Debian Security Advisory
DSA-3925-1 qemu -- security update
- Date Reported:
- 04 Aug 2017
- Affected Packages:
- qemu
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 865755, Bug 869171, Bug 869173, Bug 867751, Bug 869945.
In Mitre's CVE dictionary: CVE-2017-9524, CVE-2017-10806, CVE-2017-11334, CVE-2017-11434. - More information:
-
Multiple vulnerabilities were found in qemu, a fast processor emulator:
- CVE-2017-9524
Denial of service in qemu-nbd server
- CVE-2017-10806
Buffer overflow in USB redirector
- CVE-2017-11334
Out-of-band memory access in DMA operations
- CVE-2017-11434
Out-of-band memory access in SLIRP/DHCP
For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u2.
We recommend that you upgrade your qemu packages.
- CVE-2017-9524