[SECURITY] [DLA 3759-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3759-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
March 11, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : qemu
Version : 1:3.1+dfsg-8+deb10u12
CVE ID : CVE-2023-2861 CVE-2023-3354 CVE-2023-5088
Multiple vulnerabilities have been fixed in the machine emulator
and virtualizer QEMU.
CVE-2023-2861
9pfs did not prohibit opening special files on the host side
CVE-2023-3354
remote unauthenticated clients could cause denial of service in VNC server
CVE-2023-5088
IDE guest I/O operation addressed to an arbitrary disk offset might
get targeted to offset 0 instead
For Debian 10 buster, these problems have been fixed in version
1:3.1+dfsg-8+deb10u12.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXvPusACgkQiNJCh6LY
mLEpLQ//aGHe1oAqi/qNG1F16/1bA9DJ5jhVr+OmRhNSddCIrelqsOBlBo+l09vV
UxbWFSOheTfOj9QZS2q9WG3I2rA8EGz7lliMX9wOoPg2K/hxWMuhbvjmz2ZkFAOX
QhuSH6dqUf7F0AqiHWTcIoMzJp7yXwh7S0kPjsIS34sdclTu4+gTGJSQoG0jR5Jz
/jaNr8wMVNKpAWnSEuoEnUXwS3E5GoEJ6P/BUprCVKG5QEdn9IwCIkObELZi6K06
HG5b/r8WsWoF7THte6TfJp7MI0T8xCUGmAavUXtjCe5WenEAOfzzMjzVQuQYIyae
fAr4zk/Y0quph9G/BlnMx2rI+7KQcm0SXE+KKz8qCMffA8dP8GAiEcZkJl/QjpGZ
KgTYwaXXhcXOTDsTD7i3guHT2wQdxvSO39ScOHssxsz3+ijoMhl036mG2QN/Y8vf
3CZg4F4uJ2q7N4q6viZC+TR06rpq227uvJEYGSPiUtOkSDX28GbLDBPNcHept3SM
/BkaDvcPqA+tkIRw2GBeX/SKNMZ0WNo3RUI1SL+9MiPoi+AcI0ZoIZRNdht1IIeb
Uh8t0YYOnNL9K6hqrmp3ikNxNavX85RPqcPdEGdITi+1mWnZ+x+gs6zdIjOn9Pb0
EigLFMck+BB3IzVjoSe4rl9yqedlpbDZ/+gPC1PhvxB6lVXRjy4=
=4xcX
-----END PGP SIGNATURE-----
Reply to: