[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 764-1] qemu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu
Version        : 1.1.2+dfsg-6+deb7u19
CVE ID         : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922

Multiple vulnerabilities have been found in QEMU:

CVE-2016-9911

    Quick Emulator (Qemu) built with the USB EHCI Emulation support
    is vulnerable to a memory leakage issue. It could occur while
    processing packet data in 'ehci_init_transfer'. A guest user/
    process could use this issue to leak host memory, resulting in
    DoS for a host.

CVE-2016-9921, CVE-2016-9922

    Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator
    support is vulnerable to a divide by zero issue. It could occur
    while copying VGA data when cirrus graphics mode was set to be
    VGA. A privileged user inside guest could use this flaw to crash
    the Qemu process instance on the host, resulting in DoS.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhHqcACgkQrJCsPsUk
Bl4lYQ/+NU802RirLbLCt658JHIwlf/xtk4KHuO2a1oc5z562EKayKvO2bmnrHN9
1vCz5IoVTmnPyHtPA4dW4SZmDi+/DymPv4LTm0m9JJGRHWSdhxYfycEDI8CZX8Bn
7qK5zp0c+Zr4jrSw//weZlDSLRix+IJy3dXhIY+9Bg1lPwqV5SaARuubSGCJD78e
KIB7mgu9MnBppc80kyKQ0lY+RCTDDq13Ej+6xynvq4vMgZw3ebw8P6SHKQcszoIt
cwKwKRJNvx28XB9TEPh+m3jVS6L3ZmP+t6tG4xcM65Bf08Yew5MR8b3r4+IL/8O0
iEZz9mPUxwxo8dqzrWkFrfNn9FD0Dn4DiK2Vy4uKfhpvZ/dCFi1pcbSMtw+Kfw4N
qWjk3qbaAiZ7Au4/H3xu5O07YKnmQga0WTGG1jdxFrNjUFKcQfFcdGhmSCrowBBl
xncYDHNbv1wD4XKtMug/NoGz+hABGDHefWWOIWa0ltYOOuT8z4eubAFSiMtpQ6DM
lLAC2E+KgXm+9ZzguysTd74bfBhwPqcbxLtCBUMd5ziNTjDve4ryMhvmvThknRfu
KpKaruEMJlDZHak9Q4YfvJq8fKTQ3wXWKJRFrbCFxxirpT8sflUkhomdQqLN/bvI
Nmb3pGuB6tEV2E6FlUtLp/i9cbenIEJCIo+TEqXwJuNX3CGSRWA=
=4xlL
-----END PGP SIGNATURE-----


Reply to: