Debian Security Advisory
DLA-2262-1 qemu -- LTS security update
- Date Reported:
- 29 Jun 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-1983, CVE-2020-13361, CVE-2020-13362, CVE-2020-13765.
- More information:
Several vulnerabilities were fixed in qemu, a fast processor emulator.
slirp: Fix use-after-free in ip_reass().
es1370_transfer_audio in hw/audio/es1370.c allowed guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
megasas_lookup_frame in hw/scsi/megasas.c had an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
hw/core/loader: Fix possible crash in rom_copy().
For Debian 8
Jessie, these problems have been fixed in version 1:2.1+dfsg-12+deb8u15.
We recommend that you upgrade your qemu packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS