Accepted qemu 1:2.1+dfsg-12+deb8u7 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Sep 2018 16:25:56 +0200
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u7
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 813193 834904 835031 840945 840950 847496 847951 847953 847960 851910 852232 853002 853006 853996 854731 855159 855611 855791 856399 856969 857744 859854 860785 861348 861351 862280 862289 863943 864216 864568 865754 867751 869171 869706 874606 877890 880832 882136 886532 887392 892041
Changes:
qemu (1:2.1+dfsg-12+deb8u7) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Fix the following issues:
* CVE-2015-8666: Heap-based buffer overflow in QEMU when built with the
Q35-chipset-based PC system emulator
* CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write
(Closes: #813193)
* CVE-2016-6833: net: vmxnet3: use after free while writing (Closes: #834904)
* CVE-2016-6835: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device
(Closes: #835031)
* CVE-2016-9603: cirrus: heap buffer overflow via vnc connection
(Closes: #857744)
* CVE-2016-8576: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
* CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick
allowing local guest OS administrators to cause a DoS via a large
interval timer reload value.
(Closes: #840950)
* CVE-2016-8669: char: divide by zero error in serial_update_parameters
(Closes: #840945)
* CVE-2016-9602: 9p: virtfs allows guest to access host filesystem
(Closes: #853006)
* CVE-2016-9776: net: mcf_fec: infinite loop while receiving data in
mcf_fec_receive
* CVE-2016-9907: usb: redirector: memory leakage when destroying
redirector.
(Closes: #847953)
* CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer
(Closes: #847951)
* CVE-2016-9914: 9pfs: add missing cleanup operation in FileOperations
(Closes: #847496)
* CVE-2016-9915: 9pfs: add missing cleanup operation in the handle
backend.
* CVE-2016-9916: 9pfs: add missing cleanup operation in the proxy
backend driver.
* CVE-2016-9921, CVE-2016-9922: display: cirrus_vga: a divide by zero in
cirrus_do_copy
(Closes: #847960)
* CVE-2016-10155: Memory leak in hw/watchdog/wdt_i6300esb.c allowing
local guest OS privileged users to cause a denial of service (host
memory consumption and QEMU process crash) via a large number of
device unplug operations.
(Closes: #852232)
* CVE-2017-2615: cirrus: out-of-bounds access issue
(Closes: 854731)
* CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is
safe
(Closes: #855791)
* CVE-2017-5525: memory leakage in ac97 device
(Closes: #856399)
* CVE-2017-5526: memory leakage in es1370 device
(Closes: #851910)
* CVE-2017-5579: serial: host memory leakage 16550A UART emulation
(Closes: #853002)
* CVE-2017-5667: sd: sdhci: check data length during dma_memory_read
(Closes: #853996)
* CVE-2017-5715: mitigations against the Spectre v2 vulnerability.
(Closes: #886532)
* CVE-2017-5856: Memory leak in the megasas_handle_dcmd function in
hw/scsi/megasas.cc
(Closes: #853996)
* CVE-2017-5987: sd: infinite loop issue in multi block transfers
(Closes: #855159)
* CVE-2017-5973: infinite loop while doing control transfer in
xhci_kick_epctx
(Closes: #855611)
* CVE-2017-6505: infinite loop issue in ohci_service_ed_list
(Closes: #856969)
* CVE-2017-7377: 9pfs: host memory leakage via v9fs_create
(Closes: #859854)
* CVE-2017-7471: improper access control issue
(Closes: #860785)
* CVE-2017-7493: 9pfs access control issue
* CVE-2017-7718: cirrus out-of-bounds access issue
* CVE-2017-7980: cirrus: heap-based buffer overflow
* CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr
(Closes: #861348)
* CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2
(Closes: #861351)
* CVE-2017-8309: audio: host memory leakage via capture buffer
(Closes: #862280)
* CVE-2017-8379: input: host memory leakage via keyboard
(Closes: #862289)
* CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value
(Closes: #863943)
* CVE-2017-9373 ide: ahci host memory leakage during hotunplug.
