[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1497-1] qemu security update



Package        : qemu
Version        : 1:2.1+dfsg-12+deb8u7
CVE ID         : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835
                 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602
                 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911
                 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921
                 CVE-2016-9922 CVE-2016-10155 CVE-2017-2615 CVE-2017-2620
                 CVE-2017-5525 CVE-2017-5526 CVE-2017-5579 CVE-2017-5667
                 CVE-2017-5715 CVE-2017-5856 CVE-2017-5973 CVE-2017-5987
                 CVE-2017-6505 CVE-2017-7377 CVE-2017-7493 CVE-2017-7718
                 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309
                 CVE-2017-8379 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374
                 CVE-2017-9503 CVE-2017-10806 CVE-2017-10911
                 CVE-2017-11434 CVE-2017-14167 CVE-2017-15038
                 CVE-2017-15289 CVE-2017-16845 CVE-2017-18030
                 CVE-2017-18043 CVE-2018-5683 CVE-2018-7550
Debian Bug     : 813193 834904 835031 840945 840950 847496 847951 847953
                 847960 851910 852232 853002 853006 853996 854731 855159
                 855611 855791 856399 856969 857744 859854 860785 861348
                 861351 862280 862289 863943 864216 864568 865754 867751
                 869171 869706 874606 877890 880832 882136 886532 887392
                 892041

Several vulnerabilities were found in qemu, a fast processor emulator:

CVE-2015-8666

    Heap-based buffer overflow in QEMU when built with the
    Q35-chipset-based PC system emulator

CVE-2016-2198

    Null pointer dereference in ehci_caps_write in the USB EHCI support
    that may result in denial of service

CVE-2016-6833

    Use after free while writing in the vmxnet3 device that could be used
    to cause a denial of service

CVE-2016-6835

    Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device
    that could result in denial of service

CVE-2016-8576

    Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support

CVE-2016-8667 / CVE-2016-8669

    Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset
    emulator, and in serial_update_parameters of some serial devices, that
    could result in denial of service

CVE-2016-9602

   Improper link following with VirtFS

CVE-2016-9603

    Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA
    emulator support

CVE-2016-9776

    Infinite loop while receiving data in the ColdFire Fast Ethernet
    Controller emulator

CVE-2016-9907

    Memory leakage in the USB redirector usb-guest support 

CVE-2016-9911

    Memory leakage in ehci_init_transfer in the USB EHCI support

CVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916

    Plan 9 File System (9pfs): add missing cleanup operation in
    FileOperations, in the handle backend and in the proxy backend driver

CVE-2016-9921 / CVE-2016-9922

    Divide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator
    support 

CVE-2016-10155

    Memory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS
    privileged users to cause a denial of service via a large number of
    device unplug operations.

CVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718

    Out-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator
    support, that could result in denial of service

CVE-2017-5525 / CVE-2017-5526

    Memory leakage issues in the ac97 and es1370 device emulation

CVE-2017-5579

    Most memory leakage in the 16550A UART emulation

CVE-2017-5667

    Out-of-bounds access during multi block SDMA transfer in the SDHCI
    emulation support.

CVE-2017-5715

    Mitigations against the Spectre v2 vulnerability. For more information
    please refer to https://www.qemu.org/2018/01/04/spectre/

CVE-2017-5856

    Memory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation
    support

CVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505

    Infinite loop issues in the USB xHCI, in the transfer mode register
    of the SDHCI protocol, and the USB ohci_service_ed_list

CVE-2017-7377

    9pfs: host memory leakage via v9fs_create

CVE-2017-7493

    Improper access control issues in the host directory sharing via
    9pfs support.

CVE-2017-7980

    Heap-based buffer overflow in the Cirrus VGA device that could allow
    local guest OS users to execute arbitrary code or cause a denial of
    service

CVE-2017-8086

    9pfs: host memory leakage via v9pfs_list_xattr

CVE-2017-8112

    Infinite loop in the VMWare PVSCSI emulation

CVE-2017-8309 / CVE-2017-8379

    Host memory leakage issues via the audio capture buffer and the
    keyboard input event handlers 

CVE-2017-9330

    Infinite loop due to incorrect return value in USB OHCI that may
    result in denial of service

CVE-2017-9373 / CVE-2017-9374

    Host memory leakage during hot unplug in IDE AHCI and USB emulated
    devices that could result in denial of service

CVE-2017-9503

    Null pointer dereference while processing megasas command

CVE-2017-10806

    Stack buffer overflow in USB redirector

CVE-2017-10911

    Xen disk may leak stack data via response ring

CVE-2017-11434

    Out-of-bounds read while parsing Slirp/DHCP options

CVE-2017-14167

    Out-of-bounds access while processing multiboot headers that could
    result in the execution of arbitrary code

CVE-2017-15038

    9pfs: information disclosure when reading extended attributes

CVE-2017-15289

    Out-of-bounds write access issue in the Cirrus graphic adaptor that
    could result in denial of service

CVE-2017-16845

    Information leak in the PS/2 mouse and keyboard emulation support that
    could be exploited during instance migration 

CVE-2017-18043

    Integer overflow in the macro ROUND_UP (n, d) that could result in
    denial of service

CVE-2018-7550

    Incorrect handling of memory during multiboot that could may result in
    execution of arbitrary code

For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u7.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: