qemu - Debian Package Tracker

general

source: qemu (main)
version: 1:6.1+dfsg-6
maintainer: Debian QEMU Team (archive) (DMD)
uploaders: Riku Voipio [DMD] – Michael Tokarev [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:2.8+dfsg-6+deb9u9
o-o-sec: 1:2.8+dfsg-6+deb9u16
oldstable: 1:3.1+dfsg-8+deb10u8
old-sec: 1:3.1+dfsg-8+deb10u8
old-bpo: 1:5.2+dfsg-9~bpo10+1
stable: 1:5.2+dfsg-11
stable-sec: 1:5.2+dfsg-11+deb11u1
stable-bpo: 1:6.1+dfsg-6~bpo11+1
stable-p-u: 1:5.2+dfsg-11+deb11u1
testing: 1:6.1+dfsg-6
unstable: 1:6.1+dfsg-6

versioned links

1:2.8+dfsg-6+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.1+dfsg-8+deb10u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.2+dfsg-9~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.2+dfsg-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.2+dfsg-11+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.1+dfsg-6~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.1+dfsg-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

qemu (42 bugs: 0, 18, 24, 0)
qemu-block-extra
qemu-guest-agent (1 bugs: 0, 1, 0, 0)
qemu-system (9 bugs: 0, 3, 6, 0)
qemu-system-arm (5 bugs: 0, 2, 3, 0)
qemu-system-common (5 bugs: 0, 0, 5, 0)
qemu-system-data (1 bugs: 0, 1, 0, 0)
qemu-system-gui (3 bugs: 0, 3, 0, 0)
qemu-system-mips
qemu-system-misc (1 bugs: 0, 1, 0, 0)
qemu-system-ppc (2 bugs: 0, 2, 0, 0)
qemu-system-sparc
qemu-system-x86 (21 bugs: 0, 17, 4, 0)
qemu-user (3 bugs: 0, 3, 0, 0)
qemu-user-binfmt (1 bugs: 0, 1, 0, 0)
qemu-user-static (25 bugs: 0, 21, 4, 0)
qemu-utils (2 bugs: 0, 1, 1, 0)

action needed

Multiarch hinter reports 3 issue(s) high

There are issues with the multiarch metadata for this package.

qemu-system-gui conflicts on /usr/lib/qemu/vhost-user-gpu on any two of amd64, arm64, armel, armhf, and 5 more
qemu could be converted to Architecture: all and marked Multi-Arch: foreign
qemu-system could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2021-09-01 Last update: 2021-10-25 15:58

13 security issues in sid high

There are 13 open security issues in sid.

13 important issues:

CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2021-3611:
CVE-2021-3735:
CVE-2021-3750:
CVE-2019-12067: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-14394:
CVE-2020-25741: fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVE-2020-25742: pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
CVE-2020-25743: hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
CVE-2020-35503: A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20196: A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20203: An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20255: A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Created: 2021-02-19 Last update: 2021-10-11 16:32

51 security issues in buster high

There are 51 open security issues in buster.

2 important issues:

CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
CVE-2021-3748:

47 issues left for the package maintainer to handle:

CVE-2021-3392: (postponed; to be fixed through a stable update) A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2021-3416: (postponed; to be fixed through a stable update) A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-3507: (needs triaging) A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2021-3527: (needs triaging) A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVE-2021-3544: (needs triaging) Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
CVE-2021-3545: (needs triaging) An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
CVE-2021-3546: (needs triaging) A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3582: (needs triaging)
CVE-2021-3592: (needs triaging) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3593: (needs triaging) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3594: (needs triaging) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3595: (needs triaging) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3607: (needs triaging)
CVE-2021-3608: (needs triaging)
CVE-2021-3713: (needs triaging) An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
CVE-2021-3735: (needs triaging)
CVE-2021-3750: (needs triaging)
CVE-2019-12067: (postponed; to be fixed through a stable update) The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-13253: (postponed; to be fixed through a stable update) sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2020-14394: (postponed; to be fixed through a stable update)
CVE-2020-15859: (postponed; to be fixed through a stable update) QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
CVE-2020-17380: (postponed; to be fixed through a stable update) A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
CVE-2020-25084: (postponed; to be fixed through a stable update) QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
CVE-2020-25085: (postponed; to be fixed through a stable update) QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
CVE-2020-25624: (postponed; to be fixed through a stable update) hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-25625: (postponed; to be fixed through a stable update) hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
CVE-2020-25723: (postponed; to be fixed through a stable update) A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-25741: (postponed; to be fixed through a stable update) fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVE-2020-25742: (postponed; to be fixed through a stable update) pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
CVE-2020-25743: (postponed; to be fixed through a stable update) hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
CVE-2020-27617: (postponed; to be fixed through a stable update) eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
CVE-2020-27661: (postponed; to be fixed through a stable update) A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-27821: (postponed; to be fixed through a stable update) A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
CVE-2020-28916: (postponed; to be fixed through a stable update) hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2020-29129: (postponed; to be fixed through a stable update) ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130: (postponed; to be fixed through a stable update) slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29443: (postponed; to be fixed through a stable update) ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-35503: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35504: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35505: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35506: (postponed; to be fixed through a stable update) A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2021-20181: (postponed; to be fixed through a stable update) A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
CVE-2021-20196: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20203: (postponed; to be fixed through a stable update) An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20221: (postponed; to be fixed through a stable update) An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20255: (postponed; to be fixed through a stable update) A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20257: (postponed; to be fixed through a stable update)

