Debian Package Tracker

general

source: qemu (main)
version: 1:3.1+dfsg-2
maintainer: Debian QEMU Team (archive) [DMD]
uploaders: Aurelien Jarno [DMD] – Riku Voipio [DMD] – Michael Tokarev [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.2+dfsg-6a+deb7u12
o-o-sec: 1.1.2+dfsg-6+deb7u25
o-o-bpo: 1:2.1+dfsg-12+deb8u5a~bpo70+1
oldstable: 1:2.1+dfsg-12+deb8u6
old-sec: 1:2.1+dfsg-12+deb8u8
old-bpo: 1:2.8+dfsg-3~bpo8+1
stable: 1:2.8+dfsg-6+deb9u4
stable-sec: 1:2.8+dfsg-6+deb9u5
stable-p-u: 1:2.8+dfsg-6+deb9u5
testing: 1:3.1+dfsg-2
unstable: 1:3.1+dfsg-2

versioned links

1.1.2+dfsg-6a+deb7u12: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.2+dfsg-6+deb7u25: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.0+dfsg-4~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1+dfsg-5~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.1+dfsg-12+deb8u5a~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.1+dfsg-12+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.1+dfsg-12+deb8u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.7+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-3~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

qemu
qemu-block-extra
qemu-guest-agent
qemu-kvm
qemu-system
qemu-system-arm
qemu-system-common
qemu-system-data
qemu-system-gui
qemu-system-mips
qemu-system-misc
qemu-system-ppc
qemu-system-sparc
qemu-system-x86
qemu-user
qemu-user-binfmt
qemu-user-static
qemu-utils

action needed

A new upstream version is available: 3.1.0-rc5 high

A new upstream version 3.1.0-rc5 is available, you should consider packaging it.

Created: 2017-11-21 Last update: 2019-01-24 04:34

14 security issues in stretch high

There are 14 open security issues in stretch.

6 important issues:

CVE-2018-16867: A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
CVE-2018-19489: v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364: hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
CVE-2019-6501:
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

8 issues skipped by the security teams:

CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2018-18954: The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2017-9503: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2018-18849:
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-17958: Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-12617: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Please fix them.

Created: 2017-05-31 Last update: 2019-01-23 01:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-6501:

Please fix it.

Created: 2019-01-22 Last update: 2019-01-23 01:00

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-6501:

Please fix it.

Created: 2019-01-22 Last update: 2019-01-23 01:00

21 security issues in jessie high

There are 21 open security issues in jessie.

6 important issues:

CVE-2018-16867: A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
CVE-2018-19489: v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364: hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
CVE-2019-6501:
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

15 issues skipped by the security teams:

CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2015-8818: The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-18849:
CVE-2018-12617: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVE-2017-9375: QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVE-2015-8817: QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2016-9923: Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-11334: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2018-17958: Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

Please fix them.

Created: 2015-09-05 Last update: 2019-01-23 01:00

lintian reports 57 warnings high

Lintian reports 57 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-17 Last update: 2019-01-18 06:29

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2017-07-21 Last update: 2018-12-23 17:14

11 bugs tagged patch in the BTS normal

The BTS contains patches fixing 11 bugs, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-01-24 10:24

Depends on packages which need a new maintainer normal

The packages that qemu depends on which need a new maintainer are:

spice (#911427)
- Build-Depends: libspice-server-dev
- Depends: libspice-server1 libspice-server1 libspice-server1 libspice-server1 libspice-server1 libspice-server1
usbredir (#911431)
- Build-Depends: libusbredirparser-dev
- Depends: libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1
spice-protocol (#911429)
- Build-Depends: libspice-protocol-dev

Created: 2018-10-20 Last update: 2019-01-24 08:59

3 new commits since last upload, time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit cb8737ef48a37eddf12ac199b46f9034273ba6d3
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Dec 21 19:29:14 2018 +0300

    remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)

commit 8ea83360bdd6889534773ad432f9b75ef7f74db3
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Dec 21 19:25:33 2018 +0300

    move ovmf to recommends on debian and update aarch ovmf refs (#889885)

commit 1fdb07c3218d9818e4325fbc1dab341021dbce84
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Dec 21 19:16:40 2018 +0300

    mention #696289 closed by 2.10

Created: 2018-05-31 Last update: 2019-01-23 18:51

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-04-13 Last update: 2018-12-12 18:09

news

[rss feed]

[2019-01-04] qemu 1:3.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted qemu 1:3.1+dfsg-2 (source) into unstable (Michael Tokarev)
[2018-12-12] Accepted qemu 1:3.1+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-11-29] Accepted qemu 1:2.1+dfsg-12+deb8u8 (source amd64) into oldstable (Santiago Ruano Rincón)
[2018-11-23] Accepted qemu 1:2.8+dfsg-6+deb9u5 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2018-11-11] Accepted qemu 1:2.8+dfsg-6+deb9u5 (source amd64) into stable->embargoed, stable (Moritz Mühlenhoff)
[2018-09-06] Accepted qemu 1:2.1+dfsg-12+deb8u7 (source amd64) into oldstable (Santiago Ruano Rincón)
[2018-06-07] qemu 1:2.12+dfsg-3 MIGRATED to testing (Debian testing watch)
[2018-06-03] Accepted qemu 1:2.8+dfsg-6+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2018-06-01] Accepted qemu 1:2.12+dfsg-3 (source amd64 all) into unstable (Michael Tokarev)
[2018-06-01] Accepted qemu 1:2.12+dfsg-2 (source amd64 all) into unstable, unstable (Michael Tokarev)
[2018-05-29] Accepted qemu 1:2.8+dfsg-6+deb9u4 (source) into stable->embargoed, stable (Michael Tokarev)
[2018-05-05] qemu 1:2.12+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-04-26] Accepted qemu 1:2.12+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-04-20] qemu 1:2.12~rc3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-04-17] Accepted qemu 1.1.2+dfsg-6+deb7u25 (source all amd64) into oldoldstable (Antoine Beaupré)
[2018-04-15] Accepted qemu 1:2.12~rc3+dfsg-2 (source) into unstable (Michael Tokarev)
[2018-04-12] Accepted qemu 1:2.12~rc3+dfsg-1 (source) into unstable (Michael Tokarev)
[2018-01-16] qemu 1:2.11+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-01-11] Accepted qemu 1:2.11+dfsg-1 (source) into unstable (Michael Tokarev)
[2017-10-13] qemu 1:2.10.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-10-08] Accepted qemu 1.1.2+dfsg-6+deb7u24 (source all amd64) into oldoldstable (Guido Günther)
[2017-10-08] Accepted qemu 1:2.10.0+dfsg-2 (source) into unstable (Michael Tokarev)
[2017-10-07] Accepted qemu 1:2.8+dfsg-6+deb9u3 (source) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2017-09-29] qemu 1:2.10.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-09-28] Accepted qemu 1:2.8+dfsg-6+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2017-09-23] Accepted qemu 1:2.10.0+dfsg-1 (source) into unstable (Michael Tokarev)
[2017-09-23] Accepted qemu 1:2.10.0-1 (source) into unstable (Michael Tokarev)
[2017-09-07] Accepted qemu 1:2.8+dfsg-6+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2017-08-28] Accepted qemu 1.1.2+dfsg-6+deb7u23 (source all amd64) into oldoldstable (Guido Günther)

bugs [bug history graph]

all: 163 176
RC: 0
I&N: 87 91
M&W: 75 84
F&P: 1
patch: 11

links

homepage
lintian (0, 57)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:2.12+dfsg-3ubuntu9
59 bugs (1 patch)