Accepted qemu 1:2.1+dfsg-12+deb8u8 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Nov 2018 11:22:21 +0100
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 815008 815009 815680 817181 817182 817183 821038 821061 821062 822344 824856 825210 825614 825615 825616 826152 827024 827026 832621 834902 834905 834944 836502 837174 837316 837339 838147 838850 839834 839835 840340 840341 841950 841955 842455 866674 910431 911468 911469
Changes:
qemu (1:2.1+dfsg-12+deb8u8) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Fix the following issues:
* CVE-2016-2391: multiple eof_timers in ohci usb leads to null pointer
dereference. Reported by Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
(Closes:#815009)
* CVE-2016-2392: usb: null pointer dereference in remote NDIS control
message handling. Reported by Qinghao Tang <luodalongde@gmail.com>
(Closes: #815008)
* CVE-2016-2538: usb: integer overflow in remote NDIS control message
handling. Reported by Qinghao Tang <luodalongde@gmail.com>
(Closes: #815680)
* CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive. Reported by
Yang Hongke <yanghongke@huawei.com>
(Closes: #817181)
* CVE-2016-2857: net: out of bounds read in net_checksum_calculate. Reported
by Liu Ling <liuling-it@360.cn>
(Closes: #817182)
* CVE-2016-2858: rng-random: arbitrary stack based allocation leading to
corruption.
(Closes: #817183)
* CVE-2016-4001: net: buffer overflow in stellaris_enet emulator. Reported
by Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
(Closes: #821038)
* CVE-2016-4002: net: buffer overflow in MIPSnet emulator. Reported by
Oleksandr Bazhaniuk.
(Closes: #821061)
* CVE-2016-4020: i386: leakage of stack memory to guest in kvmvapic.c.
Reported by Donghai Zdh.
(Closes: #821062)
* CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD
process. Reported by 杜少博 <dushaobo@360.cn>.
(Closes: #822344)
* CVE-2016-4439: 53C9X Fast SCSI Controller (FSC) support does not properly
check command buffer length.
(Closes: #824856)
* CVE-2016-4441: 53C9X Fast SCSI Controller (FSC) support in QEMU does not
properly check DMA length.
(Closes: #824856)
* CVE-2016-4453: incorrect handling of the VMWare VGA module, that may be
used to cause QEMU to crash. Reported by Li Qiang.
* CVE-2016-4454: incorrect handling of incorrect handling of the VMWare VGA
module, that may be used to obtain host sensitive information or cause
QEMU to crash.
* CVE-2016-4952: scsi: pvscsi: out-of-bounds access issue. Reported by
Li Qiang.
(Closes: #825210)
* CVE-2016-5105: scsi: megasas: stack information leakage while reading
configuration. Reported by Li Qiang.
(Closes: #825614)
* CVE-2016-5106: scsi: megasas: out-of-bounds write while setting controller
properties. Reported by Li Qiang.
(Closes: #825615)
* CVE-2016-5107: scsi: megasas: out-of-bounds read in megasas_lookup_frame()
function. Reported by Li Qiang.
(Closes: #825616)
* CVE-2016-5238: scsi: esp: OOB write when using non-DMA mode in get_cmd.
Reported by Li Qiang.
(Closes: #826152)
* CVE-2016-5337: scsi: megasas: information leakage in
megasas_ctrl_get_info. Reported by Li Qiang.
(Closes: #827026)
* CVE-2016-5338: scsi: out-of-bounds read/write access while processing
ESP_FIFO. Reported by Li Qiang.
(Closes: #827024)
* CVE-2016-6351: scsi: esp: oob write access while reading ESP command.
Reported by Li Qiang.
(Closes: #832621)
* CVE-2016-6834: infinite loop during packet fragmentation. Reported by
Li Qiang.
(Closes: #834905)
* CVE-2016-6836: Information leak in vmxnet3_complete_packet. Reported by
Li Qiang.
(Closes: #834944)
* CVE-2016-6888: vmxnet: integer overflow in packet initialisation. Reported
by Li Qiang.
(Closes: #834902)
* CVE-2016-7116: 9p: directory traversal flaw in 9p virtio backend. Reported
by Felix Wilhelm.
(Closes: #836502)
* CVE-2016-7155: scsi: pvscsi: OOB read and infinite loop while setting
descriptor rings. Reported by Tom Victor and Li Qiang.
(Closes: #837174)
* CVE-2016-7156: scsi: pvscsi: infintie loop when building SG list. Reported
by Li Qiang.
(Closes: #837339)
* CVE-2016-7161: net: Fix a heap overflow in xlnx.xps-ethernetlite. Reported
by Hu Chaojian.
(Closes: #838850)
* CVE-2016-7170: vmware_vga: out-of-bounds stack memory access when
processing svga command. Reported by: Qinghao Tang and Li Qiang.
(Closes: #837316)
* CVE-2016-7421: scsi: pvscsi: infinite loop when processing IO requests.
Reported by Li Qiang.
(Closes: #838147)
* CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx. Reported by Li Qiang.
(Closes: #839835)
* CVE-2016-7909: net: pcnet: infinite loop in pcnet_rdra_addr. Reported by
Li Qiang.
(Closes: #839834)
* CVE-2016-8577: 9pfs: host memory leakage in v9fs_read. Reported by
Li Qiang.
(Closes: #840341)
* CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines. Reported
by Li Qiang.
(Closes: #840340)
* CVE-2016-8909: audio: intel-hda: infinite loop in processing dma buffer
stream. Reported by Huawei PSIRT.
(Closes: #841950)
* CVE-2016-8910: net: rtl8139: infinite loop while transmit in C+ mode.
Reported by Andrew Henderson.
(Closes: #841955)
* CVE-2016-9101: net: eepro100 memory leakage at device unplug. Reported by
Li Qiang.
(Closes: #842455)
* CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106:
various Plan 9 File System (9pfs) security issues. Reported by Li Qiang.
* CVE-2017-10664: qemu-nbd: server breaks with SIGPIPE upon client abort.
(Closes: #866674)
* CVE-2018-10839: integer overflow leads to buffer overflow issue. Reported
by Daniel Shapira.
(Closes: #910431)
* CVE-2018-17962: pcnet: integer overflow leads to buffer overflow. Reported
by Daniel Shapira.
(Closes: #911468)
* CVE-2018-17963: net: ignore packets with large size. Reported by Daniel
Shapira.
(Closes: #911469)
Checksums-Sha1:
b050e7b0bbced587c7d47e44d4b3a407c84b1a02 5567 qemu_2.1+dfsg-12+deb8u8.dsc
4cca3b40ca7ecd3e1293ba1ddeecea2fdfd7e0a6 211324 qemu_2.1+dfsg-12+deb8u8.debian.tar.xz
6cda5354e610baeaa26fd7a27cb7e74f2b48251f 126164 qemu_2.1+dfsg-12+deb8u8_amd64.deb
7bbfa26ba3e4bc39861c4c7fea23efb53e912095 55196 qemu-system_2.1+dfsg-12+deb8u8_amd64.deb
21f94f7ca00f5ac752bc503251fb2e4abc96c218 285548 qemu-system-common_2.1+dfsg-12+deb8u8_amd64.deb
8f2dacb62971f07c51159477c370a6ae2f4e6c8d 5471492 qemu-system-misc_2.1+dfsg-12+deb8u8_amd64.deb
0bc73c897ed57be147172c24a72829d40c6174c4 2238420 qemu-system-arm_2.1+dfsg-12+deb8u8_amd64.deb
