Univention Bugzilla – Bug 43360
qemu-kvm: Multiple issues (4.1)
Last modified: 2017-05-24 11:10:25 CEST
CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9921, CVE-2016-9922 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u19.
qemu-kvm_1.1.2+dfsg-6+deb7u20.dsc 3 * CVE-2017-2620: cirrus: add blit_is_unsafe call to cirrus_bitblt 4 * display: cirrus: ignore source pitch value as needed in blit_is_unsafe 5 This is an update for CVE-2016-9921 6 * CVE-2017-2615: cirrus: fix oob access issue 7 * CVE-2017-5973: xhci: apply limits to loops 8 * CVE-2017-5898: usb: ccid: check ccid apdu length
r17409 | Bug #43360: qemu-kvm-1.1.2+dfsg-6+deb7u20 errata4.1-4 Package: qemu-kvm Version: 1.1.2+dfsg-6.53.201703171339 Branch: ucs_4.1-0 Scope: errata4.1-4 r77888 | Bug #43360: qemu-kvm-1.1.2+dfsg-6+deb7u20 errata4.1-4 YAML
Advisory: OK Tests (amd64, KVM host): OK
<http://errata.software-univention.de/ucs/4.1/426.html>