[SECURITY] [DSA 4733-1] qemu security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4733-1] qemu security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 24 Jul 2020 09:14:40 +0000
Message-id: <[🔎] 20200724091440.GA3942@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4733-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 24, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2020-8608
Debian Bug     : 964793

It was discovered that incorrect memory handling in the SLIRP networking
implementation could result in denial of service or potentially the
execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 1:3.1+dfsg-8+deb10u7. In addition this update fixes a regression
caused by the patch for CVE-2020-13754, which could lead to startup
failures in some Xen setups.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8aoWMACgkQEMKTtsN8
TjZzPRAAhMYXSscFWDZZssc4NWzRCJ/VMQf2DdsX40Z6QhoU4I3bT8FZjSq0gkWO
f/JBJKCFU/SfnIszoZpTkG7o6dq7OV4naz6t8ytf9WTdOMRi76aOX2Ue5ukxWvP8
oCsLHq6zTg2m8u9WkgCnDsHQm5buGpUEHsvApHeGNsaPoHuVhOXQbaPK+cGqg/fx
sf0shmsByztE7ZtP6+mZooZOg+To8uE/V93s9/zFCdcGQFs40f0KE9Q7yRhX7TLs
IskUeKgjKh0tD2GvteNzfMue9BNyw9XOKlZN4Ea+6P0lJc1nRSUyAAckz1YoJXUH
RAe3Ko9t4FomeQ0LB2QdQFXMErJy2yBMYm95ClOyH3SlUePA961URHWUqKfhMn+W
J9I/HFKNmPl0kHtijcOiuBaDQVDlXhL+sUrkX0bJhOWve81Vmyn2hHcZcUlBWW8M
jf0LykoQAd3vlkuFkiGqUtw6trs2tl8bdbajT6KJe+rR5GCohtOhNcY0UckCnt9v
CSnYdP83OeXb+qQsGP7+GEOFbY+u+ztJp87yl3BjgIsMmTe2akYhF7qtsK03/8qs
hioVeLnH1b10pi5HAAiVtEuTvI/4nyNzIYUmvhWn/5hfmWi6qzYjQCdFP3sxvVPx
QWIga8EFPmul0gsEPRFsxJj1aYPrdmCkxtDp/n94UXeD1YwgJsU=
=qsg/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4732-1] squid security update
Next by Date: [SECURITY] [DSA 4734-1] openjdk-11 security update
Previous by thread: [SECURITY] [DSA 4732-1] squid security update
Next by thread: [SECURITY] [DSA 4734-1] openjdk-11 security update
Index(es):
- Date
- Thread