You can find information about how to handle these issues in the security team's documentation.

2 ignored issues:

CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

Created: 2021-02-19 Last update: 2021-10-11 16:32

13 security issues in bookworm high

There are 13 open security issues in bookworm.

13 important issues:

CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2021-3611:
CVE-2021-3735:
CVE-2021-3750:
CVE-2019-12067: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-14394:
CVE-2020-25741: fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVE-2020-25742: pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
CVE-2020-25743: hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
CVE-2020-35503: A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20196: A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20203: An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20255: A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Created: 2021-08-15 Last update: 2021-10-11 16:32

5 bugs tagged patch in the BTS normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2021-08-14 Last update: 2021-10-25 18:02

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-10-07 Last update: 2021-10-25 14:37

17 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 3c7c5124132a9dfd2d95162b6611b086f478a62e
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Mon Oct 25 11:09:15 2021 +0300

    move d/qemu-system-data.install to d/rules instead of fighting with dh_install
    
    in the process also stop installing /usr/share/qemu/keymaps/meson.build

commit 887f35b53b0312b054798a90156a5aee8d19b1ba
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Mon Oct 25 10:27:32 2021 +0300

    downgrade some gcc11 errors into warnings so roms will compile (#997082)

commit 5283814044c81d877beee7e4163677cf2b18c29a
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Tue Oct 19 12:03:28 2021 +0300

    d/control: use :native version of python3-sphynx (#995622)

commit d20678b8b918a149482fc66b61eb07b1f53feb7d
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Tue Oct 19 12:00:38 2021 +0300

    d/control: do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu

commit 3417c07e04b994d63cace82e86f3ae17266c65d6
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Tue Oct 19 11:54:05 2021 +0300

    trivia: remove trailing space from qemu-system-gui.install

commit 62f0c1dd13d2527f08d0f2855602496225bd9e2b
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Tue Oct 19 11:31:24 2021 +0300

    d/control: fix wrong relation (< vs <<)

commit 295c4825d1782765af423d58162abcee6b54da2c
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Sat Oct 16 08:57:52 2021 +0300

    qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp for the sdl ui

commit ac269fdee6b383ce928511b842207e6bcc41093d
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Sat Oct 16 08:37:42 2021 +0300

    enable zstd compression support (Build-Depends)

commit 8f0d6f66b9b027fa934999749bd9932105507b7d
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Oct 15 13:32:17 2021 +0300

    d/control: promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86 since it uses the same modules actually

commit 0dc544e9284a845078983058458bf413b2b5c549
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 23:02:22 2021 +0300

    d/rules: qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64

commit 162c685efc3e8061b175a2594f2c1af5054b9c9b
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 22:52:50 2021 +0300

    d/rules: disable building docs for xen build and use main QEMU_CONFIGURE_OPTIONS for xen again

commit 689af72e0212fc7ecc799cbb1faf145ea35744fe
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 22:51:39 2021 +0300

    d/rules: fix configure rule for the xen build

commit f63156a784fdd083991c43abff0aacb5e59fda88
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 14:56:38 2021 +0300

    d/rules: clean up rules for ubuntu-xen just a little bit

commit b798f39097f8c885bb477341808e30302c97429f
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 14:28:13 2021 +0300

    d/rules: use specific options environment variables for different builds (main/microvm/xen)

commit 9b796d0b2a85e3915963eb910a756c6c92c43187
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Oct 14 14:24:06 2021 +0300

    d/rules: recreate configure rule for microvm to use --without-default-features, this shortens the --disable list a lot

commit f32cb102e1d7b32e0666c40dcd4e667ad26096aa
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Wed Oct 6 13:47:39 2021 +0300

    remove qemu-user-static.README.Debian (#995633)

commit c54e98f12b657e9604b580ec4a11b79a4a5e46b0
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Wed Oct 6 13:46:28 2021 +0300

    qemu-system-data: do not install qemu.desktop, it is a template file for numerous executables (#995628)

Created: 2021-10-14 Last update: 2021-10-25 13:05

17 low-priority security issues in bullseye low

There are 17 open security issues in bullseye.

