Debian-LTS alert DLA-678-1 (qemu)
| From: | Hugo Lefeuvre <hle@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 678-1] qemu security update | |
| Date: | Tue, 25 Oct 2016 22:20:15 +0200 | |
| Message-ID: | <20161025202015.fckkstjl5jcld553@hle.local> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : qemu Version : 1.1.2+dfsg-6+deb7u17 CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 Multiple vulnerabilities have been found in QEMU: CVE-2016-8576 Quick Emulator (Qemu) built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could occur while processing USB command ring in 'xhci_ring_fetch'. CVE-2016-8577 Quick Emulator (Qemu) built with the virtio-9p back-end support is vulnerable to a memory leakage issue. It could occur while doing a I/O read operation in v9fs_read() routine. CVE-2016-8578 Quick Emulator (Qemu) built with the virtio-9p back-end support is vulnerable to a null pointer dereference issue. It could occur while doing an I/O vector unmarshalling operation in v9fs_iov_vunmarshal() routine. CVE-2016-8669 Quick Emulator (Qemu) built with the 16550A UART emulation support is vulnerable to a divide by zero issue. It could occur while updating serial device parameters in 'serial_update_parameters'. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u17. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYD728AAoJEKyQrD7FJAZeJucP/RycVg07WfsX5c98ChEZQHCo DpZCpjf6U719Om5oUVwksTWFCR0bXkpCJK8+SSGJeeLy/U0ZNe2HsUzT0eKkTFd6 t8UyuNKt0QQ5RCpUBI4u+IMcpgbioxtlbx4mAbo3e0/1utoGxwtqgRMr5SYnEmHh NgZcQ4dexm5BMoxAArPCrSRrItVClAhObf33RU+n1HVQe8gO4dqOmPKwB83mYK+t 2p+bTDbmrqSPI8xVoADhKjgDhUv1XuB3ftpGPE7EfHk7Y5KnEguZXibGZeEsT8tk qp8ThWVL0a8my3iSUYydTxb3BYsI/b/OZ5gadXWGIBnmJ4E+AeJmnamV0pMYTIwh keJ0QKfK7u/QayQ9EJxUsH9FMHFsr3a412bx9NET3UHg/GynJOvXLwOAmJnQa5i3 mQk6vh7dNsdOhwxYNm0u/Cj29YH/jsc7Mn9ysuzqz2hEgq+ZanoSZ7V1fc+ZklW9 9w+dqt444y98dSvFSwag+sY4aXzLLUS7102lRkx2LNUGyeRRQxnCdsKUY172fTD6 XpObL3N7EbgypATGc9k8Dp9y9xbXp2YVpFXtTeA4in4XjBcjLtxh0wKKk90i1URU BdJjHINtsmGhZtexBYoNfRj6UGOAEml96AOgcXGoMcg2X9MoNb/8tTYQoCiNODWB 4id/5+4DhpTflj6TbYd6 =XFrm -----END PGP SIGNATURE-----