Bug 43360 - qemu-kvm: Multiple issues (4.1)
qemu-kvm: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-17 17:38 CET by Janek Walkenhorst
Modified: 2017-05-24 11:10 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2017-01-17 17:38:27 CET
CVE-2016-9911

    qemu-kvm built with the USB EHCI Emulation support is vulnerable
    to a memory leakage issue. It could occur while processing packet
    data in 'ehci_init_transfer'. A guest user/process could use this
    issue to leak host memory, resulting in DoS for a host.

CVE-2016-9921, CVE-2016-9922

    qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is
    vulnerable to a divide by zero issue. It could occur while copying
    VGA data when cirrus graphics mode was set to be VGA. A privileged
    user inside guest could use this flaw to crash the Qemu process
    instance on the host, resulting in DoS.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.
Comment 1 Philipp Hahn univentionstaff 2017-03-17 13:28:06 CET
qemu-kvm_1.1.2+dfsg-6+deb7u20.dsc
  3   * CVE-2017-2620: cirrus: add blit_is_unsafe call to cirrus_bitblt                                             
  4   * display: cirrus: ignore source pitch value as needed in blit_is_unsafe                                      
  5     This is an update for CVE-2016-9921                                                                         
  6   * CVE-2017-2615: cirrus: fix oob access issue                                                                 
  7   * CVE-2017-5973: xhci: apply limits to loops                                                                  
  8   * CVE-2017-5898: usb: ccid: check ccid apdu length
Comment 2 Philipp Hahn univentionstaff 2017-03-17 14:07:29 CET
r17409 | Bug #43360: qemu-kvm-1.1.2+dfsg-6+deb7u20 errata4.1-4

Package: qemu-kvm
Version: 1.1.2+dfsg-6.53.201703171339
Branch: ucs_4.1-0
Scope: errata4.1-4

r77888 | Bug #43360: qemu-kvm-1.1.2+dfsg-6+deb7u20 errata4.1-4 YAML
Comment 3 Janek Walkenhorst univentionstaff 2017-05-19 14:20:42 CEST
Advisory: OK
Tests (amd64, KVM host): OK
Comment 4 Janek Walkenhorst univentionstaff 2017-05-24 11:10:25 CEST
<http://errata.software-univention.de/ucs/4.1/426.html>