Debian: DLA-2262-1 Critical: qemu Out-Of-Bounds Access Issues

debian lts

June 29, 2020

Several vulnerabilities were fixed in qemu, a fast processor emulator

Topics Covered

security advisory update Debian out-of-bounds severity moderate qemu processor emulator

Summary

slirp: Fix use-after-free in ip_reass().

CVE-2020-13361

es1370_transfer_audio in hw/audio/es1370.c
allowed guest OS users to trigger an out-of-bounds access
during an es1370_write() operation.

CVE-2020-13362

megasas_lookup_frame in hw/scsi/megasas.c had
an out-of-bounds read via a crafted reply_queue_head field from
a guest OS user.

CVE-2020-13765

hw/core/loader: Fix possible crash in rom_copy().

For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u15.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

critical

Lowest

Low

Medium

High

Critical

Package: qemu

Version: 1:2.1+dfsg-12+deb8u15

CVE ID: CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765

Debian Bug:

Topics Covered

security advisory update Debian out-of-bounds severity moderate qemu processor emulator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian: DLA-2262-1 Critical: qemu Out-Of-Bounds Access Issues

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian: DLA-2262-1 Critical: qemu Out-Of-Bounds Access Issues

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!