Debian Security Advisory

DLA-1694-1 qemu -- LTS security update

Date Reported:
28 Feb 2019
Affected Packages:
qemu
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 916397, Bug 902725, Bug 921525.
In Mitre's CVE dictionary: CVE-2018-12617, CVE-2018-16872, CVE-2019-6778.
More information:

Several vulnerabilities were found in QEMU, a fast processor emulator:

  • CVE-2018-12617

    The qmp_guest_file_read function (qga/commands-posix.c) is affected by an integer overflow and subsequent memory allocation failure. This weakness might be leveraged by remote attackers to cause denial of service (application crash).

  • CVE-2018-16872

    The usb_mtp_get_object, usb_mtp_get_partial_object and usb_mtp_object_readdir functions (hw/usb/dev-mtp.c) are affected by a symlink attack. Remote attackers might leverage this vulnerability to perform information disclosure.

  • CVE-2019-6778

    The tcp_emu function (slirp/tcp_subr.c) is affected by a heap buffer overflow caused by insufficient validation of available space in the sc_rcv->sb_data buffer. Remote attackers might leverage this flaw to cause denial of service, or any other unspecified impact.

For Debian 8 Jessie, these problems have been fixed in version 1:2.1+dfsg-12+deb8u10.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS