Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted qemu 1:3.1+dfsg-8+deb10u10 (source) into oldstable
Date: Tue, 14 Mar 2023 19:30:20 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 Mar 2023 15:06:39 +0100
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u10
Distribution: buster-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 970937 979677 986795 989993 989994 989995 989996 1014589 1014590
Changes:
 qemu (1:3.1+dfsg-8+deb10u10) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-14394: An infinite loop flaw was found in the USB xHCI
     controller emulation of QEMU while computing the length of the
     Transfer Request Block (TRB) Ring. This flaw allows a privileged guest
     user to hang the QEMU process on the host, resulting in a denial of
     service. (Closes: #979677)
   * CVE-2020-17380/CVE-2021-3409: A heap-based buffer overflow was found
     in QEMU in the SDHCI device emulation support. It could occur while
     doing a multi block SDMA transfer via the
     sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest
     user or process could use this flaw to crash the QEMU process on the
     host, resulting in a denial of service condition, or potentially
     execute arbitrary code with privileges of the QEMU process on the
     host. (Closes: #970937, #986795)
   * CVE-2020-29130: slirp.c has a buffer over-read because it tries to
     read a certain amount of header data even if that exceeds the total
     packet length.
   * CVE-2021-3592: An invalid pointer initialization issue was found in
     the SLiRP networking implementation of QEMU. The flaw exists in the
     bootp_input() function and could occur while processing a udp packet
     that is smaller than the size of the 'bootp_t' structure. A malicious
     guest could use this flaw to leak 10 bytes of uninitialized heap
     memory from the host. (Closes: #989993)
   * CVE-2021-3593: An invalid pointer initialization issue was found in
     the SLiRP networking implementation of QEMU. The flaw exists in the
     udp6_input() function and could occur while processing a udp packet
     that is smaller than the size of the 'udphdr' structure. This issue
     may lead to out-of-bounds read access or indirect host memory
     disclosure to the guest. (Closes: #989994)
   * CVE-2021-3594: An invalid pointer initialization issue was found in
     the SLiRP networking implementation of QEMU. The flaw exists in the
     udp_input() function and could occur while processing a udp packet
     that is smaller than the size of the 'udphdr' structure. This issue
     may lead to out-of-bounds read access or indirect host memory
     disclosure to the guest. (Closes: #989995)
   * CVE-2021-3595: An invalid pointer initialization issue was found in
     the SLiRP networking implementation of QEMU. The flaw exists in the
     tftp_input() function and could occur while processing a udp packet
     that is smaller than the size of the 'tftp_t' structure. This issue
     may lead to out-of-bounds read access or indirect host memory
     disclosure to the guest. (Closes: #989996)
   * CVE-2022-0216: A use-after-free vulnerability was found in the
     LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs
     while processing repeated messages to cancel the current SCSI request
     via the lsi_do_msgout function. This flaw allows a malicious
     privileged user within the guest to crash the QEMU process on the
     host, resulting in a denial of service. (Closes: #1014590)
   * CVE-2022-1050: A flaw was found in the QEMU implementation of VMWare's
     paravirtual RDMA device. This flaw allows a crafted guest driver to
     execute HW commands when shared buffers are not yet allocated,
     potentially leading to a use-after-free condition. (Closes: #1014589)
Checksums-Sha1:
 1a5d2a294403d8d8d4161cdbb5fdced1bc8f615b 6484 qemu_3.1+dfsg-8+deb10u10.dsc
 73ef779cd2163069e48e4380a6a8b6c3d6dc23b4 143232 qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
 3b28e0296ce0b4f1af43c208d32b4d562ae310a6 28683 qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo
Checksums-Sha256:
 5c7cd03152096d0a369730fcd5126a360e4749acab62ea54bdf8cb5b24c6b2b8 6484 qemu_3.1+dfsg-8+deb10u10.dsc
 e19bec4443c31c0be9488561430520f9e72bbfe80ba6f198a3df1fa8f30f3e59 143232 qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
 c87943fed163f6f31746f9978b6b3d78389f96c5d3f4e803f40376fe534b33d2 28683 qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo
Files:
 73d7ea638c8461ac9009250655f9fd76 6484 otherosfs optional qemu_3.1+dfsg-8+deb10u10.dsc
 de120099ffb34461af9363264f5f8cc9 143232 otherosfs optional qemu_3.1+dfsg-8+deb10u10.debian.tar.xz
 8a7d2a6aaad822caf40c03cd1ae8fb3f 28683 otherosfs optional qemu_3.1+dfsg-8+deb10u10_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmQQxvcACgkQDTl9HeUl
XjBwpxAAivwAsIWL7LfslVMgLW3k1dEj7c9XBvLIBleTwbV+UCgwsbXH3JyZ72TA
6YKaI2pWQ29Uvp0zLwVugb/GQjfrIOtzjQl0PyGykZZXaNMURIDLirr8X/YTF26Z
6PDxYWzk8N1d0r3q+oBCZt6xir0LHcnsvFnUGHfe5t3cOKGKWXc/D5qAGg16ifb+
cyGSk0YbKPPe5cGXwWdmDxVQ+2KE/GYLt9NgvPeyYAD+L2bVkNxlOHGtO+4XRig9
pB6UBqLQIC0sQdatW+0NZQjm4dOfHRx6ixYvek1dygMdKjNzmJQZ4ki6V23OwfL8
HFQhAtG8XiEewO4JqPPuv+ROpNtwOhL4HV2VjvAzZ9ASCCzqT50kFZ8LF/pBhzHb
hqUP1hgO4M4HGr6uvMODXpi0ELTaGJusjcxNBGyhHrLy1LU0cQ5toj+DEEE11QWE
5HJhNy1nsXO3UJTmvLldJtUYUSDdbYKoudWVzIoQqHIQ+9IqoJ1tcVPUOLtivl62
PamVS0D13aijsZlFqV1LM9qiw90slQYzuzl/1qrpGzllv0Pa6A8TYAGK8z9Ymv+c
3AOaNXiNH7TayMTkzON3oJoFsTar6KWvd0b4XjXvJJjUdFpCpO+tfSJYfnwpQQPo
pWoXprkqm2P9dYB7+fsnI4qDg/UDPIIZPzsxvXToL2zUPvbqjW8=
=5/22
-----END PGP SIGNATURE-----
News for package qemu
