[SECURITY] [DLA 765-1] qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu-kvm Version: 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9921, CVE-2016-9922 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u19. We recommend that you upgrade your qemu-kvm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhH4gACgkQrJCsPsUk Bl6t6RAA2edm+kEJKSH+4xanmkuZql8gG37jsUP1yFjkOu5q1RiJJW5wGAp/bU6o PBXDnBrE4SAalrtsYdqj1nhoHa7q2km/kefWCW2on1fNxfcwVUVi6b33lahi0oaU 1swybQk1HUODenmoNKRCV6d9r1OJKHak/6TFXj9BmNqGQnq1w3FmcmAtfV3mFgwd lkMfer4A/K42ANmXirp6txxUYWqT3s48tU2CRWtq7zWoHK6/6CWszfOXmFR66bdU pMa3rZXhxOYzeikfQrh+WTobBFbCJWP63HBPmJlnXfGRdHbhdH62ucIjbV04kQdu Vq8Bkl3JP2oZWyw8SjVa+wvPdSyuAWSHGi/W7u2T1JWmcUxLjqkzd5Il9BenviRl BewVdtIbMVcTDZxaDueSc+owcVQY5sIJCCIviNDQXJpYU6iSNuLAhPka6XzLDIzJ qIPBWOAgw0xQ2XJwMiyKUQXce17A0zEOHh/+5bDjdTPPPR4jmnLcpNcZNw6MH02L LKqcg3p+pwgtgdNW5sb4kUzZ7jMOBgZR8ftbAmCKcsjS9RemISPuviNTLYzZkL1C 5VWyzZFQblVx99LsH6Udxhl6PykamqN3er/H/BqUeZy3PGsujcjpA3TZNuGuBdUd wGgvi4HijmkUHbjcrjKcjvo8YWV/1cgyW5V3kkn9nZ+ljMd3bwc= =Ri/R -END PGP SIGNATURE-
[SECURITY] [DLA 764-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: qemu Version: 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 Multiple vulnerabilities have been found in QEMU: CVE-2016-9911 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/ process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9921, CVE-2016-9922 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u19. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhHqcACgkQrJCsPsUk Bl4lYQ/+NU802RirLbLCt658JHIwlf/xtk4KHuO2a1oc5z562EKayKvO2bmnrHN9 1vCz5IoVTmnPyHtPA4dW4SZmDi+/DymPv4LTm0m9JJGRHWSdhxYfycEDI8CZX8Bn 7qK5zp0c+Zr4jrSw//weZlDSLRix+IJy3dXhIY+9Bg1lPwqV5SaARuubSGCJD78e KIB7mgu9MnBppc80kyKQ0lY+RCTDDq13Ej+6xynvq4vMgZw3ebw8P6SHKQcszoIt cwKwKRJNvx28XB9TEPh+m3jVS6L3ZmP+t6tG4xcM65Bf08Yew5MR8b3r4+IL/8O0 iEZz9mPUxwxo8dqzrWkFrfNn9FD0Dn4DiK2Vy4uKfhpvZ/dCFi1pcbSMtw+Kfw4N qWjk3qbaAiZ7Au4/H3xu5O07YKnmQga0WTGG1jdxFrNjUFKcQfFcdGhmSCrowBBl xncYDHNbv1wD4XKtMug/NoGz+hABGDHefWWOIWa0ltYOOuT8z4eubAFSiMtpQ6DM lLAC2E+KgXm+9ZzguysTd74bfBhwPqcbxLtCBUMd5ziNTjDve4ryMhvmvThknRfu KpKaruEMJlDZHak9Q4YfvJq8fKTQ3wXWKJRFrbCFxxirpT8sflUkhomdQqLN/bvI Nmb3pGuB6tEV2E6FlUtLp/i9cbenIEJCIo+TEqXwJuNX3CGSRWA= =4xlL -END PGP SIGNATURE-