Ubuntu 20.04 18.04 QEMU Medium DoS Vulnerability Backslide USN-8412-2

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-8412-1 introduced a regression in QEMU Software Description: - qemu: Machine emulator and virtualizer Details: USN-8412-1 fixed vulnerabilities in QEMU. On both Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, the fix for CVE-2024-7409 was incomplete and resulted in a regression that could cause qemu-nbd to crash when a client connected. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711) It was discovered that the iSCSI block driver in QEMU incorrectly handled ...