Accepted qemu 1:2.8+dfsg-6+deb9u14 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Apr 2021 16:38:50 +0200
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u14
Distribution: stretch-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.8+dfsg-6+deb9u14) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2021-20257:
net: e1000: infinite loop while processing transmit descriptors
* Fix CVE-2021-20255:
A stack overflow via an infinite recursion vulnerability was found in the
eepro100 i8255x device emulator of QEMU. This issue occurs while processing
controller commands due to a DMA reentry issue. This flaw allows a guest
user or process to consume CPU cycles or crash the QEMU process on the
host, resulting in a denial of service.
* Fix CVE-2021-20203:
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU
for versions up to v5.2.0. It may occur if a guest was to supply invalid
values for rx/tx queue size or other NIC parameters. A privileged guest
user may use this flaw to crash the QEMU process on the host resulting in
DoS scenario.
* Fix CVE-2021-3416:
A potential stack overflow via infinite loop issue was found in various NIC
emulators of QEMU in versions up to and including 5.2.0. The issue occurs
in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A
guest user/process may use this flaw to consume CPU cycles or crash the
QEMU process on the host resulting in DoS scenario.
* Fix CVE-2021-3409/CVE-2020-17380:
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective,
thus making QEMU vulnerable to the out-of-bounds read/write access issues
previously found in the SDHCI controller emulation code. This flaw allows a
malicious privileged guest to crash the QEMU process on the host, resulting
in a denial of service or potential code execution.
* Fix CVE-2021-3392:
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue
occurs while processing SCSI I/O requests in the case of an error
mptsas_free_request() that does not dequeue the request object 'req' from
a pending requests queue. This flaw allows a privileged guest user to
crash the QEMU process on the host, resulting in a denial of service.
Checksums-Sha1:
4ec58df3545e39927f04e68511c3f21df6cbd4c7 6059 qemu_2.8+dfsg-6+deb9u14.dsc
440256943a956e799ab42bb5171235b6a90e6977 199752 qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
c741331822f770d93f6bfe33ae59540f0a12aca2 22405 qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo
Checksums-Sha256:
a35890ec1fbde3474b0fff007cf5e6ac2e1bbc6c444aeba265051e49037edb52 6059 qemu_2.8+dfsg-6+deb9u14.dsc
07f5bb1c6f0469d966f323ccdd0a49bc859379e4848ee6cb45d5b79bc4f5e327 199752 qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
068f8128280c392a12df82a684860cd9828c919b91fb6fe986ac6dbe2b277db9 22405 qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo
Files:
ebd5f2b41cf2064a4fb49b11dcaf5c75 6059 otherosfs optional qemu_2.8+dfsg-6+deb9u14.dsc
d070d9f98cd1a81143cac033b54a7813 199752 otherosfs optional qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
25e2e036fa988e1774d84465a8cf76bb 22405 otherosfs optional qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmBx8cFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVLsQAK35/i/LiLhKbqjzNaI+xFXV1mYEXpsah7D4
24ZraUu6H/BaHvuZhj0ptKXoKSaPpOzKgg1+FVK4a69hQ4cJTGvLObbNvHs+Z62I
LRitFk45mJNATNnnp5iawm1AKwoMo5Y0Cnir4AeeZ1x2Otu/DizFKNXIZR8Qyy87
lbtepaId2b/UBcLaR63Lw3G0ImsFONyQwsrjiV/T4afx8JxhesFA1PZbWMKEvBx5
mrWeL9wIxnMPt72rzGbd5fAROCuaiC+xCNThrjaMEsto2agu77+5zDQ300K2gjNo
/kt2/WjiYdYlSk5sGBA8MY3DoUgHZScWyPI7f150YljsU9dnuDkdsstljzqaxBsU
9MaatMi/YEPEtLKppSj85hA3vEQxXTPqgm0V1B2ArIl9rsfeisQuSFXPKDaAEa3M
+S/p/+ikcVNI4grbrQAjlZ+chIT+WLsWVG4CthHpICqY3kp6BWKLaSEM36Vw4IMx
G0FpPdK8v8m3jAv9yF5LVuk3DnbFZ/f4KNjq3I6gZia6yJI4pR0FtXsv5ucP0NDv
IUcVLUtzyDZL2ht4r/yFScJ7JagOgQa89wymAetmLUAYSOyxhlLPFfKr08YSI7UW
IeGdsSC+FyKpB3Y5uI/AZc8r9MYng4SgrmY4ZjHZpmlbHFgajpWhLY62Q9it+dpy
664SusBe
=tyWs
-----END PGP SIGNATURE-----