The following updates has been released for Debian GNU/Linux 7 LTS:
DLA 1070-1: qemu security update
DLA 1071-1: qemu-kvm security update
DLA 1070-1: qemu security update
DLA 1071-1: qemu-kvm security update
DLA 1070-1: qemu security update
Package : qemu
Version : 1.1.2+dfsg-6+deb7u23
CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434
Multiple vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2017-6505
Denial of service via infinite loop in the USB OHCI emulation
CVE-2017-8309
Denial of service via VNC audio capture
CVE-2017-10664
Denial of service in qemu-nbd server, qemu-io and qemu-img
CVE-2017-11434
Denial of service via a crafted DHCP options string
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u23.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1071-1: qemu-kvm security update
Package : qemu-kvm
Version : 1.1.2+dfsg-6+deb7u23
CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434
Multiple vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests
based on the Quick Emulator(Qemu).
CVE-2017-6505
Denial of service via infinite loop in the USB OHCI emulation
CVE-2017-8309
Denial of service via VNC audio capture
CVE-2017-10664
Denial of service in qemu-nbd server, qemu-io and qemu-img.
CVE-2017-11434
Denial of service via a crafted DHCP options string
For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u23.
We recommend that you upgrade your qemu-kvm packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
