Debian 10 DLA-3759-1 Critical: QEMU Remote DoS and Other Fixes

debian lts

March 11, 2024

Multiple vulnerabilities have been fixed in the machine emulator and virtualizer QEMU

Topics Covered

security advisory critical remote DoS Debian multiple issues QEMU

Summary

CVE-2023-2861

9pfs did not prohibit opening special files on the host side

CVE-2023-3354

remote unauthenticated clients could cause denial of service in VNC server

CVE-2023-5088

IDE guest I/O operation addressed to an arbitrary disk offset might
get targeted to offset 0 instead

For Debian 10 buster, these problems have been fixed in version
1:3.1+dfsg-8+deb10u12.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

critical

Lowest

Low

Medium

High

Critical

Package: qemu

Version: 1:3.1+dfsg-8+deb10u12

CVE ID: CVE-2023-2861 CVE-2023-3354 CVE-2023-5088

Topics Covered

security advisory critical remote DoS Debian multiple issues QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian 10 DLA-3759-1 Critical: QEMU Remote DoS and Other Fixes

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian 10 DLA-3759-1 Critical: QEMU Remote DoS and Other Fixes

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!