Univention Bugzilla – Bug 40635
qemu-kvm: multiple issues (4.0)
Last modified: 2016-10-05 10:07:18 CEST
+++ This bug was initially created as a clone of Bug #40634 +++ Upstream Debian package version 1.1.2+dfsg-6+deb7u12 fixes these issues: * pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) (XSA-162) * net: pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) * Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. (CVE-2015-7512) * Qemu: net: eepro100: infinite loop in processing command block list (CVE-2015-8345) * vnc: avoid floating point exception (CVE-2015-8504) * usb: infinite loop in ehci_advance_state results in DoS (CVE-2015-8558) * net: ne2000: OOB r/w in ioport operations (CVE-2015-8743) * ide: ahci use-after-free vulnerability in aio port commands (CVE-2016-1568) * nvram: OOB r/w access in processing firmware configurations (CVE-2016-1714) * i386: null pointer dereference in vapic_write() (CVE-2016-1922)
The same issues effect the "qemu" package and have been fixed in version 1.1.2+dfsg-6a+deb7u12 of that package.
1.1.2+dfsg-6+deb7u12 changelog also mentions this as fixed: * virtio-net: possible remote DoS (CVE-2015-7295)
Move to 4.0-5-errata.
r16498 | Bug #40635: qemu-kvm UCS-4.0-5 r16500 | Bug #40635: qemu UCS-4.0-5 `git format-patch fd3c136~5..fd3c136` for CVE-2016-3710 and CVE-2016-3712 r16501 | Bug #40635: qemu UCS-4.0-5 Package: qemu-kvm Version: 1.1.2+dfsg-6.50.201605111104 Branch: ucs_4.0-0 Scope: errata4.0-5 => SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu-kvm' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC; binver | site | major | minor | patch | scope ------------------------------+------+-------+-------+-------+-------- 1.1.2+dfsg-6.36.201411131534 | ftp | 4 | 0 | 0 | 1.1.2+dfsg-6.36.201411131534 | apt | 4 | 0 | 0 | 1.1.2+dfsg-6.43.201501191249 | apt | 4 | 0 | 0 | errata 1.1.2+dfsg-6.43.201501191249 | ftp | 4 | 0 | 0 | errata 1.1.2+dfsg-6.43.201501191249 | ftp | 4 | 0 | 1 | 1.1.2+dfsg-6.43.201501191249 | apt | 4 | 0 | 1 | 1.1.2+dfsg-6.44.201505131916 | ftp | 4 | 0 | 1 | errata 1.1.2+dfsg-6.44.201505131916 | ftp | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | apt | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | ftp | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | ftp | 4 | 0 | 3 | 1.1.2+dfsg-6.47.201506231351 | apt | 4 | 0 | 3 | 1.1.2+dfsg-6.48.201510271706 | apt | 4 | 0 | 3 | errata 1.1.2+dfsg-6.48.201510271706 | ftp | 4 | 0 | 3 | errata 1.1.2+dfsg-6.48.201510271706 | ftp | 4 | 0 | 4 | 1.1.2+dfsg-6.48.201510271706 | apt | 4 | 0 | 4 | 1.1.2+dfsg-6.50.201605111104 | apt | 4 | 0 | 5 | errata 1.1.2+dfsg-6.51.201605111106 | apt | 4 | 1 | 2 | errata (18 Zeilen) echo -n 45 > /var/univention/buildsystem2/config/versions/qemu Package: qemu Version: 1.1.2+dfsg-6a.46.201605111506 Branch: ucs_4.0-0 Scope: errata4.0-5 => SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC; binver | site | major | minor | patch | scope -------------------------------+------+-------+-------+-------+-------- 1.1.2+dfsg-6a.44.201411131204 | ftp | 4 | 0 | 0 | 1.1.2+dfsg-6a.44.201411131204 | apt | 4 | 0 | 0 | 1.1.2+dfsg-6a.45.201502031112 | apt | 4 | 0 | 1 | 1.1.2+dfsg-6a.45.201502031112 | ftp | 4 | 0 | 1 | 1.1.2+dfsg-6a.46.201605111506 | apt | 4 | 0 | 5 | errata 1.1.2+dfsg-6a.47.201511030926 | ftp | 4 | 1 | 0 | 1.1.2+dfsg-6a.47.201511030926 | apt | 4 | 1 | 0 | (7 Zeilen) r69261 | Bug #40635: qemu[-kvm] UCS_4.0-5 qemu-kvm.yaml qemu.yaml
Note: tested with libvirt update from bug #40318 OK: start, stop, snapshot, snapshot-revert, start migrated instance, VNC OK: qemu.yaml qemu-kvm.yaml Verified
<http://errata.software-univention.de/ucs/4.0/423.html> <http://errata.software-univention.de/ucs/4.0/424.html>