Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Debian: DLA-1497-1 Critical: QEMU Security Issues Detected

debian lts
Calendar Grey September 6, 2018
Dist Debian Esm H88
Several vulnerabilities resolved in the qemu software package through a significant update. Upgrade to version 1:2.1+dfsg-12+deb8u8 to ensure security improvements.
Several vulnerabilities were found in qemu, a fast processor emulator: CVE-2015-8666

Summary

Heap-based buffer overflow in QEMU when built with the
Q35-chipset-based PC system emulator

CVE-2016-2198

Null pointer dereference in ehci_caps_write in the USB EHCI support
that may result in denial of service

CVE-2016-6833

Use after free while writing in the vmxnet3 device that could be used
to cause a denial of service

CVE-2016-6835

Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device
that could result in denial of service

CVE-2016-8576

Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support

CVE-2016-8667 / CVE-2016-8669

Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset
emulator, and in serial_update_parameters of some serial devices, that
could result in denial of service

CVE-2016-9602

Improper link following with VirtFS

CVE-2016-9603

Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA
emulator support

CVE-2016-9776

Infinite loop while receiving data in the ColdFire Fast Ethernet

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: qemu
Version: 1:2.1+dfsg-12+deb8u7
CVE ID: CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835
Debian Bug: 813193 834904 835031 840945 840950 847496 847951 847953

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here