Multiple vulnerabilities have been found in QEMU:
- CVE-2016-9911
Quick Emulator (Qemu) built with the USB EHCI Emulation support
is vulnerable to a memory leakage issue. It could occur while
processing packet data in ehci_init_transfer. A guest user/
process could use this issue to leak host memory, resulting in
DoS for a host.
- CVE-2016-9921 /
CVE-2016-9922
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to a divide by zero issue. It could occur
while copying VGA data when cirrus graphics mode was set to be
VGA. A privileged user inside guest could use this flaw to crash
the Qemu process instance on the host, resulting in DoS.
For Debian 7 Wheezy, these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>