[SECURITY] [DLA 764-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : qemu
Version : 1.1.2+dfsg-6+deb7u19
CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922
Multiple vulnerabilities have been found in QEMU:
CVE-2016-9911
Quick Emulator (Qemu) built with the USB EHCI Emulation support
is vulnerable to a memory leakage issue. It could occur while
processing packet data in 'ehci_init_transfer'. A guest user/
process could use this issue to leak host memory, resulting in
DoS for a host.
CVE-2016-9921, CVE-2016-9922
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to a divide by zero issue. It could occur
while copying VGA data when cirrus graphics mode was set to be
VGA. A privileged user inside guest could use this flaw to crash
the Qemu process instance on the host, resulting in DoS.
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhHqcACgkQrJCsPsUk
Bl4lYQ/+NU802RirLbLCt658JHIwlf/xtk4KHuO2a1oc5z562EKayKvO2bmnrHN9
1vCz5IoVTmnPyHtPA4dW4SZmDi+/DymPv4LTm0m9JJGRHWSdhxYfycEDI8CZX8Bn
7qK5zp0c+Zr4jrSw//weZlDSLRix+IJy3dXhIY+9Bg1lPwqV5SaARuubSGCJD78e
KIB7mgu9MnBppc80kyKQ0lY+RCTDDq13Ej+6xynvq4vMgZw3ebw8P6SHKQcszoIt
cwKwKRJNvx28XB9TEPh+m3jVS6L3ZmP+t6tG4xcM65Bf08Yew5MR8b3r4+IL/8O0
iEZz9mPUxwxo8dqzrWkFrfNn9FD0Dn4DiK2Vy4uKfhpvZ/dCFi1pcbSMtw+Kfw4N
qWjk3qbaAiZ7Au4/H3xu5O07YKnmQga0WTGG1jdxFrNjUFKcQfFcdGhmSCrowBBl
xncYDHNbv1wD4XKtMug/NoGz+hABGDHefWWOIWa0ltYOOuT8z4eubAFSiMtpQ6DM
lLAC2E+KgXm+9ZzguysTd74bfBhwPqcbxLtCBUMd5ziNTjDve4ryMhvmvThknRfu
KpKaruEMJlDZHak9Q4YfvJq8fKTQ3wXWKJRFrbCFxxirpT8sflUkhomdQqLN/bvI
Nmb3pGuB6tEV2E6FlUtLp/i9cbenIEJCIo+TEqXwJuNX3CGSRWA=
=4xlL
-----END PGP SIGNATURE-----
Reply to: