Bug 43359 - qemu: Multiple issues (4.1)
qemu: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-17 17:38 CET by Janek Walkenhorst
Modified: 2017-05-24 11:10 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2017-01-17 17:38:24 CET
CVE-2016-9911

    Quick Emulator (Qemu) built with the USB EHCI Emulation support
    is vulnerable to a memory leakage issue. It could occur while
    processing packet data in 'ehci_init_transfer'. A guest user/
    process could use this issue to leak host memory, resulting in
    DoS for a host.

CVE-2016-9921, CVE-2016-9922

    Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator
    support is vulnerable to a divide by zero issue. It could occur
    while copying VGA data when cirrus graphics mode was set to be
    VGA. A privileged user inside guest could use this flaw to crash
    the Qemu process instance on the host, resulting in DoS.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.
Comment 1 Arvid Requate univentionstaff 2017-04-19 09:43:19 CEST
Upstream Debian package version 1.1.2+dfsg-6+deb7u20 fixes:

CVE ID         : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-597
Comment 2 Philipp Hahn univentionstaff 2017-04-19 13:33:34 CEST
Version 1.1.2+dfsg-6+deb7u20    Rev 83655       Date 2017-03-17 13:31:24
        Release 4.1-0-0 Scope errata4.1-4

repo_admin.py -U -p qemu -d wheezy -r 4.1 -s errata4.1-4 # 1.1.2+dfsg-6+deb7u20

Package: qemu
Version: 1.1.2+dfsg-6.55.201704191253
Branch: ucs_4.1-0
Scope: errata4.1-4

r78832 | Bug #43360: qemu-1.1.2+dfsg-6+deb7u20 errata4.1-4 YAML

QA: qemu-system-x86_64 -kernel /boot/vmlinuz-`uname -r` -m 512m
Comment 3 Janek Walkenhorst univentionstaff 2017-05-19 14:20:37 CEST
Advisory: OK
Tests (amd64, KVM host): OK
Comment 4 Janek Walkenhorst univentionstaff 2017-05-24 11:10:24 CEST
<http://errata.software-univention.de/ucs/4.1/425.html>