Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Debian 9: DSA-3920-1 Moderate: Qemu Denial Of Service Threats

debian
Calendar Grey July 25, 2017
Debian Logo
Several security loopholes have been discovered in qemu that necessitate immediate patches to avert multiple Denial of Service threats on Debian systems.
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310

Summary

Multiple vulnerabilities were found in in qemu, a fast processor
emulator:

CVE-2017-9310

Denial of service via infinite loop in e1000e NIC emulation.

CVE-2017-9330

Denial of service via infinite loop in USB OHCI emulation.

CVE-2017-9373

Denial of service via memory leak in IDE AHCI emulation.

CVE-2017-9374

Denial of service via memory leak in USB EHCI emulation.

CVE-2017-9375

Denial of service via memory leak in USB XHCI emulation.

CVE-2017-9524

Denial of service in qemu-nbd server.

CVE-2017-10664

Denial of service in qemu-nbd server.

CVE-2017-10911

Information leak in Xen blkif response handling.

For the oldstable distribution (jessie), a separate DSA will be issued.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to you...

Read the Full Advisory

Package: qemu
CVE ID: CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.