16 issues left for the package maintainer to handle:

CVE-2021-3507: (needs triaging) A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2021-3611: (needs triaging)
CVE-2021-3735: (needs triaging)
CVE-2021-3750: (needs triaging)
CVE-2019-12067: (postponed; to be fixed through a stable update) The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-14394: (postponed; to be fixed through a stable update)
CVE-2020-25741: (postponed; to be fixed through a stable update) fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVE-2020-25742: (postponed; to be fixed through a stable update) pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
CVE-2020-25743: (postponed; to be fixed through a stable update) hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
CVE-2020-35503: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35504: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35505: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35506: (postponed; to be fixed through a stable update) A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2021-20196: (postponed; to be fixed through a stable update) A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20203: (postponed; to be fixed through a stable update) An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20255: (postponed; to be fixed through a stable update) A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:

CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

Created: 2021-08-05 Last update: 2021-10-11 16:32

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2021-08-18 Last update: 2021-08-18 04:54

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2021-09-29 19:05

testing migrations

This package will soon be part of the auto-liburing transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-10-09] Accepted qemu 1:5.2+dfsg-11+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
[2021-10-08] Accepted qemu 1:6.1+dfsg-6~bpo11+1 (source amd64 all) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Michael Tokarev)
[2021-10-05] qemu 1:6.1+dfsg-6 MIGRATED to testing (Debian testing watch)
[2021-10-03] Accepted qemu 1:5.2+dfsg-11+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Michael Tokarev)
[2021-09-29] Accepted qemu 1:6.1+dfsg-6 (source) into unstable (Michael Tokarev)
[2021-09-11] Accepted qemu 1:2.8+dfsg-6+deb9u16 (source) into oldoldstable (Markus Koschany)
[2021-09-11] qemu 1:6.1+dfsg-5 MIGRATED to testing (Debian testing watch)
[2021-09-05] Accepted qemu 1:6.1+dfsg-5 (source) into unstable (Michael Tokarev)
[2021-09-02] Accepted qemu 1:2.8+dfsg-6+deb9u15 (source) into oldoldstable (Markus Koschany)
[2021-08-31] Accepted qemu 1:6.1+dfsg-4 (source) into unstable (Michael Tokarev)
[2021-08-31] Accepted qemu 1:6.1+dfsg-3 (source) into unstable (Michael Tokarev)
[2021-08-30] Accepted qemu 1:6.1+dfsg-2 (source) into unstable (Michael Tokarev)
[2021-08-25] Accepted qemu 1:6.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2021-08-17] Accepted qemu 1:6.0+dfsg-4 (source) into unstable (Michael Tokarev)
[2021-08-17] Accepted qemu 1:6.0+dfsg-3 (source) into unstable (Michael Tokarev)
[2021-07-25] qemu 1:5.2+dfsg-11 MIGRATED to testing (Debian testing watch)
[2021-07-21] Accepted qemu 1:6.0+dfsg-2exp (source) into experimental (Michael Tokarev)
[2021-07-18] Accepted qemu 1:5.2+dfsg-11 (source) into unstable (Michael Tokarev)
[2021-05-08] Accepted qemu 1:6.0+dfsg-1~exp0 (source) into experimental (Michael Tokarev)
[2021-05-08] qemu 1:5.2+dfsg-10 MIGRATED to testing (Debian testing watch)
[2021-04-16] Accepted qemu 1:5.2+dfsg-10 (source) into unstable (Michael Tokarev)
[2021-04-10] Accepted qemu 1:2.8+dfsg-6+deb9u14 (source) into oldstable (Markus Koschany)
[2021-04-08] Accepted qemu 1:5.2+dfsg-9~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Michael Tokarev)
[2021-03-23] qemu 1:5.2+dfsg-9 MIGRATED to testing (Debian testing watch)
[2021-03-17] Accepted qemu 1:5.2+dfsg-9 (source) into unstable (Michael Tokarev)
[2021-03-14] Accepted qemu 1:5.2+dfsg-8 (source) into unstable (Michael Tokarev)
[2021-03-14] Accepted qemu 1:5.2+dfsg-7 (source) into unstable (Michael Tokarev)
[2021-02-21] qemu 1:5.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2021-02-18] Accepted qemu 1:2.8+dfsg-6+deb9u13 (source) into oldstable (Sylvain Beucler) (signed by: Holger Levsen)
[2021-02-16] Accepted qemu 1:5.2+dfsg-6 (source) into unstable (Michael Tokarev)

bugs [bug history graph]

all: 158 171
RC: 1
I&N: 87 91
M&W: 70 79
F&P: 0
patch: 5

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 87)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:6.0+dfsg-2expubuntu1
85 bugs (1 patch)