Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2656 qemu security update 7 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Unauthorised Access -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-7550 CVE-2018-5683 CVE-2017-18043 CVE-2017-18030 CVE-2017-16845 CVE-2017-15289 CVE-2017-15038 CVE-2017-14167 CVE-2017-11434 CVE-2017-10911 CVE-2017-10806 CVE-2017-9503 CVE-2017-9374 CVE-2017-9373 CVE-2017-9330 CVE-2017-8379 CVE-2017-8309 CVE-2017-8112 CVE-2017-8086 CVE-2017-7980 CVE-2017-7718 CVE-2017-7493 CVE-2017-7377 CVE-2017-6505 CVE-2017-5987 CVE-2017-5973 CVE-2017-5856 CVE-2017-5715 CVE-2017-5667 CVE-2017-5579 CVE-2017-5526 CVE-2017-5525 CVE-2017-2620 CVE-2017-2615 CVE-2016-10155 CVE-2016-9922 CVE-2016-9921 CVE-2016-9916 CVE-2016-9915 CVE-2016-9914 CVE-2016-9911 CVE-2016-9907 CVE-2016-9776 CVE-2016-9603 CVE-2016-9602 CVE-2016-8669 CVE-2016-8667 CVE-2016-8576 CVE-2016-6835 CVE-2016-6833 CVE-2016-2198 CVE-2015-8666 Reference: ASB-2018.0192 ASB-2018.0165 ASB-2018.0002.4 ESB-2018.2534 ESB-2018.2402 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html - --------------------------BEGIN INCLUDED TEXT-------------------- Package : qemu Version : 1:2.1+dfsg-12+deb8u7 CVE ID : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921 CVE-2016-9922 CVE-2016-10155 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5579 CVE-2017-5667 CVE-2017-5715 CVE-2017-5856 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 CVE-2017-7377 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9503 CVE-2017-10806 CVE-2017-10911 CVE-2017-11434 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-16845 CVE-2017-18030 CVE-2017-18043 CVE-2018-5683 CVE-2018-7550 Debian Bug : 813193 834904 835031 840945 840950 847496 847951 847953 847960 851910 852232 853002 853006 853996 854731 855159 855611 855791 856399 856969 857744 859854 860785 861348 861351 862280 862289 863943 864216 864568 865754 867751 869171 869706 874606 877890 880832 882136 886532 887392 892041 Several vulnerabilities were found in qemu, a fast processor emulator: CVE-2015-8666 Heap-based buffer overflow in QEMU when built with the Q35-chipset-based PC system emulator CVE-2016-2198 Null pointer dereference in ehci_caps_write in the USB EHCI support that may result in denial of service CVE-2016-6833 Use after free while writing in the vmxnet3 device that could be used to cause a denial of service CVE-2016-6835 Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device that could result in denial of service CVE-2016-8576 Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support CVE-2016-8667 / CVE-2016-8669 Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset emulator, and in serial_update_parameters of some serial devices, that could result in denial of service CVE-2016-9602 Improper link following with VirtFS CVE-2016-9603 Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA emulator support CVE-2016-9776 Infinite loop while receiving data in the ColdFire Fast Ethernet Controller emulator CVE-2016-9907 Memory leakage in the USB redirector usb-guest support=20 CVE-2016-9911 Memory leakage in ehci_init_transfer in the USB EHCI support CVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916 Plan 9 File System (9pfs): add missing cleanup operation in FileOperations, in the handle backend and in the proxy backend driver CVE-2016-9921 / CVE-2016-9922 Divide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator support=20 CVE-2016-10155 Memory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS privileged users to cause a denial of service via a large number of device unplug operations. CVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718 Out-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator support, that could result in denial of service CVE-2017-5525 / CVE-2017-5526 Memory leakage issues in the ac97 and es1370 device emulation CVE-2017-5579 Most memory leakage in the 16550A