[SECURITY] [DLA 2262-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : qemu
Version : 1:2.1+dfsg-12+deb8u15
CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765
Debian Bug :
Several vulnerabilities were fixed in qemu,
a fast processor emulator.
CVE-2020-1983
slirp: Fix use-after-free in ip_reass().
CVE-2020-13361
es1370_transfer_audio in hw/audio/es1370.c
allowed guest OS users to trigger an out-of-bounds access
during an es1370_write() operation.
CVE-2020-13362
megasas_lookup_frame in hw/scsi/megasas.c had
an out-of-bounds read via a crafted reply_queue_head field from
a guest OS user.
CVE-2020-13765
hw/core/loader: Fix possible crash in rom_copy().
For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u15.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl76U78ACgkQiNJCh6LY
mLHRYBAAx3RvnxmXNPSrQm0AaLnWyvM2eINfNk3H6WcMDDuhuInyYxhTIHr3k0C1
RYpyj+i85EHGsr9FqZKWhQRs0/YHwpJ3rgPczE6ZYQrqhMXZXd1kYkA4rxJE3o9J
BGSmw8ZX57sSXP/HSoB53tUCizUdJ9bAGeEHMSy5R3r6+P3gPKFGYnXiANzsZj2E
IJAdFaig1vHD82kmsEHsd1z4T7DxN7JKcF4J0X30yRWE0lIXefWOxEzaxcAMGkVN
EvH5nAKGX7zjiQ5OBSFSMh8VKvMoEPsQdXx+lzwaOuZ//dq/dOqj9mh33J8SEJLo
rMz/CLNkGeEGuejQc5kwuDExGgpgUksUzwmT93knfmM6OnwZaZa6UmPsuVQNWDkR
jMrQcyeXpf+FStVrMfgN0YUfHg7IpObcZcEEDxrq3tWfs9EaSUX4S3CaB1TDMhwo
Bm3EFLGvSbBxlpTa7/5+/kQKh+0hBU9GoPsnRw3yatRAmo0WW4rcpcRM7sBbKb1z
F5mw5gwiEj8juVZiX1RLSBvJIy+J8XSq59FIEq0KS1PBawomlRhg8iXOmZj9dA01
xdHmVovOSQJ3Gtp/2RLlWzTRsuhY5N4X7hHd9oeVqm6WvoVU4nK9E/O5aoQ1pB/V
zV1+XV+HBb05C+qmhWdFcBACqv1XJPrgbGgeW0yZmLgEaeLv3wY=
=2Zw5
-----END PGP SIGNATURE-----
Reply to: