Univention Bugzilla – Bug 50059
qemu: Multiple issues (4.4)
Last modified: 2019-08-28 15:50:05 CEST
New Debian qemu 1:2.8+dfsg-6+deb9u8A~4.4.1.201908270838 fixes: This update addresses the following issues: * device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815) * qemu-bridge-helper ACL can be bypassed when names are too long (CVE-2019-13164) * slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/qemu_2.8+dfsg-6+deb9u7A~4.4.0.201906241257.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/qemu_2.8+dfsg-6+deb9u8A~4.4.1.201908270838.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u7A~4.4.0.201906241257 [Mon, 24 Jun 2019 12:57:54 +0200] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u8A~4.4.1.201908270838 [Tue, 27 Aug 2019 08:38:43 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -13,6 +13,28 @@ 1007-0008-x86-Work-around-SMI-migration-breakages 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC +1:2.8+dfsg-6+deb9u8 [Fri, 09 Aug 2019 13:41:43 +0300] Michael Tokarev <mjt@tls.msk.ru>: + + [ Michal Arbet ] + * Fix improper backport of CVE-2017-9524 fix that caused NBD + connections to hang (Closes: #873012). Thanks to Geoffrey Thomas. + - nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch: + Don't move nbd_set_handlers before nbd_negotiate. + - nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch: + Refresh. + + [ Michael Tokarev ] + * slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch + bugfix in user-level networking + Closes: #933741, CVE-2019-14378 + * qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch + Closes: #931351, CVE-2019-13164 + * integrate fix-md-clear-backport.patch into enable-md-clear.patch + Thanks Moritz Mühlenhoff and Vincent Tondellier + * device_tree-dont-use-load_image-CVE-2018-20815.patch + fix unlikely overflow via saved image file size + Closes: CVE-2018-20815 + 1:2.8+dfsg-6+deb9u7 [Wed, 05 Jun 2019 23:33:57 +0200] Moritz Mühlenhoff <jmm@debian.org>: * Fix the md_clear backport, thanks to Vincent Tondellier (Closes: #929067) <http://10.200.17.11/4.4-1/#1976429912342171115>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] dcbaa8a3c4 Bug #50059: qemu 1:2.8+dfsg-6+deb9u8A~4.4.1.201908270838 doc/errata/staging/qemu.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.4/243.html>