[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 765-1] qemu-kvm security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu-kvm
Version        : 1.1.2+dfsg-6+deb7u19
CVE ID         : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922

Multiple vulnerabilities have been found in qemu-kvm:

CVE-2016-9911

    qemu-kvm built with the USB EHCI Emulation support is vulnerable
    to a memory leakage issue. It could occur while processing packet
    data in 'ehci_init_transfer'. A guest user/process could use this
    issue to leak host memory, resulting in DoS for a host.

CVE-2016-9921, CVE-2016-9922

    qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is
    vulnerable to a divide by zero issue. It could occur while copying
    VGA data when cirrus graphics mode was set to be VGA. A privileged
    user inside guest could use this flaw to crash the Qemu process
    instance on the host, resulting in DoS.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhH4gACgkQrJCsPsUk
Bl6t6RAA2edm+kEJKSH+4xanmkuZql8gG37jsUP1yFjkOu5q1RiJJW5wGAp/bU6o
PBXDnBrE4SAalrtsYdqj1nhoHa7q2km/kefWCW2on1fNxfcwVUVi6b33lahi0oaU
1swybQk1HUODenmoNKRCV6d9r1OJKHak/6TFXj9BmNqGQnq1w3FmcmAtfV3mFgwd
lkMfer4A/K42ANmXirp6txxUYWqT3s48tU2CRWtq7zWoHK6/6CWszfOXmFR66bdU
pMa3rZXhxOYzeikfQrh+WTobBFbCJWP63HBPmJlnXfGRdHbhdH62ucIjbV04kQdu
Vq8Bkl3JP2oZWyw8SjVa+wvPdSyuAWSHGi/W7u2T1JWmcUxLjqkzd5Il9BenviRl
BewVdtIbMVcTDZxaDueSc+owcVQY5sIJCCIviNDQXJpYU6iSNuLAhPka6XzLDIzJ
qIPBWOAgw0xQ2XJwMiyKUQXce17A0zEOHh/+5bDjdTPPPR4jmnLcpNcZNw6MH02L
LKqcg3p+pwgtgdNW5sb4kUzZ7jMOBgZR8ftbAmCKcsjS9RemISPuviNTLYzZkL1C
5VWyzZFQblVx99LsH6Udxhl6PykamqN3er/H/BqUeZy3PGsujcjpA3TZNuGuBdUd
wGgvi4HijmkUHbjcrjKcjvo8YWV/1cgyW5V3kkn9nZ+ljMd3bwc=
=Ri/R
-----END PGP SIGNATURE-----


Reply to: