Security Information / 2020 / Security Information -- DSA-4733-1 qemu

Debian Security Advisory

DSA-4733-1 qemu -- security update

Date Reported:

24 Jul 2020

Affected Packages:

qemu

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 964793.
In Mitre's CVE dictionary: CVE-2020-8608.

More information:

It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in version 1:3.1+dfsg-8+deb10u7. In addition this update fixes a regression caused by the patch for CVE-2020-13754, which could lead to startup failures in some Xen setups.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu