Debian LTS: DLA-1927-1: qemu security update

    Date20 Sep 2019
    CategoryDebian LTS
    708
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization).
    
    Package        : qemu
    Version        : 1:2.1+dfsg-12+deb8u12
    CVE ID         : CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068 
                     CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890
    Debian Bug     : 826151 832619 864219 929353 931351 933741 933742 939868 939869
    
    
    Several vulnerabilities were found in QEMU, a fast processor emulator
    (notably used in KVM and Xen HVM virtualization).
    
    CVE-2016-5126
    
        Heap-based buffer overflow in the iscsi_aio_ioctl function in
        block/iscsi.c in QEMU allows local guest OS users to cause a
        denial of service (QEMU process crash) or possibly execute
        arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
    
    CVE-2016-5403
    
        The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows
        local guest OS administrators to cause a denial of service (memory
        consumption and QEMU process crash) by submitting requests without
        waiting for completion.
    
    CVE-2017-9375
    
        QEMU, when built with USB xHCI controller emulator support, allows
        local guest OS privileged users to cause a denial of service
        (infinite recursive call) via vectors involving control transfer
        descriptors sequencing.
    
    CVE-2019-12068
    
        QEMU scsi disk backend: lsi: exit infinite loop while executing
        script
    
    CVE-2019-12155
    
        interface_release_resource in hw/display/qxl.c in QEMU has a NULL
        pointer dereference.
    
    CVE-2019-13164
    
        qemu-bridge-helper.c in QEMU does not ensure that a network
        interface name (obtained from bridge.conf or a --br=bridge option)
        is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
    
    CVE-2019-14378
    
        ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer
        overflow via a large packet because it mishandles a case involving
        the first fragment.
    
    CVE-2019-15890
    
        libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass
        in ip_input.c.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1:2.1+dfsg-12+deb8u12.
    
    We recommend that you upgrade your qemu packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.