Univention Bugzilla – Bug 52450
qemu: Multiple issues (4.4)
Last modified: 2020-12-09 13:11:57 CET
New Debian qemu 1:2.8+dfsg-6+deb9u12A~4.4.7.202012011517 fixes: This update addresses the following issues: * sdhci: out-of-bounds access issue while doing multi block SDMA (CVE-2020-25085) * usb: hcd-ohci: out-of-bound access issue while processing transfer descriptors (CVE-2020-25624) * usb: hcd-ohci: infinite loop issue while processing transfer descriptors (CVE-2020-25625) * assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) * net: an assert failure via eth_get_gso_type (CVE-2020-27617)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/qemu_2.8+dfsg-6+deb9u11A~4.4.5.202009140857.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/qemu_2.8+dfsg-6+deb9u12A~4.4.7.202012011517.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u11A~4.4.5.202009140857 [Mon, 14 Sep 2020 09:01:24 +0200] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u12A~4.4.7.202012011517 [Tue, 01 Dec 2020 15:22:01 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -13,6 +13,28 @@ 1007-0008-x86-Work-around-SMI-migration-breakages 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC +1:2.8+dfsg-6+deb9u12 [Sun, 29 Nov 2020 12:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-27617 + Using a crafted network packet, a guest OS user might trigger an + assertion failure and thus crash qemu. + * CVE-2020-25723 + An assertion failure might happen after not handling + the result of 'usb_packet_map'. + * CVE-2020-25625 + Handling of retired OHCI transfer descriptors(TD), might result + in an infinite loop if the TD was already processed and holds + an error code. + * CVE-2020-25624 + Handling of OHCI transfer descriptors(TD), might result in + out-of-bounds access issues, when trusting values supplied + by host controller drivers without additional checks. + * CVE-2020-25085 + Doing multi block SDMA with transfer block size exceeding the + fifo buffer size might result in an OOB access issue, which + can be triggered by a guest user and crash qemu. + 1:2.8+dfsg-6+deb9u11 [Tue, 08 Sep 2020 12:54:35 +0530] Abhijith PA <abhijith@debian.org>: * Non-maintainer upload by the Debian LTS team. <http://10.200.17.11/4.4-7/#8800362207317366591>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 51a257ef75 Bug #52451: Fix yaml scope doc/errata/staging/qemu.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] a444d56ed2 Bug #52451: set correct erratalevel for security imports doc/errata/staging/qemu.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] 42ab186e5b Bug #52450: yaml doc/errata/staging/qemu.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x832>