Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4396 qemu security update 7 September 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-35414 CVE-2022-26354 CVE-2021-20257 CVE-2021-20221 CVE-2021-20203 CVE-2021-20196 CVE-2021-20181 CVE-2021-4207 CVE-2021-4206 CVE-2021-3930 CVE-2021-3748 CVE-2021-3713 CVE-2021-3682 CVE-2021-3608 CVE-2021-3607 CVE-2021-3582 CVE-2021-3527 CVE-2021-3507 CVE-2021-3416 CVE-2021-3392 CVE-2020-35505 CVE-2020-35504 CVE-2020-29443 CVE-2020-29129 CVE-2020-28916 CVE-2020-27821 CVE-2020-27617 CVE-2020-25723 CVE-2020-25625 CVE-2020-25624 CVE-2020-25085 CVE-2020-25084 CVE-2020-15859 CVE-2020-15469 CVE-2020-13253 Original Bulletin: http://www.debian.org/lts/security/2022/dla-3099 Comment: CVSS (Max): 8.5 CVE-2021-3682 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSS Source: [Red Hat], SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3099-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA September 05, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : qemu Version : 1:3.1+dfsg-8+deb10u9 CVE ID : CVE-2020-13253 CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29443 CVE-2020-35504 CVE-2020-35505 CVE-2021-3392 CVE-2021-3416 CVE-2021-3507 CVE-2021-3527 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207 CVE-2021-20181 CVE-2021-20196 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2022-26354 CVE-2022-35414 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version 1:3.1+dfsg-8+deb10u9. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmMVbMUACgkQhj1N8u2c KO+N6w//XuvPOvMxGsDw3swppKApkL1ECz7NC1L4xRouPyHhh0JZrqwovd5miY6M mmIq2zeurtEVhf6kkhw1NP3ywrfgURyf7RhpcLN3z/o8aqjLoxL6fIJGzv9URulC 6xDpu1n5mKTI/EX8Zeqy9ks3+HgHNAg9jr5s5TWIYlJLhhlYvrvMbUAeM04V8Zaw XGXJj0Jx1f83CMFVNXDJ6shBzfUZII3taZIjUFcME5DUFNxaG8492nYisRcwlDNy Z1AOGbhehZlgbk5t4cX2kOMq/qp9EiAqrBUZgqXtT+zCRBr4hQjK5OOmaq69p4N5 RsS8MA3/Rtvt9b3xuNXnDy28O50yvlQJK9GJa/p8KM894pn2fMTu3pxFVAn4xIsp umcx4LbxSYaBDygtK81xhxK3ODfakR8YGmXUffeRasPw/mFncdN9kTxCvuSgdoUO rgqcmJ+D38JAzV+ALjEnMZkrGYzscM6GzKHA5DR37qmdG/JNNKpqy3TRWBpNY4ZL QYmAIW5MvCx3SEgZBeAkUwPpfam6d3DwKm7RUvmvL5ul/UDcyowYRCpZGwgtyL57 8N3yu0V9IA0L04yuiUcd9RE3qXGsFQU7YvzpB7hEj2WQIV2i9LDb+5D2qnUJmdCR +dCiSgxf0qi14Rbhv9gZ4/jCAC4fWHHGuyCO4ySyLVmDgtgBpQo= =EhD5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYxgWRMkNZI30y1K9AQi7JA/+I/Ic61o/Wo8+7JuPPRBsZVfdv7utTrIJ MSDUHBBBUdTTR2NmX51AMUEaArGNQgmfES92Z+OczdFLhiDZb41Am0+4MoWuirh6 Ab59zc0AVXvbJok8AgA8f4ePRbyMS45Y9Qnj1VHRBCfLYtiOp/grvHZu84kyjKNW Mim/gQWuEVQkwVfIzgQ0N5tHVw70maQewLiFUWTr0Ubcz3+0R2xXJcnkvDSJ5cCG LgCdSpmKUqVEhkIjxtjGf4VD6xRWZcnyiaJbGOzdOnsoGDuEl4Hbvtz8EteLgobE R61+1SuUEWhZqijbMlfA1muRW4xP4gtmaC3AQKJdRkC91lLozwtdWqV5T+5lIyCW WXhFj3fPH/PiT/zJXrk956QYLFPtBxOCZNfEnfHoKXnNrcHbxHWyHm2V1XIZn9pb atw4IaE6KooJXcpCAT5q514vN3IHngCixc9KtkJ8m8GO+xFGzr8acyYdx7LG9nAl LYKWjWQnWBrSYKUXRUAwK+DNm5pLaaQLkdXsGyu9dgMilVsrhjBISNs7/JBNP1pk TTTZ57cAxSS7DlcDFnxT98bIQDgc02dt/Z9lHltEWFPgN1O63T19tfzDR22RygKG nN93Xt+rLEqt/8cNArfZRX/ocWRKljSbtic2x7q8H6+14NrnLeXRgtiajdebgdtQ MrXe2kN3+zQ= =OWVg -----END PGP SIGNATURE-----