|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-679-1 (qemu-kvm)



From:
    	      Hugo Lefeuvre <hle@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 679-1] qemu-kvm security update 


Date:
    	      Tue, 25 Oct 2016 22:22:03 +0200


Message-ID:
    	      <20161025202203.2bcxolntdlhpjqju@hle.local>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu-kvm
Version        : 1.1.2+dfsg-6+deb7u17
CVE ID         : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669

Multiple vulnerabilities have been found in qemu-kvm:

CVE-2016-8576

    qemu-kvm built with the USB xHCI controller emulation support is vulnerable
    to an infinite loop issue. It could occur while processing USB command ring
    in 'xhci_ring_fetch'.

CVE-2016-8577

    qemu-kvm built with the virtio-9p back-end support is vulnerable to a memory
    leakage issue. It could occur while doing a I/O read operation in
    v9fs_read() routine.

CVE-2016-8578

    qemu-kvm built with the virtio-9p back-end support is vulnerable to a null
    pointer dereference issue. It could occur while doing an I/O vector
    unmarshalling operation in v9fs_iov_vunmarshal() routine.

CVE-2016-8669

    qemu-kvm built with the 16550A UART emulation support is vulnerable to a
    divide by zero issue. It could occur while updating serial device parameters
    in 'serial_update_parameters'.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u17.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYD73qAAoJEKyQrD7FJAZeDWQP/RwhggoBEdoJ8zgZxoaGx5QA
q8l23pgEiCe4KlWU/CZY5A+wv3CCA/wa6Hz1YpnUwzKsqAfQpSigSwDGObKFmXQv
/gq1R/rgPgTiSPpdVNFr69PX1P2PPPyjflu/QlLyaLuZBDHw74DViYAH2evANVYd
ifmFiQthsOeRQiP6h9LscjX41hF7vOCMK0DVaVZbgka2CZ7fQVHLuWPFU0zWw5av
s7n9gWjhkYzscioH4Du/qoR8HvaUb7P6xpfD8omCE/CFpJr6mvifoZl94yDbXUEL
E63isSekwgXO+sbOAVx1PkfUqerljSFmzYHT7iuRg5LP8tG0vah3Kd44ttK3WrSD
5WsXmiZsah6deuvcJ49GLEyKEQD3DleYJP60+AK+GNVaK0Vsz4gP/FdeeyW/KVK7
Vj9bAwlEEtzJX3rX82o/Qy97P+udgekWaxY5qhlRJg4otAD8fYxQfFEnkuUCdS3u
NyTE89BCymtxctCnUc/3PTC06kUtyde3U8PLEaa66WsfOHQVxJs0eTTK2oJz9+JR
uRU97qOqnRjqx4nlvCjqV1T0GI15ShgKWaP7h8eHs0ijp6Y2hFVxe58yr09P5UXr
pOIxlROT9K08CtamCkj8KJbN07VJT+Hc1GysBGHIh1rQZwcWyoqPqdhy3mD3TEm+
utTyE717DsjMD47g8fvt
=eBoW
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds