Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892288
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for qemu (DLA-2288-1)
Summary:The remote host is missing an update for the 'qemu'; package(s) announced via the DLA-2288-1 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the DLA-2288-1 advisory.

Vulnerability Insight:
The following CVE(s) were reported against src:qemu:

CVE-2017-9503

QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2
Host Bus Adapter emulation support, allows local guest OS
privileged users to cause a denial of service (NULL pointer
dereference and QEMU process crash) via vectors involving megasas
command processing.

CVE-2019-12068

In QEMU 1:4.1-1 (1:2.8+dfsg-6+deb9u8), when executing script in
lsi_execute_script(), the LSI scsi adapter emulator advances
's->dsp' index to read next opcode. This can lead to an infinite
loop if the next opcode is empty. Move the existing loop exit
after 10k iterations so that it covers no-op opcodes as well.

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in
ui/vnc-enc-zrle.c during a VNC disconnect operation because libz
is misused, resulting in a situation where memory allocated in
deflateInit2 is not freed in deflateEnd.

CVE-2020-1983

A use after free vulnerability in ip_reass() in ip_input.c of
libslirp 4.2.0 and prior releases allows crafted packets to cause
a denial of service.

CVE-2020-8608

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses
snprintf return values, leading to a buffer overflow in later
code.

CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP
networking implementation of the QEMU emulator. This flaw occurs
in the icmp6_send_echoreply() routine while replying to an ICMP
echo request, also known as ping. This flaw allows a malicious
guest to leak the contents of the host memory, resulting in
possible information disclosure. This flaw affects versions of
libslirp before 4.3.1.

CVE-2020-13361

In QEMU 5.0.0 and earlier, es1370_transfer_audio in
hw/audio/es1370.c does not properly validate the frame count,
which allows guest OS users to trigger an out-of-bounds access
during an es1370_write() operation.

CVE-2020-13362

In QEMU 5.0.0 and earlier, megasas_lookup_frame in
hw/scsi/megasas.c has an out-of-bounds read via a crafted
reply_queue_head field from a guest OS user.

CVE-2020-13659

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL
pointer dereference related to BounceBuffer.

CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger
an out-of-bounds access via a crafted address in an msi-x mmio
operation.

CVE-2020-13765

rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate
the relationship between two addresses, which allows attackers
to trigger an invalid memory copy operation.

CVE-2020-15863

Stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c.

Affected Software/OS:
'qemu' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u10.

We recommend that you upgrade your qemu packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9503
BugTraq ID: 99010
http://www.securityfocus.com/bid/99010
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
http://www.openwall.com/lists/oss-security/2017/06/08/1
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-1983
Debian Security Information: DSA-4665 (Google Search)
https://www.debian.org/security/2020/dsa-4665
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html
SuSE Security Announcement: openSUSE-SU-2020:0636 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html
SuSE Security Announcement: openSUSE-SU-2020:0756 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html
https://usn.ubuntu.com/4372-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8608
Debian Security Information: DSA-4733 (Google Search)
https://www.debian.org/security/2020/dsa-4733
https://security.gentoo.org/glsa/202003-66
https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0
https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
https://www.openwall.com/lists/oss-security/2020/02/06/2
https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/4283-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.