Debian Security Advisory
DSA-4733-1 qemu -- security update
- Date Reported:
- 24 Jul 2020
- Affected Packages:
- qemu
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 964793.
In Mitre's CVE dictionary: CVE-2020-8608. - More information:
-
It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in version 1:3.1+dfsg-8+deb10u7. In addition this update fixes a regression caused by the patch for CVE-2020-13754, which could lead to startup failures in some Xen setups.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu