Univention Bugzilla – Bug 40634
qemu-kvm: multiple issues (4.1)
Last modified: 2016-10-05 12:46:44 CEST
Upstream Debian package version 1.1.2+dfsg-6+deb7u12 fixes these issues: * pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) (XSA-162) * net: pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) * Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. (CVE-2015-7512) * Qemu: net: eepro100: infinite loop in processing command block list (CVE-2015-8345) * vnc: avoid floating point exception (CVE-2015-8504) * usb: infinite loop in ehci_advance_state results in DoS (CVE-2015-8558) * net: ne2000: OOB r/w in ioport operations (CVE-2015-8743) * ide: ahci use-after-free vulnerability in aio port commands (CVE-2016-1568) * nvram: OOB r/w access in processing firmware configurations (CVE-2016-1714) * i386: null pointer dereference in vapic_write() (CVE-2016-1922)
The same issues effect the "qemu" package and have been fixed in version 1.1.2+dfsg-6a+deb7u12 of that package.
1.1.2+dfsg-6+deb7u12 changelog also mentions this as fixed: * virtio-net: possible remote DoS (CVE-2015-7295)
repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu-kvm --ignore-patch repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu --ignore-patch r16502 | Bug #40634: qemu UCS-4.1-2 Package: qemu-kvm Version: 1.1.2+dfsg-6.51.201605111106 Branch: ucs_4.1-0 Scope: errata4.1-2 => SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu-kvm' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC; binver | site | major | minor | patch | scope ------------------------------+------+-------+-------+-------+-------- 1.1.2+dfsg-6.36.201411131534 | ftp | 4 | 0 | 0 | 1.1.2+dfsg-6.36.201411131534 | apt | 4 | 0 | 0 | 1.1.2+dfsg-6.43.201501191249 | apt | 4 | 0 | 0 | errata 1.1.2+dfsg-6.43.201501191249 | ftp | 4 | 0 | 0 | errata 1.1.2+dfsg-6.43.201501191249 | ftp | 4 | 0 | 1 | 1.1.2+dfsg-6.43.201501191249 | apt | 4 | 0 | 1 | 1.1.2+dfsg-6.44.201505131916 | ftp | 4 | 0 | 1 | errata 1.1.2+dfsg-6.44.201505131916 | ftp | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | apt | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | ftp | 4 | 0 | 2 | errata 1.1.2+dfsg-6.47.201506231351 | ftp | 4 | 0 | 3 | 1.1.2+dfsg-6.47.201506231351 | apt | 4 | 0 | 3 | 1.1.2+dfsg-6.48.201510271706 | apt | 4 | 0 | 3 | errata 1.1.2+dfsg-6.48.201510271706 | ftp | 4 | 0 | 3 | errata 1.1.2+dfsg-6.48.201510271706 | ftp | 4 | 0 | 4 | 1.1.2+dfsg-6.48.201510271706 | apt | 4 | 0 | 4 | 1.1.2+dfsg-6.50.201605111104 | apt | 4 | 0 | 5 | errata 1.1.2+dfsg-6.51.201605111106 | apt | 4 | 1 | 2 | errata (18 Zeilen) Package: qemu Version: 1.1.2+dfsg-6a.49.201605111538 Branch: ucs_4.1-0 Scope: errata4.1-2 => SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC; binver | site | major | minor | patch | scope -------------------------------+------+-------+-------+-------+-------- 1.1.2+dfsg-6a.44.201411131204 | apt | 4 | 0 | 0 | 1.1.2+dfsg-6a.44.201411131204 | ftp | 4 | 0 | 0 | 1.1.2+dfsg-6a.45.201502031112 | ftp | 4 | 0 | 1 | 1.1.2+dfsg-6a.45.201502031112 | apt | 4 | 0 | 1 | 1.1.2+dfsg-6a.46.201605111506 | apt | 4 | 0 | 5 | errata 1.1.2+dfsg-6a.47.201511030926 | ftp | 4 | 1 | 0 | 1.1.2+dfsg-6a.47.201511030926 | apt | 4 | 1 | 0 | 1.1.2+dfsg-6a.49.201605111538 | apt | 4 | 1 | 2 | errata (8 Zeilen) r69262 | Bug #40634: qemu[-kvm] UCS_4.1-2 YAML qemu-kvm.yaml qemu.yaml
Note: tested with libvirt update from bug #40317 OK: start, stop, snapshot, snapshot-revert, start migrated instance, VNC OK: qemu.yaml qemu-kvm.yaml Verified
<http://errata.software-univention.de/ucs/4.1/180.html> <http://errata.software-univention.de/ucs/4.1/181.html>