Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-2288-1: qemu security update

    Date
    329
    Posted By
    The following CVE(s) were reported against src:qemu: CVE-2017-9503
    
    - -----------------------------------------------------------------------
    Debian LTS Advisory DLA-2288-1              [email protected]
    https://www.debian.org/lts/security/                      Utkarsh Gupta
    July 25, 2020                               https://wiki.debian.org/LTS
    - -----------------------------------------------------------------------
    
    Package        : qemu
    Version        : 1:2.8+dfsg-6+deb9u10
    CVE ID         : CVE-2017-9503 CVE-2019-12068 CVE-2019-20382
                     CVE-2020-1983 CVE-2020-8608 CVE-2020-10756
                     CVE-2020-13361 CVE-2020-13362 CVE-2020-13659
                     CVE-2020-13754 CVE-2020-13765 CVE-2020-15863
    Debian Bug     : 865754 961887 961888 964793
    
    The following CVE(s) were reported against src:qemu:
    
    CVE-2017-9503
    
        QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2
        Host Bus Adapter emulation support, allows local guest OS
        privileged users to cause a denial of service (NULL pointer
        dereference and QEMU process crash) via vectors involving megasas
        command processing.
    
    CVE-2019-12068
    
        In QEMU 1:4.1-1 (1:2.8+dfsg-6+deb9u8), when executing script in
        lsi_execute_script(), the LSI scsi adapter emulator advances
        's->dsp' index to read next opcode. This can lead to an infinite
        loop if the next opcode is empty. Move the existing loop exit
        after 10k iterations so that it covers no-op opcodes as well.
    
    CVE-2019-20382
    
        QEMU 4.1.0 has a memory leak in zrle_compress_data in
        ui/vnc-enc-zrle.c during a VNC disconnect operation because libz
        is misused, resulting in a situation where memory allocated in
        deflateInit2 is not freed in deflateEnd.
    
    CVE-2020-1983
    
        A use after free vulnerability in ip_reass() in ip_input.c of
        libslirp 4.2.0 and prior releases allows crafted packets to cause
        a denial of service.
    
    CVE-2020-8608
    
        In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses
        snprintf return values, leading to a buffer overflow in later
        code.
    
    CVE-2020-10756
    
        An out-of-bounds read vulnerability was found in the SLiRP
        networking implementation of the QEMU emulator. This flaw occurs
        in the icmp6_send_echoreply() routine while replying to an ICMP
        echo request, also known as ping. This flaw allows a malicious
        guest to leak the contents of the host memory, resulting in
        possible information disclosure. This flaw affects versions of
        libslirp before 4.3.1.
    
    CVE-2020-13361
    
        In QEMU 5.0.0 and earlier, es1370_transfer_audio in
        hw/audio/es1370.c does not properly validate the frame count,
        which allows guest OS users to trigger an out-of-bounds access
        during an es1370_write() operation.
    
    CVE-2020-13362
    
        In QEMU 5.0.0 and earlier, megasas_lookup_frame in
        hw/scsi/megasas.c has an out-of-bounds read via a crafted
        reply_queue_head field from a guest OS user.
    
    CVE-2020-13659
    
        address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL
        pointer dereference related to BounceBuffer.
    
    CVE-2020-13754
    
        hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger
        an out-of-bounds access via a crafted address in an msi-x mmio
        operation.
    
    CVE-2020-13765
    
        rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate
        the relationship between two addresses, which allows attackers
        to trigger an invalid memory copy operation.
    
    CVE-2020-15863
    
        Stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c.
    
    For Debian 9 stretch, these problems have been fixed in version
    1:2.8+dfsg-6+deb9u10.
    
    We recommend that you upgrade your qemu packages.
    
    For the detailed security status of qemu please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/qemu
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    
    Best,
    Utkarsh
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.