[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2373-1] qemu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2373-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
September 13, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qemu
Version        : 1:2.8+dfsg-6+deb9u11
CVE ID         : CVE-2020-1711 CVE-2020-13253 CVE-2020-14364 CVE-2020-16092
Debian Bug     : 968947 961297 949731

The following security issues have been found in qemu, which could
potentially result in DoS and execution of arbitrary code.

CVE-2020-1711

    An out-of-bounds heap buffer access flaw was found in the way the iSCSI
    Block driver in QEMU handled a response coming from an iSCSI server
    while checking the status of a Logical Address Block (LBA) in an
    iscsi_co_block_status() routine. A remote user could use this flaw to
    crash the QEMU process, resulting in a denial of service or potential
    execution of arbitrary code with privileges of the QEMU process on the
    host.

CVE-2020-13253

    An out-of-bounds read access issue was found in the SD Memory Card
    emulator of the QEMU. It occurs while performing block write commands
    via sdhci_write(), if a guest user has sent 'address' which is OOB of
    's->wp_groups'. A guest user/process may use this flaw to crash the
    QEMU process resulting in DoS.

CVE-2020-14364

    An out-of-bounds read/write access issue was found in the USB emulator
    of the QEMU. It occurs while processing USB packets from a guest, when
    'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in
    do_token_{in,out} routines.


CVE-2020-16092

    An assertion failure can occur in the network packet processing. This
    issue affects the e1000e and vmxnet3 network devices. A malicious guest
    user/process could use this flaw to abort the QEMU process on the host,
    resulting in a denial of service condition in
    net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c

For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u11.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl9eaVMACgkQhj1N8u2c
KO+M3Q//ebK1iayHAU+lOFgWfa5HNgfmTXTDusWDIqJmqzsgi8IV9e25ZmCv7W1N
nPsPf/WH0yk6CSaUEYtu+h1OGYxGKM5OAYoojllSGGvHlMU4WIUK/i+9UXdCM/Fk
FPEcZcE7UrxHtUOZqI7t09ffLnf5CKM+/dY6b7qPiIptyxalyXCVyQXuu4PLhKQP
azNYEXg/BiPEkVZNC2VOxEAg80cxiDtVLrFtt1bhuxrWRVdSeHoeMNI44W37FFlO
zTSeTh66xHKwmpOYeApghe3SA/QoBcghovEUZdZk+TGntwZEJXgMKEScKGkKqDYr
wBqgUSV33s+qhZZdlySR3ehKpFcmNO6/1CbX1O1xk2t93U3rh/1PJSUqzkVhHqwa
zl8R3PKuA6V1xyijhk2Trmw2h9lUp0Kea4Vl/+sTJ/JPBWN1hszWqXdWgvgJRgCs
UvVFaR93pb4uanVC1mIwNqSK23to7Znvqc/5alngcXD6hAwZmCNFrd2b5/PyegEt
VdkgyHMuatf9x9l//UGYlagMHx0SvROwCRphzd7tCRO50WdKed1mgqS7ky6RTD43
/NhEq68XeeRbMYP8adi6NGG4dncuzbLtS5zrl0wS+DP1uB0RJ5+/qEnjCEwZQO/8
7IbwJ3ofI7EYSk9S5Rcq/9ejKNsfR9Yj+ItOfwNrnZ5mJnP7VS8=
=ihEC
-----END PGP SIGNATURE-----


Reply to: