[SECURITY] [DLA 3759-1] qemu security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3759-1] qemu security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 11 Mar 2024 19:27:07 +0200
Message-id: <[🔎] Ze8+62Sf3E6INvFg@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3759-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 11, 2024                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qemu
Version        : 1:3.1+dfsg-8+deb10u12
CVE ID         : CVE-2023-2861 CVE-2023-3354 CVE-2023-5088

Multiple vulnerabilities have been fixed in the machine emulator 
and virtualizer QEMU.

CVE-2023-2861

    9pfs did not prohibit opening special files on the host side

CVE-2023-3354

    remote unauthenticated clients could cause denial of service in VNC server

CVE-2023-5088

    IDE guest I/O operation addressed to an arbitrary disk offset might 
    get targeted to offset 0 instead

For Debian 10 buster, these problems have been fixed in version
1:3.1+dfsg-8+deb10u12.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXvPusACgkQiNJCh6LY
mLEpLQ//aGHe1oAqi/qNG1F16/1bA9DJ5jhVr+OmRhNSddCIrelqsOBlBo+l09vV
UxbWFSOheTfOj9QZS2q9WG3I2rA8EGz7lliMX9wOoPg2K/hxWMuhbvjmz2ZkFAOX
QhuSH6dqUf7F0AqiHWTcIoMzJp7yXwh7S0kPjsIS34sdclTu4+gTGJSQoG0jR5Jz
/jaNr8wMVNKpAWnSEuoEnUXwS3E5GoEJ6P/BUprCVKG5QEdn9IwCIkObELZi6K06
HG5b/r8WsWoF7THte6TfJp7MI0T8xCUGmAavUXtjCe5WenEAOfzzMjzVQuQYIyae
fAr4zk/Y0quph9G/BlnMx2rI+7KQcm0SXE+KKz8qCMffA8dP8GAiEcZkJl/QjpGZ
KgTYwaXXhcXOTDsTD7i3guHT2wQdxvSO39ScOHssxsz3+ijoMhl036mG2QN/Y8vf
3CZg4F4uJ2q7N4q6viZC+TR06rpq227uvJEYGSPiUtOkSDX28GbLDBPNcHept3SM
/BkaDvcPqA+tkIRw2GBeX/SKNMZ0WNo3RUI1SL+9MiPoi+AcI0ZoIZRNdht1IIeb
Uh8t0YYOnNL9K6hqrmp3ikNxNavX85RPqcPdEGdITi+1mWnZ+x+gs6zdIjOn9Pb0
EigLFMck+BB3IzVjoSe4rl9yqedlpbDZ/+gPC1PhvxB6lVXRjy4=
=4xcX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3758-1] tiff security update
Next by Date: [SECURITY] [DLA 3760-1] node-xml2js security update
Previous by thread: [SECURITY] [DLA 3758-1] tiff security update
Next by thread: [SECURITY] [DLA 3760-1] node-xml2js security update
Index(es):
- Date
- Thread