Bug 43359
| Summary: | qemu: Multiple issues (4.1) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Janek Walkenhorst <walkenhorst> |
| Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
| Severity: | normal | ||
| Priority: | P5 | CC: | requate |
| Version: | UCS 4.1 | ||
| Target Milestone: | UCS 4.1-4-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=43360 | ||
| What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | Security | |
| Max CVSS v3 score: | |||
Upstream Debian package version 1.1.2+dfsg-6+deb7u20 fixes: CVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-597 Version 1.1.2+dfsg-6+deb7u20 Rev 83655 Date 2017-03-17 13:31:24
Release 4.1-0-0 Scope errata4.1-4
repo_admin.py -U -p qemu -d wheezy -r 4.1 -s errata4.1-4 # 1.1.2+dfsg-6+deb7u20
Package: qemu
Version: 1.1.2+dfsg-6.55.201704191253
Branch: ucs_4.1-0
Scope: errata4.1-4
r78832 | Bug #43360: qemu-1.1.2+dfsg-6+deb7u20 errata4.1-4 YAML
QA: qemu-system-x86_64 -kernel /boot/vmlinuz-`uname -r` -m 512m
Advisory: OK Tests (amd64, KVM host): OK |
CVE-2016-9911 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/ process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9921, CVE-2016-9922 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u19.