Debian Package Tracker

general

source: qemu (main)
version: 1:3.1+dfsg-7
maintainer: Debian QEMU Team (archive) [DMD]
uploaders: Aurelien Jarno [DMD] – Riku Voipio [DMD] – Michael Tokarev [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1:2.1+dfsg-12+deb8u6
old-sec: 1:2.1+dfsg-12+deb8u11
stable: 1:2.8+dfsg-6+deb9u5
stable-sec: 1:2.8+dfsg-6+deb9u5
testing: 1:3.1+dfsg-7
unstable: 1:3.1+dfsg-7

versioned links

1:2.1+dfsg-12+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.1+dfsg-12+deb8u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.7+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.1+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

qemu
qemu-block-extra
qemu-guest-agent
qemu-kvm
qemu-system
qemu-system-arm
qemu-system-common
qemu-system-data
qemu-system-gui
qemu-system-mips
qemu-system-misc
qemu-system-ppc
qemu-system-sparc
qemu-system-x86
qemu-user
qemu-user-binfmt
qemu-user-static
qemu-utils

action needed

A new upstream version is available: 4.0.0-rc4 high

A new upstream version 4.0.0-rc4 is available, you should consider packaging it.

Created: 2019-03-24 Last update: 2019-05-26 02:02

4 security issues in buster high

There are 4 open security issues in buster.

3 important issues:

CVE-2019-12155:
CVE-2019-12247: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.
CVE-2019-5008: hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

1 issue skipped by the security teams:

CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Please fix them.

Created: 2019-01-22 Last update: 2019-05-25 05:37

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-12155:
CVE-2019-12247: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.
CVE-2019-5008: hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

Please fix them.

Created: 2019-02-18 Last update: 2019-05-25 05:37

15 security issues in jessie high

There are 15 open security issues in jessie.

2 important issues:

CVE-2019-12155:
CVE-2019-12247: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.

13 issues skipped by the security teams:

CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2016-9923: Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2015-8818: The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2015-8817: QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2017-9375: QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVE-2017-11334: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

Please fix them.

Created: 2015-09-05 Last update: 2019-05-25 05:37

20 security issues in stretch high

There are 20 open security issues in stretch.

2 important issues:

CVE-2019-12155:
CVE-2019-12247: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.

18 issues skipped by the security teams:

CVE-2018-18954: The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-9824:
CVE-2018-17958: Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
CVE-2017-9503: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2018-19364: hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-18849: In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2019-5008: hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2018-12617: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVE-2019-3812: QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2018-19489: v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-20815:
CVE-2019-6778: In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Please fix them.

Created: 2017-05-31 Last update: 2019-05-25 05:37

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2017-07-21 Last update: 2019-03-27 18:09

11 bugs tagged patch in the BTS normal

The BTS contains patches fixing 11 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-05-26 05:34

Depends on packages which need a new maintainer normal

The packages that qemu depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base
spice (#911427)
- Depends: libspice-server1 libspice-server1 libspice-server1 libspice-server1 libspice-server1 libspice-server1
- Build-Depends: libspice-server-dev
spice-protocol (#911429)
- Build-Depends: libspice-protocol-dev
usbredir (#911431)
- Depends: libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1
- Build-Depends: libusbredirparser-dev

Created: 2018-10-20 Last update: 2019-05-26 03:37

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit a06cc5987ba7da9e19699f9ebdd731c705000725
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu May 16 17:14:08 2019 +0300

    enable-md-no.patch & enable-md-clear.patch

commit b77221697fda07be9cee247bcafef92db7dc6b26
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu May 16 17:09:39 2019 +0300

    aarch32-exception-return-to-switch-from-hyp-mon.patch (#927763)

commit 64a6e566d203e7a9706a7e13800e3ec6ec2cd051
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Thu Apr 25 13:15:14 2019 +0300

    sun4u-add-power_mem_read-routine-CVE-2019-5008.patch (#927439)

Created: 2019-04-25 Last update: 2019-05-25 10:10

lintian reports 12 warnings normal

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-04-07 Last update: 2019-04-07 07:40

Multiarch hinter reports 2 issue(s) low

There are issues with the multiarch metadata for this package.

qemu could be converted to Architecture: all and marked Multi-Arch: foreign
qemu-system could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2019-03-28 Last update: 2019-05-26 02:09

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-04-13 Last update: 2018-12-12 18:09

news

[rss feed]

[2019-05-09] Accepted qemu 1:2.1+dfsg-12+deb8u11 (source amd64) into oldstable (Emilio Pozuelo Monfort)
[2019-04-06] qemu 1:3.1+dfsg-7 MIGRATED to testing (Debian testing watch)
[2019-03-27] Accepted qemu 1:3.1+dfsg-7 (source) into unstable (Michael Tokarev)
[2019-03-18] Accepted qemu 1:3.1+dfsg-6 (source) into unstable (Michael Tokarev)
[2019-03-16] qemu 1:3.1+dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-03-11] Accepted qemu 1:3.1+dfsg-5 (source) into unstable (Michael Tokarev)
[2019-02-28] Accepted qemu 1:2.1+dfsg-12+deb8u10 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-02-19] qemu 1:3.1+dfsg-4 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted qemu 1:3.1+dfsg-4 (source) into unstable (Michael Tokarev)
[2019-02-06] Accepted qemu 1:3.1+dfsg-3 (source) into unstable (Michael Tokarev)
[2019-01-29] Accepted qemu 1:2.1+dfsg-12+deb8u9 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-01-04] qemu 1:3.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted qemu 1:3.1+dfsg-2 (source) into unstable (Michael Tokarev)
[2018-12-12] Accepted qemu 1:3.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-11-29] Accepted qemu 1:2.1+dfsg-12+deb8u8 (source amd64) into oldstable (Santiago Ruano Rincón)
[2018-11-23] Accepted qemu 1:2.8+dfsg-6+deb9u5 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2018-11-11] Accepted qemu 1:2.8+dfsg-6+deb9u5 (source amd64) into stable->embargoed, stable (Moritz Mühlenhoff)
[2018-09-06] Accepted qemu 1:2.1+dfsg-12+deb8u7 (source amd64) into oldstable (Santiago Ruano Rincón)
[2018-06-07] qemu 1:2.12+dfsg-3 MIGRATED to testing (Debian testing watch)
[2018-06-03] Accepted qemu 1:2.8+dfsg-6+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2018-06-01] Accepted qemu 1:2.12+dfsg-3 (source amd64 all) into unstable (Michael Tokarev)
[2018-06-01] Accepted qemu 1:2.12+dfsg-2 (source amd64 all) into unstable, unstable (Michael Tokarev)
[2018-05-29] Accepted qemu 1:2.8+dfsg-6+deb9u4 (source) into stable->embargoed, stable (Michael Tokarev)
[2018-05-05] qemu 1:2.12+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-04-26] Accepted qemu 1:2.12+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-04-20] qemu 1:2.12~rc3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-04-17] Accepted qemu 1.1.2+dfsg-6+deb7u25 (source all amd64) into oldoldstable (Antoine Beaupré)
[2018-04-15] Accepted qemu 1:2.12~rc3+dfsg-2 (source) into unstable (Michael Tokarev)
[2018-04-12] Accepted qemu 1:2.12~rc3+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-01-16] qemu 1:2.11+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 166 179
RC: 1
I&N: 91 95
M&W: 74 83
F&P: 0
patch: 11

links

homepage
lintian (0, 12)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:3.1+dfsg-2ubuntu3
57 bugs (1 patch)