Debian LTS: DLA-2262-1: qemu security update

    Date 29 Jun 2020
    91
    Posted By LinuxSecurity Advisories
    Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983
    
    Package        : qemu
    Version        : 1:2.1+dfsg-12+deb8u15
    CVE ID         : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765
    Debian Bug     : 
    
    Several vulnerabilities were fixed in qemu,
    a fast processor emulator.
    
    CVE-2020-1983
    
        slirp: Fix use-after-free in ip_reass().
    
    CVE-2020-13361
    
        es1370_transfer_audio in hw/audio/es1370.c
        allowed guest OS users to trigger an out-of-bounds access
        during an es1370_write() operation.
    
    CVE-2020-13362
    
        megasas_lookup_frame in hw/scsi/megasas.c had
         an out-of-bounds read via a crafted reply_queue_head field from
         a guest OS user.
    
    CVE-2020-13765
    
        hw/core/loader: Fix possible crash in rom_copy().
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1:2.1+dfsg-12+deb8u15.
    
    We recommend that you upgrade your qemu packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"7","type":"x","order":"1","pct":18.42,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"4","type":"x","order":"2","pct":10.53,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"27","type":"x","order":"3","pct":71.05,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.