-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : qemu Version : 1:2.1+dfsg-12+deb8u11 CVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824 Debian Bug : 901017 912535
Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-11806 It was found that the SLiRP networking implementation could use a wrong size when reallocating its buffers, which can be exploited by a priviledged user on a guest to cause denial of service or possibly arbitrary code execution on the host system. CVE-2018-18849 It was found that the LSI53C895A SCSI Host Bus Adapter emulation was susceptible to an out of bounds memory access, which could be leveraged by a malicious guest user to crash the QEMU process. CVE-2018-20815 A heap buffer overflow was found in the load_device_tree function, which could be used by a malicious user to potentially execute arbitrary code with the priviledges of the QEMU process. CVE-2019-9824 William Bowling discovered that the SLiRP networking implementation did not handle some messages properly, which could be triggered to leak memory via crafted messages. For Debian 8 "Jessie", these problems have been fixed in version 1:2.1+dfsg-12+deb8u11. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzUdIUACgkQnUbEiOQ2 gwKh6A/8CR5876MFmMly2kfPEep9f7arCi5Yr5rGn9c/8+qjjMQRNmrdCea78Gk+ dkGfNQEs//fAyRsYm0+2VwUszvEd0FJvi4pdqCKEQaHFT/6AP+hyZiL9VlhZ3gf6 RHVBAnFSRbaQhH2Us8kmFvSkLp9az6G8scHgaGxe62HZk4rxqiMVn3GxO2OygMqP Scl4V0XEuWHUzpLepYRpatb2peMmwoLg/URvcN3vhZaoyVtbrWuAVTBfUMxhXfVe Gw0wRdzb3ziKqQN3aw3Ao/f+ErOS8SGTyo7ns1wM4F0eIvLnd1McFaZ5Tfs269fb 68wfcMqqz3PZ6bQFXK273jes8krUn8dviHWAmtqf3cSK7iSCrsr/iOqYRtbUX5Bn XpNTfPns3oDiUrp3HMUqRkZCjxdhSCbFwerJYezX90wXZZxMd1R7zqVd3hu/u0Pj uragBJTcQpvFzpOcrI6j8CWc5tj2FFHeSGZqKdypdhPutEYL2VDEkKTQSaePzWzE rFTCbQ7Ymk4Cisi/bsaGpjCKOn8xi8ulXef8a9WR74On9gntYysG/411QUyOeeSe E+YP3eCSS6FMB343i/8avr2+77XB8d/zA2VbCT7+rnStEeXXXB9fL+xNjSzR4yNY FnfkbsMAJKeblf/2fIMVdbI76NGRvgAj6z4ojBS2nXu4MrxDhcE= =NNRo -----END PGP SIGNATURE-----