(Closes: #864216)
CVE-2017-9374: usb: ehci host memory leakage during hotunplug
(Closes: #864216, #864568)
* CVE-2017-9503: megasas: null pointer dereference while processing
megasas command
(Closes: 865754)
* CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging
(Closes: #867751)
* CVE-2017-10911: xen disk may leak stack data via response ring
(Closes: #869706)
* CVE-2017-11434: slirp: out-of-bounds read while parsing dhcp options
(Closes: #869171)
* CVE-2017-14167: i386: multiboot OOB access while loading guest kernel
image
(Closes: #874606)
* CVE-2017-15038: 9p: virtfs: information disclosure when reading
extended attributes
(Closes: #877890)
* CVE-2017-15289: cirrus: OOB access issue in mode4and5 write functions
(Closes: #880832)
* CVE-2017-16845: ps2: information leakage via post_load routine
(Closes: #882136)
* CVE-2017-18030: cirrus out-of-bounds array access
* CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d)
* CVE-2018-5683: Out-of-bounds read in vga_draw_text routine
(Closes: #887392)
* CVE-2018-7550: incorrect handling of multiboot (Closes: #892041)
Checksums-Sha1:
609cd871d25dc18e9a5557c8614a9fe606172784 5567 qemu_2.1+dfsg-12+deb8u7.dsc
e37a02d1cef45d6fc561b262abfd6c8c7e8887f2 188408 qemu_2.1+dfsg-12+deb8u7.debian.tar.xz
bb089c37f3d4e6dee97582adef040f31d5735670 124612 qemu_2.1+dfsg-12+deb8u7_amd64.deb
c1a8cb31f9f929e57694dd2778eb8a44f1cac1c6 53644 qemu-system_2.1+dfsg-12+deb8u7_amd64.deb
cd2f9042d3ce5dc8d0b1842d84cac8923f7e7e10 284088 qemu-system-common_2.1+dfsg-12+deb8u7_amd64.deb
c32b06745ffdba6ba5896f3b7d00c5b446974a99 5449480 qemu-system-misc_2.1+dfsg-12+deb8u7_amd64.deb
009a44b5d029c74059ebb9dfa110dbb1fb5f412f 2234732 qemu-system-arm_2.1+dfsg-12+deb8u7_amd64.deb
134948fc6e844d9ca5936b6d7a6139aae325ad19 2832810 qemu-system-mips_2.1+dfsg-12+deb8u7_amd64.deb
875076ac679e610a00ea8b78d0b342060172a5fc 2860550 qemu-system-ppc_2.1+dfsg-12+deb8u7_amd64.deb
15d185c30364326781669b6a19f1ea9e99b8620a 1666428 qemu-system-sparc_2.1+dfsg-12+deb8u7_amd64.deb
45c96d30dd1677403521962f468be72b77db073c 2050346 qemu-system-x86_2.1+dfsg-12+deb8u7_amd64.deb
1e17eba96715c2a6eccc73930355b4484c388956 5791142 qemu-user_2.1+dfsg-12+deb8u7_amd64.deb
439b6cd42a85c06dbac028d59bd556922a2f0dca 8025940 qemu-user-static_2.1+dfsg-12+deb8u7_amd64.deb
513fa51ca635bf3f21c24685b73cd71ba71982b8 2920 qemu-user-binfmt_2.1+dfsg-12+deb8u7_amd64.deb
93bb3d7abdc5d3e4d409be132ef236d9ddcb8663 485158 qemu-utils_2.1+dfsg-12+deb8u7_amd64.deb
1137ba27984e5527a9cffafc5513c99b61fbce39 138250 qemu-guest-agent_2.1+dfsg-12+deb8u7_amd64.deb
b3efb8f41fccf4d973b331e6eb56b48595ef3177 54332 qemu-kvm_2.1+dfsg-12+deb8u7_amd64.deb
Checksums-Sha256:
7193faa2bf39fd19c2cfad69fc7ed5099908662b67705750c13c89d23f45e2af 5567 qemu_2.1+dfsg-12+deb8u7.dsc
0d49f55435d5ee68e6100c847fef8964c8fd5f4193eacb4d8100a28ab56822eb 188408 qemu_2.1+dfsg-12+deb8u7.debian.tar.xz
5ccffbb16dbf07941b2970cc4f0f560c8c21ddbeb2e56dffc5ee5ab4a479ab54 124612 qemu_2.1+dfsg-12+deb8u7_amd64.deb
b48442dc092865754c1313e61e4b6f32b94fa657091ecea842325e93cdc736af 53644 qemu-system_2.1+dfsg-12+deb8u7_amd64.deb
eb60675d42c34d261b41e7b46c24d71aa14ad91308db00b8232c7ef5f22c1cd2 284088 qemu-system-common_2.1+dfsg-12+deb8u7_amd64.deb
9722c66d281f884a8b0e4ece5086d6513a30ca8322b7dfaf125f01bcebff7e06 5449480 qemu-system-misc_2.1+dfsg-12+deb8u7_amd64.deb
31e3e28cd5ac293624464f8e045efca98fc8a6474bde9ce827f2a392441261ac 2234732 qemu-system-arm_2.1+dfsg-12+deb8u7_amd64.deb
e234bd43c5e4a204cd46a437a8a6cc9a46db6b594e555f0ed3d2f5541e83969f 2832810 qemu-system-mips_2.1+dfsg-12+deb8u7_amd64.deb
