FEDORA-2017-f941184db1

security update in Fedora 25 for qemu

Status: stable 2 years ago
  • CVE-2017-7718: cirrus: OOB read access issue (bz #1443443)
  • CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040)
  • CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872)
  • CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372)
  • CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622)
  • CVE-2017-8309: audio: host memory lekage via capture buffer (bz #1446520)
  • CVE-2017-8379: input: host memory lekage via keyboard events (bz #1446560)
  • CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write (bz #1446578)
  • CVE-2017-9060: virtio-gpu: host memory leakage in Virtio GPU device (bz #1452598)
  • CVE-2017-9310: net: infinite loop in e1000e NIC emulation (bz #1452623)
  • CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value (bz #1457699)
  • CVE-2017-9374: usb: ehci host memory leakage during hotunplug (bz #1459137)
  • CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging (bz #1468497)

How to install

sudo dnf upgrade --advisory=FEDORA-2017-f941184db1

Comments 10

This update has been submitted for testing by crobinso.

This update has been pushed to testing.

No regressions noted.

karma: +1 critpath: +1

works for me in a VM

karma: +1

No regressions.

karma: +1

no regressions noted

karma: +1

Works

karma: +1

I tested this on my development system with vagrant-libvirt and the things I do seem to work well.

karma: +1 critpath: +1

This update has been submitted for stable by crobinso.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1430056 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
#1432040 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection [fedora-all]
#1437871 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create
#1437872 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create [fedora-all]
#1443441 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
#1443443 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue [fedora-all]
#1444371 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
#1444372 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines [fedora-all]
#1445621 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
#1445622 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 [fedora-all]
#1446517 CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
#1446520 CVE-2017-8309 Qemu: audio: host memory lekage via capture buffer [fedora-all]
#1446547 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
#1446560 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events [fedora-all]
#1446577 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write
#1446578 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write [fedora-all]
#1452597 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device
#1452598 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device [fedora-all]
#1452620 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
#1452623 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation [fedora-all]
#1457697 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
#1457699 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value [fedora-all]
#1459132 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
#1459137 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug [fedora-all]
#1468496 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
#1468497 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+6
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 26

00 #1430056 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
00 #1432040 CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection [fedora-all]
00 #1437871 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create
00 #1437872 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create [fedora-all]
00 #1443441 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
00 #1443443 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue [fedora-all]
00 #1444371 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
00 #1444372 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines [fedora-all]
00 #1445621 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
00 #1445622 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 [fedora-all]
00 #1446517 CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
00 #1446520 CVE-2017-8309 Qemu: audio: host memory lekage via capture buffer [fedora-all]
00 #1446547 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
00 #1446560 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events [fedora-all]
00 #1446577 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write
00 #1446578 CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write [fedora-all]
00 #1452597 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device
00 #1452598 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device [fedora-all]
00 #1452620 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation
00 #1452623 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation [fedora-all]
00 #1457697 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
00 #1457699 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value [fedora-all]
00 #1459132 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
00 #1459137 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug [fedora-all]
00 #1468496 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
00 #1468497 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging [fedora-all]

Automated Test Results