UART emulation CVE-2017-5667 Out-of-bounds access during multi block SDMA transfer in the SDHCI emulation support. CVE-2017-5715 Mitigations against the Spectre v2 vulnerability. For more information please refer to https://www.qemu.org/2018/01/04/spectre/ CVE-2017-5856 Memory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support CVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505 Infinite loop issues in the USB xHCI, in the transfer mode register of the SDHCI protocol, and the USB ohci_service_ed_list CVE-2017-7377 9pfs: host memory leakage via v9fs_create CVE-2017-7493 Improper access control issues in the host directory sharing via 9pfs support. CVE-2017-7980 Heap-based buffer overflow in the Cirrus VGA device that could allow local guest OS users to execute arbitrary code or cause a denial of service CVE-2017-8086 9pfs: host memory leakage via v9pfs_list_xattr CVE-2017-8112 Infinite loop in the VMWare PVSCSI emulation CVE-2017-8309 / CVE-2017-8379 Host memory leakage issues via the audio capture buffer and the keyboard input event handlers=20 CVE-2017-9330 Infinite loop due to incorrect return value in USB OHCI that may result in denial of service CVE-2017-9373 / CVE-2017-9374 Host memory leakage during hot unplug in IDE AHCI and USB emulated devices that could result in denial of service CVE-2017-9503 Null pointer dereference while processing megasas command CVE-2017-10806 Stack buffer overflow in USB redirector CVE-2017-10911 Xen disk may leak stack data via response ring CVE-2017-11434 Out-of-bounds read while parsing Slirp/DHCP options CVE-2017-14167 Out-of-bounds access while processing multiboot headers that could result in the execution of arbitrary code CVE-2017-15038 9pfs: information disclosure when reading extended attributes CVE-2017-15289 Out-of-bounds write access issue in the Cirrus graphic adaptor that could result in denial of service CVE-2017-16845 Information leak in the PS/2 mouse and keyboard emulation support that could be exploited during instance migration=20 CVE-2017-18043 Integer overflow in the macro ROUND_UP (n, d) that could result in denial of service CVE-2018-7550 Incorrect handling of memory during multiboot that could may result in execution of arbitrary code For Debian 8 "Jessie", these problems have been fixed in version 1:2.1+dfsg-12+deb8u7. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAluRdqQACgkQFX/a4RXx 4q0mhA/9EzLjnB9JKyzRZsUEE/3Kuv8MkjC+Ov+/fvrawtLMT1W7pJoYlw9Mx61v YbWUJP26Hg7FgaVAwVXDZ8+6tYXZHCjpUICDzMRk5ED+joXlwk83USFaWSFIaE3j dmAyemOE5w79fv3yNxxpQhy2W9zBhrerX+UOb0AetyW4jpNdixC6r4jaioC4cyk5 MlESBSWayysQRzM1NqDti3yA01cx2VuczJXwc3BQTI1BJ+QcFagueq6NaZnDYqpR wqDKymYjFRrUsRYBZ1oChDjozxG4Pr0B9JCxEdv3OTMlJ/0fT4Xy+G/6DUZgWCzB 7o5U02+odWhhyZ2f6XLV7dxCV/2nTvyVgl+yZ/zzdjANaCsKsL7jQK5cgk77XMd8 EJoyFciS5Q6FZI1a75tYtI17N3VGcG4H2Pu8TF8OLDgco5JTbGxaxDCxaqPX2fGe sJNNSx59BsBM6cDvDPzTU71sQ/0+PsvYKswX9PctT2dMEBxL55mobl7GpCFQCMTx hYggdoKsDNOswiLeVjoNuYSmxqnT/MZnQlyjhfbWoO5YMbOkmQqRU6cXcbNHbc8i zzUijwU+QDezyJB7aQWOsMCugWjMINXEjQupxd4WFm+rb22Dvm+sw5yjYGbIC5MU YDBQWanTjOFo6q851+u+orIlP2SMhkDlqK0DypC/h+QpUD+8cn8= =4Pe8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5HKRmaOgq3Tt24GAQjlVA/9EG+opLy3lIlF4BWxG/wAZXEtJQDcwalV hKKnhC3KehcJjbryfbGvQWOakQzjGg0qNhvBIkV+GflwVShcDmO8oG9YIYYmfagk xa/yccahpxNUU4FN7Jse/CvX6/k+gG1BC7hNlqvJhpWc4UUmWBV6r40klKDZrv14 ax+pIVPGInT+K6hDj5VmHdf02ljQBGVN5SBHEIG301QeXfI+bESb9SxgEZC30M+m pLPm0XkLKQi8+i47ap4RMCUlkbh/u8Qw0wn03ZYfsbJwa7N6NG4WfDPvV0R+9p36 OlfLAr+rqnY49XU6cNtusEsFCyBGqOObFIXGblSb06MMwBlYm9FCbBnPWTMhoaK+ IUauQAoP/TcQXhwADBofBqKz++FoMiC6DBrzFhiYao8+JYiId35PlSmUSQaMnVL0 suRwt48JGgWDRHzuSt0Apmo8GHO/AQbija2nVuLTkf9d5j33SK/ktOIzIMfL+4lC U40SFVV2H5pAEhaCULp/iYmaEuPO6JAM6coeFK8Vg9g0N+WUd5eVt0kkLvQxa0Np +kA5xz1ca8l9btq3XdrKg/sDWKtu3nSU3TBWbFj5vRbwKDtk3AxModvtaWmwdvA9 LiyIK/QeAhWXIyralYnughiSD5GXuJHXiFiqQAPXYlIfb0IawKvxhRtYXfLCJ8ly 6zZKcMRm+2Y= =qsb4 -----END PGP SIGNATURE-----