FEDORA-2017-f941184db1

security update in Fedora 25 for qemu

Status: stable 2 years ago
  • CVE-2017-7718: cirrus: OOB read access issue (bz #1443443)
  • CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040)
  • CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872)
  • CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372)
  • CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622)
  • CVE-2017-8309: audio: host memory lekage via capture buffer (bz #1446520)
  • CVE-2017-8379: input: host memory lekage via keyboard events (bz #1446560)
  • CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write (bz #1446578)
  • CVE-2017-9060: virtio-gpu: host memory leakage in Virtio GPU device (bz #1452598)
  • CVE-2017-9310: net: infinite loop in e1000e NIC emulation (bz #1452623)
  • CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value (bz #1457699)
  • CVE-2017-9374: usb: ehci host memory leakage during hotunplug (bz #1459137)
  • CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging (bz #1468497)

How to install

sudo dnf upgrade --advisory=FEDORA-2017-f941184db1

Comments 10

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

No regressions noted.

karma: +1 critpath: +1

works for me in a VM

karma: +1

No regressions.

karma: +1

no regressions noted

karma: +1

Works

karma: +1

I tested this on my development system with vagrant-libvirt and the things I do seem to work well.

karma: +1 critpath: +1

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+6
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 26

00 #1430056 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
00 #1432040 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection [fedora-all]
00 #1437871 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create
00 #1437872 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create [fedora-all]
00 #1443441 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
00 #1443443 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue [fedora-all]
00 #1444371 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
00 #1444372 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines [fedora-all]
00 #1445621 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
00 #1445622 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 [fedora-all]
00 #1446517 CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
00 #1446520 CVE-2017-8309 Qemu: audio: host memory lekage via capture buffer [fedora-all]
00 #1446547 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
00 #1446560 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events [fedora-all]
00 #1446577 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write
00 #1446578 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write [fedora-all]
00 #1452597 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device
00 #1452598 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device [fedora-all]
00 #1452620 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
00 #1452623 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation [fedora-all]
00 #1457697 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
00 #1457699 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value [fedora-all]
00 #1459132 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
00 #1459137 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug [fedora-all]
00 #1468496 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
00 #1468497 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging [fedora-all]

Automated Test Results