Debian LTS: DLA-1927-1: qemu security update

    Date20 Sep 2019
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization).
    Package        : qemu
    Version        : 1:2.1+dfsg-12+deb8u12
    CVE ID         : CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068 
                     CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890
    Debian Bug     : 826151 832619 864219 929353 931351 933741 933742 939868 939869
    Several vulnerabilities were found in QEMU, a fast processor emulator
    (notably used in KVM and Xen HVM virtualization).
        Heap-based buffer overflow in the iscsi_aio_ioctl function in
        block/iscsi.c in QEMU allows local guest OS users to cause a
        denial of service (QEMU process crash) or possibly execute
        arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
        The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows
        local guest OS administrators to cause a denial of service (memory
        consumption and QEMU process crash) by submitting requests without
        waiting for completion.
        QEMU, when built with USB xHCI controller emulator support, allows
        local guest OS privileged users to cause a denial of service
        (infinite recursive call) via vectors involving control transfer
        descriptors sequencing.
        QEMU scsi disk backend: lsi: exit infinite loop while executing
        interface_release_resource in hw/display/qxl.c in QEMU has a NULL
        pointer dereference.
        qemu-bridge-helper.c in QEMU does not ensure that a network
        interface name (obtained from bridge.conf or a --br=bridge option)
        is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
        ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer
        overflow via a large packet because it mishandles a case involving
        the first fragment.
        libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass
        in ip_input.c.
    For Debian 8 "Jessie", these problems have been fixed in version
    We recommend that you upgrade your qemu packages.
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.