-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u19 CVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922
Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-9911 qemu-kvm built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9921, CVE-2016-9922 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u19. We recommend that you upgrade your qemu-kvm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlhhH4gACgkQrJCsPsUk Bl6t6RAA2edm+kEJKSH+4xanmkuZql8gG37jsUP1yFjkOu5q1RiJJW5wGAp/bU6o PBXDnBrE4SAalrtsYdqj1nhoHa7q2km/kefWCW2on1fNxfcwVUVi6b33lahi0oaU 1swybQk1HUODenmoNKRCV6d9r1OJKHak/6TFXj9BmNqGQnq1w3FmcmAtfV3mFgwd lkMfer4A/K42ANmXirp6txxUYWqT3s48tU2CRWtq7zWoHK6/6CWszfOXmFR66bdU pMa3rZXhxOYzeikfQrh+WTobBFbCJWP63HBPmJlnXfGRdHbhdH62ucIjbV04kQdu Vq8Bkl3JP2oZWyw8SjVa+wvPdSyuAWSHGi/W7u2T1JWmcUxLjqkzd5Il9BenviRl BewVdtIbMVcTDZxaDueSc+owcVQY5sIJCCIviNDQXJpYU6iSNuLAhPka6XzLDIzJ qIPBWOAgw0xQ2XJwMiyKUQXce17A0zEOHh/+5bDjdTPPPR4jmnLcpNcZNw6MH02L LKqcg3p+pwgtgdNW5sb4kUzZ7jMOBgZR8ftbAmCKcsjS9RemISPuviNTLYzZkL1C 5VWyzZFQblVx99LsH6Udxhl6PykamqN3er/H/BqUeZy3PGsujcjpA3TZNuGuBdUd wGgvi4HijmkUHbjcrjKcjvo8YWV/1cgyW5V3kkn9nZ+ljMd3bwc= =Ri/R -----END PGP SIGNATURE-----