4296c8915e7645b8bf65cf8e90d45d51d1ea14b8 2836732 qemu-system-mips_2.1+dfsg-12+deb8u8_amd64.deb
00a46a5a5208a8b79736515af898a1b193632fc8 2870488 qemu-system-ppc_2.1+dfsg-12+deb8u8_amd64.deb
e18c72ba2ce39d54c1b1ae7859cb53df22186c1f 1671326 qemu-system-sparc_2.1+dfsg-12+deb8u8_amd64.deb
d5109616e14c1b0724e059552f059c539a0535de 2053680 qemu-system-x86_2.1+dfsg-12+deb8u8_amd64.deb
5ef2087089587db7b26e101377bf2e0c8548bf03 5795120 qemu-user_2.1+dfsg-12+deb8u8_amd64.deb
30b5d6eab3f509401aa65927623a6b1ed9b8ce01 8024122 qemu-user-static_2.1+dfsg-12+deb8u8_amd64.deb
8a0d6c334d4200a6c9cb90aff2ad1f05379eb300 2920 qemu-user-binfmt_2.1+dfsg-12+deb8u8_amd64.deb
1f089fcfa7d475d75c0243d95a71e144c3fc11a8 486838 qemu-utils_2.1+dfsg-12+deb8u8_amd64.deb
ec38429f7a3f5593eef59f5d2372ce952e0c7552 139790 qemu-guest-agent_2.1+dfsg-12+deb8u8_amd64.deb
1ad05d3e1b43605f0dc2b3f040bcc594ddcc2152 55870 qemu-kvm_2.1+dfsg-12+deb8u8_amd64.deb
Checksums-Sha256:
640eb9ace5cf443f0c6b7af0718ed16348e3458a2bdb5183cb80e5c3f08d6708 5567 qemu_2.1+dfsg-12+deb8u8.dsc
0d1b2ed4478e0103935c29aa859eb271d328ffaf427feb93c5092ac2d9c13e3d 211324 qemu_2.1+dfsg-12+deb8u8.debian.tar.xz
701cb5244d238a2010d06000853d6e96579065cf6537331670160ced9acda1ab 126164 qemu_2.1+dfsg-12+deb8u8_amd64.deb
b493f680d0caff3213ab133d16a9da441ceea37b3e4acf813877d752545f727d 55196 qemu-system_2.1+dfsg-12+deb8u8_amd64.deb
7b8aacf8fe32abab1502b29474a9bf74a4bd965786ad0dc7cd9b705e5bddcc55 285548 qemu-system-common_2.1+dfsg-12+deb8u8_amd64.deb
afcaa67cf58d9bd04b610483586fb6eaec9dc706e9a6c92737f6cd0414f258c4 5471492 qemu-system-misc_2.1+dfsg-12+deb8u8_amd64.deb
037f9b2e08de00523a5ed881118e26a93f90cd9b78eb36d575c23e27b7ba5fc1 2238420 qemu-system-arm_2.1+dfsg-12+deb8u8_amd64.deb
857e5085b679ca1a0653a61bfbee5feddfb8d80352914b3e0cfd6a0dc9b219e3 2836732 qemu-system-mips_2.1+dfsg-12+deb8u8_amd64.deb
3e51fa47e3a91eae51145242f82fa6b55929e13491bae4af0f5827ef63b78148 2870488 qemu-system-ppc_2.1+dfsg-12+deb8u8_amd64.deb
4d8b39f49500ed8202ba7db74549bda5f2cba2d0f033a4673f9f5eaea09771ff 1671326 qemu-system-sparc_2.1+dfsg-12+deb8u8_amd64.deb
eeddb8c3a99382ead1ea077db577e6bdf45aad71474d6ef1100c3a62cbdf5079 2053680 qemu-system-x86_2.1+dfsg-12+deb8u8_amd64.deb
8a02278daa9cca32fc0285d1dff345560301339aa8b105a021d6453a440c15cc 5795120 qemu-user_2.1+dfsg-12+deb8u8_amd64.deb
e3a01165297b9d9cbfdc15a1333797db0faee8d68b39d6889240e802cb7039fa 8024122 qemu-user-static_2.1+dfsg-12+deb8u8_amd64.deb
20ba8e13c3e3dd5c5a859dde83066cba56152a7206350b5fe45e0866fd20459b 2920 qemu-user-binfmt_2.1+dfsg-12+deb8u8_amd64.deb
767f1eb4bd83413674538c8109ddec2a67730b10914c8e92fc79f268fc28109b 486838 qemu-utils_2.1+dfsg-12+deb8u8_amd64.deb
