[SECURITY] [DLA 2090-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : qemu
Version : 1:2.1+dfsg-12+deb8u13
CVE ID : CVE-2020-7039
Debian Bug : 949085
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag
es
memory, as demonstrated by IRC DCC commands in EMU_IRC.
This can cause a heap-based buffer overflow or other out-of-bounds acces
s
which can lead to a DoS or potential execute arbitrary code.
For Debian 8 "Jessie", this problem has been fixed in version
1:2.1+dfsg-12+deb8u13.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl4zf3oACgkQgj6WdgbD
S5a+lA//dP1jvG/zMvusgDGZ7kQpFMz8ZOqMRrVso8NfpfgvL2x3YFO3F3i5SrgT
bepEOSQX/v0A/VnbN06M0vmLxTxIyVnuZ+einGSxhdikc6o6KC3pNHTMi6h2GmIu
AXgqFGaOZSLu5mQ6MUzItbQIC8MGXY5WxgSaBbEECe3uX3tu4Wn+PhbDCnmPwj6n
fKFkL6B7JHhQvLHk6PiDzDu6yzYMpOuW+kf4EcwS8KqsgxrMIWTDCvNS+wTEaX88
AuWn/qLl3QhHRdAd5IBoooIVc4aJz2ExE4/8ILtPIDqV1c17b4pTSANu0G5PxirQ
Pt6gLP/c21fYlkVzZ0MNM15GptfCpPStKFlWOudMkgH5hDj6Y6q1wTQTRSgTS7Jk
4uYeCWU5DP9EJnHSzJBYpvBwpo6pLw3w9qIdXD9nuKbIF/JF02iO3Z3mfJ4UV8JQ
nXX1HqWr1vbsvw9oiyMksPLWU9NLe3L2mcE3TqzEm7Qq/c4FY07tJ5DVgwlRRDXb
vyFS0k1BR3liA1/yslUoLaeOy5DMLYUwDsgnjV1rZsw0KuXYNr6y9pMkUv2Vrh9/
BozSbEsZ+hEmx44AYXY+EZdxiLEqlAUv6p8S0Ouz2Edb738D67gPKMnsSVaoO/Ui
0ed98xOlqTem2WAkJ9ONIL61zAsE5fCyE6p1FKwGbu/LEGVfwTk=
=uhdP
-----END PGP SIGNATURE-----
Reply to: