[SECURITY] [DLA 679-1] qemu-kvm security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 679-1] qemu-kvm security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Tue, 25 Oct 2016 22:22:03 +0200
Message-id: <[🔎] 20161025202203.2bcxolntdlhpjqju@hle.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu-kvm
Version        : 1.1.2+dfsg-6+deb7u17
CVE ID         : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669

Multiple vulnerabilities have been found in qemu-kvm:

CVE-2016-8576

    qemu-kvm built with the USB xHCI controller emulation support is vulnerable
    to an infinite loop issue. It could occur while processing USB command ring
    in 'xhci_ring_fetch'.

CVE-2016-8577

    qemu-kvm built with the virtio-9p back-end support is vulnerable to a memory
    leakage issue. It could occur while doing a I/O read operation in
    v9fs_read() routine.

CVE-2016-8578

    qemu-kvm built with the virtio-9p back-end support is vulnerable to a null
    pointer dereference issue. It could occur while doing an I/O vector
    unmarshalling operation in v9fs_iov_vunmarshal() routine.

CVE-2016-8669

    qemu-kvm built with the 16550A UART emulation support is vulnerable to a
    divide by zero issue. It could occur while updating serial device parameters
    in 'serial_update_parameters'.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u17.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYD73qAAoJEKyQrD7FJAZeDWQP/RwhggoBEdoJ8zgZxoaGx5QA
q8l23pgEiCe4KlWU/CZY5A+wv3CCA/wa6Hz1YpnUwzKsqAfQpSigSwDGObKFmXQv
/gq1R/rgPgTiSPpdVNFr69PX1P2PPPyjflu/QlLyaLuZBDHw74DViYAH2evANVYd
ifmFiQthsOeRQiP6h9LscjX41hF7vOCMK0DVaVZbgka2CZ7fQVHLuWPFU0zWw5av
s7n9gWjhkYzscioH4Du/qoR8HvaUb7P6xpfD8omCE/CFpJr6mvifoZl94yDbXUEL
E63isSekwgXO+sbOAVx1PkfUqerljSFmzYHT7iuRg5LP8tG0vah3Kd44ttK3WrSD
5WsXmiZsah6deuvcJ49GLEyKEQD3DleYJP60+AK+GNVaK0Vsz4gP/FdeeyW/KVK7
Vj9bAwlEEtzJX3rX82o/Qy97P+udgekWaxY5qhlRJg4otAD8fYxQfFEnkuUCdS3u
NyTE89BCymtxctCnUc/3PTC06kUtyde3U8PLEaa66WsfOHQVxJs0eTTK2oJz9+JR
uRU97qOqnRjqx4nlvCjqV1T0GI15ShgKWaP7h8eHs0ijp6Y2hFVxe58yr09P5UXr
pOIxlROT9K08CtamCkj8KJbN07VJT+Hc1GysBGHIh1rQZwcWyoqPqdhy3mD3TEm+
utTyE717DsjMD47g8fvt
=eBoW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 678-1] qemu security update
Next by Date: [SECURITY] [DLA 675-1] potrace security update
Previous by thread: [SECURITY] [DLA 678-1] qemu security update
Next by thread: [SECURITY] [DLA 675-1] potrace security update
Index(es):
- Date
- Thread