db935b3c2fc0f423585d072b5f0b3a4cc893ef935c1b4fb6c442731bbb67d84c 139790 qemu-guest-agent_2.1+dfsg-12+deb8u8_amd64.deb
489c97c97275b6ec15ba0f2382ad21340eadc789698917f12b353a26de1fb1a8 55870 qemu-kvm_2.1+dfsg-12+deb8u8_amd64.deb
Files:
6e420a6469aa425474c04013429ee029 5567 otherosfs optional qemu_2.1+dfsg-12+deb8u8.dsc
59c57adb81c7aa68d9b54f43242fb3f2 211324 otherosfs optional qemu_2.1+dfsg-12+deb8u8.debian.tar.xz
1477f9232a3535c34b58379d52b34adc 126164 otherosfs optional qemu_2.1+dfsg-12+deb8u8_amd64.deb
4dbf03daea577d3c93d9484b1c3c1f96 55196 otherosfs optional qemu-system_2.1+dfsg-12+deb8u8_amd64.deb
381c1dc0744434c1e1b2316f42db8c69 285548 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u8_amd64.deb
e7890ffbae2fa73fbe9df30bf70d2742 5471492 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u8_amd64.deb
004003ed2b45caca516a415f4ad2818e 2238420 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u8_amd64.deb
b40f692622619f6a832ababa1fd095c7 2836732 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u8_amd64.deb
15fec2a18de58e301b81bcf4713692ad 2870488 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u8_amd64.deb
37f21b881937312ed4fa398b72857984 1671326 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u8_amd64.deb
7bf1b4cb18c3c2df3bbcf96a532ce1eb 2053680 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u8_amd64.deb
1d298d8985ad738ef554fc4d3b601eac 5795120 otherosfs optional qemu-user_2.1+dfsg-12+deb8u8_amd64.deb
38d16d79d8e6e17a54b53b57c31cd32e 8024122 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u8_amd64.deb
9ce234daea9d89c49c279241ecda5761 2920 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u8_amd64.deb
e855bf1a9471583d42c45a7dff702e6d 486838 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u8_amd64.deb
52415227988e991a7627e5e9de23dca1 139790 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u8_amd64.deb
cd19722d29cfc0af00fa69ee26244b4a 55870 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlv/nx0WHHNhbnRpYWdv
cnJAcmlzZXVwLm5ldAAKCRAVf9rhFfHirfvED/0TjLvpR6wGXzqVDoEP1bcBskCJ
jbUjEKggAKAUqEdMqIl9MZRqE2nUZ02Kigqo0yTewdhjFUdKSJA2NFlPSzFCtCq+
ZYhljld6bESc3jrxEllfv6jchDeFM8GgR0YhcAHriJQyLJGZ9vnmlus8ogj/Wqzl
BjbLFo4pCJVrXbzTO+Td1CfYvVSrP6jdwlV6X2VcH6DcgMzOm2te0aNIJEvzcdf+
lCOdRXLIvgbmZnlFlouAyEJglj2a8Y0qDmNaR6eYivFpz5GHgI3UmSk4GlhUsXYr
nZOnvYeCq9x5Rd9vnFSKjckdqLnYbI82ee/dJbtNER/3NR1a2nqZnqW8T5S4Mmfl
Be92MSAcZeL2iX+lrwPRo8Od/q7ocsABgB3yiYjtJBh5Nlhlw90xCq9O6rJxeukT
cRYmH4bGuLgtEs+LopYpHhH5b8+tO8CT5N4UAfqyt6douZ0PLjtfcdcioHoO/9lF
0nwr/W71RwpYM7gMQkorIryUDJOQPYqmmqGV4ZRqgZNkDkqUSbM/P8wkx6eM9rgP
ItQVJEpsSnaCD+V2KdOIGNUMrJQ8a5JJBtI0OxugzYLtg2KIU3czbV7rLoXwem5d
Bv7ztCf78+CmpVZgOUIhTXnQcGN5pWmZ78aBi6oWTj2GtgOrwxI5MMw+7O1Nmvxq
bZ1j8tARccjR+I2Zsg==
=WazQ
-----END PGP SIGNATURE-----