulator (Qemu) built with the USB xHCI controller emulation support
    is vulnerable to an infinite loop issue. It could occur while processing USB 
    command ring in 'xhci_ring_fetch'.

CVE-2016-8577

    Quick Emulator (Qemu) built with the virtio-9p back-end support is
    vulnerable to a memory leakage issue. It could occur while doing a I/O read
    operation in v9fs_read() routine.

CVE-2016-8578

    Quick Emulator (Qemu) built with the virtio-9p back-end support is
    vulnerable to a null pointer dereference issue. It could occur while doing
    an I/O vector unmarshalling operation in v9fs_iov_vunmarshal() routine.

CVE-2016-8669

    Quick Emulator (Qemu) built with the 16550A UART emulation support is
    vulnerable to a divide by zero issue. It could occur while updating serial
    device parameters in 'serial_update_parameters'.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u17.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYD728AAoJEKyQrD7FJAZeJucP/RycVg07WfsX5c98ChEZQHCo
DpZCpjf6U719Om5oUVwksTWFCR0bXkpCJK8+SSGJeeLy/U0ZNe2HsUzT0eKkTFd6
t8UyuNKt0QQ5RCpUBI4u+IMcpgbioxtlbx4mAbo3e0/1utoGxwtqgRMr5SYnEmHh
NgZcQ4dexm5BMoxAArPCrSRrItVClAhObf33RU+n1HVQe8gO4dqOmPKwB83mYK+t
2p+bTDbmrqSPI8xVoADhKjgDhUv1XuB3ftpGPE7EfHk7Y5KnEguZXibGZeEsT8tk
qp8ThWVL0a8my3iSUYydTxb3BYsI/b/OZ5gadXWGIBnmJ4E+AeJmnamV0pMYTIwh
keJ0QKfK7u/QayQ9EJxUsH9FMHFsr3a412bx9NET3UHg/GynJOvXLwOAmJnQa5i3
mQk6vh7dNsdOhwxYNm0u/Cj29YH/jsc7Mn9ysuzqz2hEgq+ZanoSZ7V1fc+ZklW9
9w+dqt444y98dSvFSwag+sY4aXzLLUS7102lRkx2LNUGyeRRQxnCdsKUY172fTD6
XpObL3N7EbgypATGc9k8Dp9y9xbXp2YVpFXtTeA4in4XjBcjLtxh0wKKk90i1URU
BdJjHINtsmGhZtexBYoNfRj6UGOAEml96AOgcXGoMcg2X9MoNb/8tTYQoCiNODWB
4id/5+4DhpTflj6TbYd6
=XFrm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 676-1] nspr security update
Next by Date: [SECURITY] [DLA 679-1] qemu-kvm security update
Previous by thread: [SECURITY] [DLA 676-1] nspr security update
Next by thread: [SECURITY] [DLA 679-1] qemu-kvm security update
Index(es):
- Date
- Thread