Package : qemu
Version : 1:2.1+dfsg-12+deb8u15
CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765
Debian Bug :
Several vulnerabilities were fixed in qemu,
a fast processor emulator.
CVE-2020-1983
slirp: Fix use-after-free in ip_reass().
CVE-2020-13361
es1370_transfer_audio in hw/audio/es1370.c
allowed guest OS users to trigger an out-of-bounds access
during an es1370_write() operation.
CVE-2020-13362
megasas_lookup_frame in hw/scsi/megasas.c had
an out-of-bounds read via a crafted reply_queue_head field from
a guest OS user.
CVE-2020-13765
hw/core/loader: Fix possible crash in rom_copy().
For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u15.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2262-1: qemu security update
June 29, 2020
Several vulnerabilities were fixed in qemu, a fast processor emulator
Summary
slirp: Fix use-after-free in ip_reass().
CVE-2020-13361
es1370_transfer_audio in hw/audio/es1370.c
allowed guest OS users to trigger an out-of-bounds access
during an es1370_write() operation.
CVE-2020-13362
megasas_lookup_frame in hw/scsi/megasas.c had
an out-of-bounds read via a crafted reply_queue_head field from
a guest OS user.
CVE-2020-13765
hw/core/loader: Fix possible crash in rom_copy().
For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u15.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : qemu
Version : 1:2.1+dfsg-12+deb8u15
CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765
Debian Bug :
News
HOWTOs
About Us
Powered By
