Debian Security Advisory
DSA-3920-1 qemu -- security update
- Date Reported:
- 25 Jul 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-10664, CVE-2017-10911.
- More information:
Multiple vulnerabilities were found in qemu, a fast processor emulator:
Denial of service via infinite loop in e1000e NIC emulation.
Denial of service via infinite loop in USB OHCI emulation.
Denial of service via memory leak in IDE AHCI emulation.
Denial of service via memory leak in USB EHCI emulation.
Denial of service in qemu-nbd server.
Information leak in Xen blkif response handling.
For the oldstable distribution (jessie), a separate DSA will be issued.
For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your qemu packages.