Debian LTS Advisory ([SECURITY] [DLA 1035-1] qemu security update)

Several vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9603 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support is vulnerable to a heap buffer overflow issue. It could occur when Vnc client attempts to update its display after a vga operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. CVE-2017-7718 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_ and/or cirrus_bitblt_rop_fwd_. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Description truncated. Please see the references for more information.

qemu on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u22. We recommend that you upgrade your qemu packages.