Univention Bugzilla – Bug 48165
qemu: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:16 CET
New Debian qemu 1:2.8+dfsg-6+deb9u5A~4.3.2.201811190845 fixes: This update addresses the following issues: * ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * net: ignore packets with large size (CVE-2018-17963)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/qemu_2.8+dfsg-6+deb9u4A~4.3.1.201807041541.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/qemu_2.8+dfsg-6+deb9u5A~4.3.0.201811191133.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u4A~4.3.1.201807041541 [Wed, 04 Jul 2018 15:42:05 +0200] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u5A~4.3.0.201811191133 [Mon, 19 Nov 2018 11:33:49 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -11,6 +11,13 @@ 1005-0006-Bug-38877-debug-loadvm-offset 1006-0007-Bug-38877-fix-qemu-kvm-1.1-piix4_pm-incompatibi 1007-0008-x86-Work-around-SMI-migration-breakages + +1:2.8+dfsg-6+deb9u5 [Thu, 08 Nov 2018 16:41:45 +0100] Moritz Mühlenhoff <jmm@debian.org>: + + * Backport SSBD support (Closes: #908682) + * CVE-2018-10839 (Closes: #910431) + * CVE-2018-17962 (Closes: #911468) + * CVE-2018-17963 (Closes: #911469) 1:2.8+dfsg-6+deb9u4 [Sat, 26 May 2018 13:06:04 +0300] Michael Tokarev <mjt@tls.msk.ru>: <http://10.200.17.11/4.3-2/#4667492706658492053>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] 1aafee6419 Bug #48165: qemu 1:2.8+dfsg-6+deb9u5A~4.3.0.201811191133 doc/errata/staging/qemu.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-2] c78d458ef6 Bug #48165: qemu 1:2.8+dfsg-6+deb9u5A~4.3.2.201811190703 doc/errata/staging/qemu.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.3/325.html>