[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2262-1] qemu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qemu
Version        : 1:2.1+dfsg-12+deb8u15
CVE ID         : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765
Debian Bug     : 

Several vulnerabilities were fixed in qemu,
a fast processor emulator.

CVE-2020-1983

    slirp: Fix use-after-free in ip_reass().

CVE-2020-13361

    es1370_transfer_audio in hw/audio/es1370.c
    allowed guest OS users to trigger an out-of-bounds access
    during an es1370_write() operation.

CVE-2020-13362

    megasas_lookup_frame in hw/scsi/megasas.c had
     an out-of-bounds read via a crafted reply_queue_head field from
     a guest OS user.

CVE-2020-13765

    hw/core/loader: Fix possible crash in rom_copy().

For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u15.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl76U78ACgkQiNJCh6LY
mLHRYBAAx3RvnxmXNPSrQm0AaLnWyvM2eINfNk3H6WcMDDuhuInyYxhTIHr3k0C1
RYpyj+i85EHGsr9FqZKWhQRs0/YHwpJ3rgPczE6ZYQrqhMXZXd1kYkA4rxJE3o9J
BGSmw8ZX57sSXP/HSoB53tUCizUdJ9bAGeEHMSy5R3r6+P3gPKFGYnXiANzsZj2E
IJAdFaig1vHD82kmsEHsd1z4T7DxN7JKcF4J0X30yRWE0lIXefWOxEzaxcAMGkVN
EvH5nAKGX7zjiQ5OBSFSMh8VKvMoEPsQdXx+lzwaOuZ//dq/dOqj9mh33J8SEJLo
rMz/CLNkGeEGuejQc5kwuDExGgpgUksUzwmT93knfmM6OnwZaZa6UmPsuVQNWDkR
jMrQcyeXpf+FStVrMfgN0YUfHg7IpObcZcEEDxrq3tWfs9EaSUX4S3CaB1TDMhwo
Bm3EFLGvSbBxlpTa7/5+/kQKh+0hBU9GoPsnRw3yatRAmo0WW4rcpcRM7sBbKb1z
F5mw5gwiEj8juVZiX1RLSBvJIy+J8XSq59FIEq0KS1PBawomlRhg8iXOmZj9dA01
xdHmVovOSQJ3Gtp/2RLlWzTRsuhY5N4X7hHd9oeVqm6WvoVU4nK9E/O5aoQ1pB/V
zV1+XV+HBb05C+qmhWdFcBACqv1XJPrgbGgeW0yZmLgEaeLv3wY=
=2Zw5
-----END PGP SIGNATURE-----


Reply to: