Back to qemu PTS page

Accepted qemu 1:2.8+dfsg-6+deb9u15 (source) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Sep 2021 23:08:52 +0200
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u15
Distribution: stretch-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.8+dfsg-6+deb9u15) stretch-security; urgency=high
 .
   * Non-maintainer upload by the ELTS team.
   * Fix CVE-2021-3713:
     An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device
     emulation of QEMU. The device uses the guest supplied stream number
     unchecked, which can lead to out-of-bounds access to the UASDevice->data3
     and UASDevice->status3 fields. A malicious guest user could use this flaw
     to crash QEMU or potentially achieve code execution with the privileges of
     the QEMU process on the host.
   * Fix CVE-2021-3682:
     A flaw was found in the USB redirector device emulation of QEMU. It occurs
     when dropping packets during a bulk transfer from a SPICE client due to the
     packet queue being full. A malicious SPICE client could use this flaw to
     make QEMU call free() with faked heap chunk metadata, resulting in a crash
     of QEMU or potential code execution with the privileges of the QEMU process
     on the host.
   * Fix CVE-2021-3527:
     A flaw was found in the USB redirector device (usb-redir) of QEMU. Small
     USB packets are combined into a single, large transfer request, to reduce
     the overhead and improve performance. The combined size of the bulk
     transfer is used to dynamically allocate a variable length array (VLA) on
     the stack without proper validation. Since the total size is not bounded, a
     malicious guest could use this flaw to influence the array length and cause
     the QEMU process to perform an excessive allocation on the stack, resulting
     in a denial of service.
   * Fix CVE-2021-3594:
     An invalid pointer initialization issue was found in the SLiRP networking
     implementation of QEMU. The flaw exists in the udp_input() function and
     could occur while processing a udp packet that is smaller than the size of
     the 'udphdr' structure. This issue may lead to out-of-bounds read access or
     indirect host memory disclosure to the guest. The highest threat from this
     vulnerability is to data confidentiality.
   * Fix CVE-2021-3592:
     An invalid pointer initialization issue was found in the SLiRP networking
     implementation of QEMU. The flaw exists in the bootp_input() function and
     could occur while processing a udp packet that is smaller than the size of
     the 'bootp_t' structure. A malicious guest could use this flaw to leak 10
     bytes of uninitialized heap memory from the host. The highest threat from
     this vulnerability is to data confidentiality.
   * Fix CVE-2021-3595:
     An invalid pointer initialization issue was found in the SLiRP networking
     implementation of QEMU. The flaw exists in the tftp_input() function and
     could occur while processing a udp packet that is smaller than the size of
     the 'tftp_t' structure. This issue may lead to out-of-bounds read access or
     indirect host memory disclosure to the guest. The highest threat from this
     vulnerability is to data confidentiality.
Checksums-Sha1:
 46e373ffe71a6739abe0ccf387c002a24bce9ab9 6059 qemu_2.8+dfsg-6+deb9u15.dsc
 8e023d5c5ee6196f4c83618aef294dad932781a1 204216 qemu_2.8+dfsg-6+deb9u15.debian.tar.xz
 6e6a43692989c0f7aa65245887a904d7e7cde6ab 13826 qemu_2.8+dfsg-6+deb9u15_source.buildinfo
Checksums-Sha256:
 33247144b274c4b09c9175e1a84885471fad4e25bbb83a6c818cc0516ed68205 6059 qemu_2.8+dfsg-6+deb9u15.dsc
 131ed9709910df7a00a90e1e998fa0ae580d1bb45170dc152088562d3db14a84 204216 qemu_2.8+dfsg-6+deb9u15.debian.tar.xz
 f3176c2615d7dfa9f08e63bbbad7f771abc088ce7297e5395514044da2a21a69 13826 qemu_2.8+dfsg-6+deb9u15_source.buildinfo
Files:
 1b8cbcdfd15f7cc9bfdba82442ff7922 6059 otherosfs optional qemu_2.8+dfsg-6+deb9u15.dsc
 a3e76ec96d3d33a1f026952225f7ed41 204216 otherosfs optional qemu_2.8+dfsg-6+deb9u15.debian.tar.xz
 6a80f85747b6d1f1e58935f9f6a1a830 13826 otherosfs optional qemu_2.8+dfsg-6+deb9u15_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEw+DpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkZGUQAIhYhaHAz2WWUaQu7fMMCc90WPBKBXz39U+H
B5TdfI4lu7dSlBRDh/y++XH2w34/lO82jbzaGmmKGtjTHGorbWXbrT+8EpK5hjFw
LUWG3NVFM9DG2AGbN7J8pYZ3nsEEan4cM9tPg9VAuqEesiO9vLCCvz/X3/nWGazG
p1v9iSR1FkJvYRvkLxVVzJ0wn1lChvrPo/yUBDDZZhNOCvk88+vksbS28b8huBJM
ZjfoQZAabaf/QglHKkaVDPACSqglltIOYyaWJzzJWDIBwPdSgDd821iVDhyr1+S0
VFLPhji8kRP1RG1BlrC9nZMffBapbaQl1QWoiVqkvVD0YuCCdRIre2eUQr7SzmF+
Fb6AGtdpH/SYLWI5mcxluIrLgWMKBF+zkuzsBsjIQi5ddemqdyFKzDQ02e05fSMi
FYAjD3D4c26VFyk8XwHT33dxr9nbE7YseCa6pMGJ0bOZBRo950PhKvypc27glp8h
MxYLZOzkLdl13zOkmh8JmbEZOsKAtljtnt2ETHMENYYw0Ue/kvOox0cSn7v43tYB
SvTqAKLkHVZN7w+t4CPYRx2btzOvhqUxWhoQD6Z2qyiTujMdviwFTxwxLcRiCqkN
3Yu5MujeLP7MwyR7c/tQy0XNW9IfzJNQJKaQ5p2WsD/j03dQM38ADoO2mb4aocUJ
yG0Qe8wZ
=lJL4
-----END PGP SIGNATURE-----