Accepted qemu 1:3.1+dfsg-8+deb10u10 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted qemu 1:3.1+dfsg-8+deb10u10 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 14 Mar 2023 19:30:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: qemu_3.1+dfsg-8+deb10u10_source.changes
- Debian-source: qemu
- Debian-suite: oldstable
- Debian-version: 1:3.1+dfsg-8+deb10u10
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=XRET6Trd34J76uxJe7ztCeio9NrTBFHXwIhcOjaxJDw=; b=eAmxG2y2LPZG9q7eMeT0Thn4S3 DzycWnPh/XhU7q1TjrT9rEibB9Xs307GC7wxDjzea/+brG76zj6vRP3ABcqi1d2vuKUqrq+WT5zAq X9mu6kwUtwe+XQLa2cBP/Pq703UCx+iJIVe2gL4uEWhZRudgIcO2u/3ilogUgO+qF18dsMmAcGZag AGEp9yWWaweVsIK65VECBBhgycUVmppexNvv6kj7Ck24k254pkdaNi3xws+MTbLa+wI77Kbs5LtC4 T1EsJh2s3uN4LfSbX4haa6BtuRqvV0LxtZSFiNPcmvGeRCSiPhYtYgPUYoHRq4hwWVU/YTm5BgyVS EwOxNOqQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pcALk-00Dph6-Be@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Mar 2023 15:06:39 +0100
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u10
Distribution: buster-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 970937 979677 986795 989993 989994 989995 989996 1014589 1014590
Changes:
qemu (1:3.1+dfsg-8+deb10u10) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-14394: An infinite loop flaw was found in the USB xHCI
controller emulation of QEMU while computing the length of the
Transfer Request Block (TRB) Ring. This flaw allows a privileged guest
user to hang the QEMU process on the host, resulting in a denial of
service. (Closes: #979677)
* CVE-2020-17380/CVE-2021-3409: A heap-based buffer overflow was found
in QEMU in the SDHCI device emulation support. It could occur while
doing a multi block SDMA transfer via the
sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest
user or process could use this flaw to crash the QEMU process on the
host, resulting in a denial of service condition, or potentially
execute arbitrary code with privileges of the QEMU process on the
host. (Closes: #970937, #986795)
* CVE-2020-29130: slirp.c has a buffer over-read because it tries to
read a certain amount of header data even if that exceeds the total
packet length.
* CVE-2021-3592: An invalid pointer initialization issue was found in
the SLiRP networking implementation of QEMU. The flaw exists in the
bootp_input() function and could occur while processing a udp packet
that is smaller than the size of the 'bootp_t' structure. A malicious
guest could use this flaw to leak 10 bytes of uninitialized heap
memory from the host. (Closes: #989993)
* CVE-2021-3593: An invalid pointer initialization issue was found in
the SLiRP networking implementation of QEMU. The flaw exists in the
udp6_input() function and could occur while processing a udp packet
that is smaller than the size of the 'udphdr' structure. This issue
may lead to out-of-bounds read access or indirect host memory
disclosure to the guest. (Closes: #989994)
* CVE-2021-3594: An invalid pointer initialization issue was found in
the SLiRP networking implementation of QEMU. The flaw exists in the
udp_input() function and could occur while processing a udp packet
that is smaller than the size of the 'udphdr' structure. This issue
may lead to out-of-bounds read access or indirect host memory
disclosure to the guest. (Closes: #989995)
* CVE-2021-3595: An invalid pointer initialization issue was found in
the SLiRP networking implementation of QEMU. The flaw exists in the
tftp_input() function and could occur while processing a udp packet
that is smaller than the size of the 'tftp_t' structure. This issue
may lead to out-of-bounds read access or indirect host memory
disclosure to the guest. (Closes: #989996)
* CVE-2022-0216: A use-after-free vulnerability was found in the
LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs
while processing repeated messages to cancel the current SCSI request
via the lsi_do_msgout function. This flaw allows a malicious
privileged user within the guest to crash the QEMU process on the
host, resulting in a denial of service. (Closes: #1014590)
* CVE-2022-1050: A flaw was found in the QEMU implementation of VMWare's
paravirtual RDMA device. This flaw allows a crafted guest driver to
execute HW commands when shared buffers are not yet allocated,
potentially leading to a use-after-free condition. (Closes: #1014589)
Checksums-Sha1:
1a5d2a294403d8d8d4161cdbb5fdced1bc8f615b 6484 qemu_3.1+dfsg-8+deb10u10.dsc
73ef779cd2163069e48e4380a6a8b6c3d6dc23b4 143232 qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
3b28e0296ce0b4f1af43c208d32b4d562ae310a6 28683 qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo
Checksums-Sha256:
5c7cd03152096d0a369730fcd5126a360e4749acab62ea54bdf8cb5b24c6b2b8 6484 qemu_3.1+dfsg-8+deb10u10.dsc
e19bec4443c31c0be9488561430520f9e72bbfe80ba6f198a3df1fa8f30f3e59 143232 qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
c87943fed163f6f31746f9978b6b3d78389f96c5d3f4e803f40376fe534b33d2 28683 qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo
Files:
73d7ea638c8461ac9009250655f9fd76 6484 otherosfs optional qemu_3.1+dfsg-8+deb10u10.dsc
de120099ffb34461af9363264f5f8cc9 143232 otherosfs optional qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
8a7d2a6aaad822caf40c03cd1ae8fb3f 28683 otherosfs optional qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmQQxvcACgkQDTl9HeUl
XjBwpxAAivwAsIWL7LfslVMgLW3k1dEj7c9XBvLIBleTwbV+UCgwsbXH3JyZ72TA
6YKaI2pWQ29Uvp0zLwVugb/GQjfrIOtzjQl0PyGykZZXaNMURIDLirr8X/YTF26Z
6PDxYWzk8N1d0r3q+oBCZt6xir0LHcnsvFnUGHfe5t3cOKGKWXc/D5qAGg16ifb+
cyGSk0YbKPPe5cGXwWdmDxVQ+2KE/GYLt9NgvPeyYAD+L2bVkNxlOHGtO+4XRig9
pB6UBqLQIC0sQdatW+0NZQjm4dOfHRx6ixYvek1dygMdKjNzmJQZ4ki6V23OwfL8
HFQhAtG8XiEewO4JqPPuv+ROpNtwOhL4HV2VjvAzZ9ASCCzqT50kFZ8LF/pBhzHb
hqUP1hgO4M4HGr6uvMODXpi0ELTaGJusjcxNBGyhHrLy1LU0cQ5toj+DEEE11QWE
5HJhNy1nsXO3UJTmvLldJtUYUSDdbYKoudWVzIoQqHIQ+9IqoJ1tcVPUOLtivl62
PamVS0D13aijsZlFqV1LM9qiw90slQYzuzl/1qrpGzllv0Pa6A8TYAGK8z9Ymv+c
3AOaNXiNH7TayMTkzON3oJoFsTar6KWvd0b4XjXvJJjUdFpCpO+tfSJYfnwpQQPo
pWoXprkqm2P9dYB7+fsnI4qDg/UDPIIZPzsxvXToL2zUPvbqjW8=
=5/22
-----END PGP SIGNATURE-----