89f260f307865f98c05657b457944d752b1c25333df7d9a08303d1693ec3cab3 2860550 qemu-system-ppc_2.1+dfsg-12+deb8u7_amd64.deb
8df8f01854df18658701ef658ab54864ac5a049b9ebad9499689bd09d27e4b00 1666428 qemu-system-sparc_2.1+dfsg-12+deb8u7_amd64.deb
78822ace887a7cfa71ab244742c7dcc8e4225a543a8db077deb5493319fb2810 2050346 qemu-system-x86_2.1+dfsg-12+deb8u7_amd64.deb
6bdcb61d6d26308c45bb7a5ac9b7239c25f07d45c19cbbea618c69993af5efb6 5791142 qemu-user_2.1+dfsg-12+deb8u7_amd64.deb
a487b9fb371009760332d3b9924b4849122183e04d1160c3f9509fca0d272e04 8025940 qemu-user-static_2.1+dfsg-12+deb8u7_amd64.deb
4fd260702e018bd62c90f7c4d0e4244aae4ac39c6fa468d900985bee7f43422f 2920 qemu-user-binfmt_2.1+dfsg-12+deb8u7_amd64.deb
9f2c5bae7d1988b7bf87016552dad3d38e81175dc32deca62dc818ddaac06de2 485158 qemu-utils_2.1+dfsg-12+deb8u7_amd64.deb
de73a89e5ed7363d1121fe37df52cc18590473d72a575b466ed443f2a06d2161 138250 qemu-guest-agent_2.1+dfsg-12+deb8u7_amd64.deb
718ddf6a9b929dcba1bf819e3df04f52bb59cb6355cfef9d1f6a81c2c21fe883 54332 qemu-kvm_2.1+dfsg-12+deb8u7_amd64.deb
Files:
f1e13e363699563efc73d051f51311e9 5567 otherosfs optional qemu_2.1+dfsg-12+deb8u7.dsc
06627de4d14612f1352e75b5cf57840f 188408 otherosfs optional qemu_2.1+dfsg-12+deb8u7.debian.tar.xz
a6b2de36c8f1e81d366a26b3efd10249 124612 otherosfs optional qemu_2.1+dfsg-12+deb8u7_amd64.deb
888f40ba1da8b0d96b6e14e64a8d369d 53644 otherosfs optional qemu-system_2.1+dfsg-12+deb8u7_amd64.deb
339a34ae5037e92e14f0a485c9d4da76 284088 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u7_amd64.deb
eb5bf9ef5d2b5f0e2ca60ff8c24cc284 5449480 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u7_amd64.deb
7434768fbc311c87dd9ef989f7fa09a4 2234732 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u7_amd64.deb
0872bf206e00cdf17570917a3008adec 2832810 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u7_amd64.deb
ce6372837d6b1ebdde46fc863e022ea7 2860550 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u7_amd64.deb
5c4cc09805eed038825a2a71f5426624 1666428 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u7_amd64.deb
f92a0bb838ef4fb6bfcffe1b64412d2a 2050346 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u7_amd64.deb
24eb8ec9ae449f3fb31f32a7ecf736f7 5791142 otherosfs optional qemu-user_2.1+dfsg-12+deb8u7_amd64.deb
b8dcfc378c106d546d3c76e9c1bbb5e2 8025940 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u7_amd64.deb
cc9eeb8b1ee461c1c506cb28c2ba3171 2920 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u7_amd64.deb
9e59a6b06df5a61132338326a45a745c 485158 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u7_amd64.deb
3255b5cf4ef540ed6d112db6f263f8b1 138250 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u7_amd64.deb
840f25721e642b3e264881f7a0678abd 54332 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAluQ5rQWHHNhbnRpYWdv
cnJAcmlzZXVwLm5ldAAKCRAVf9rhFfHirY6bEACCl2jSKR7r4erD9JmOs1jnhwGj
TopXiQUfvTpx4tXYR188MUreloyRKs3Mkzf3M0czZl6kLONNLwzULkEyLZqKCjYU
ibOi3moBpNOUp7LdsqtPC/pkkFzWOryPFD6d9qEGSWE+8LzZz88ft5lwPEvsCnzQ
H+jw7fcu02EvJe3mJrZP1OzPYj7TU+Pwhzt8ZJ2GKFWSOJ1rAuOUKdwoLl8EMsvE
52EWCuq6CwPfJMg0y4xiRHILYCd35py2AFDU+c3G8TnWvpoMrNuSlCHjJTsXHjKu
gWyfa2zywPcix4xwS0ldJkeLkIGHtSSr0+sV+JmKgAneHWZzP7Ll9/ebmGLjxVig
dK6/89fNFIrZA4xWM4YMeG1u+5jLL2TeI41aHcxOEwkyPQ/8y2I438DG+fKNwQwn
Qm3cgeACzv77h1zBCOPWSTs/+s/wGaqDzvKCD0tu9HKNinXo8jFpP7AzTvzCVZEH
6Q3nra3AYDA8caZaUizDo4839oLl7Nu5Zmcsz8ay5kFnM9V6mf9GveiUMITSwpJu
d8PKF3MCc0zbp3B9hoSNA4QijzzIBhqUZQAcirbbB6H/UhGvd3cCwzn0Byb5ysKq
62mLp73iE3svWJAIEoMkrh76CTpjNJwojPhx/sv83tuSc6Gv36knADjylKCF+T0a
A70pOhMtCE/UqC58jg==
=rMqT
-----END PGP SIGNATURE-----