Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3225 qemu security update 26 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-14378 CVE-2019-13164 CVE-2018-20815 Reference: ESB-2019.3191 ESB-2019.3141 ESB-2019.1919 ESB-2019.1639 Original Bulletin: http://www.debian.org/security/2019/dsa-4506 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4506-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2018-20815 CVE-2019-13164 CVE-2019-14378 Debian Bug : 873012 933741 931351 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs. In addition this update fixes a regression which could cause NBD connections to hang. For the oldstable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u8. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1hCR8ACgkQEMKTtsN8 TjbIsQ//RgsOLWDU5rkXicnpyEhAG5QwkZijXFkIbrhvDuQdYThZzJKT0AdFFAti ZzdfLxnc4arR160CoccIcw0J4pESoRcE/LWid7hNhCSpc9WX4KZc5cabwef0VuLw 4TAlqWMzPrV/1Hj5r2YGxb0OWO6YkWgcjJx0homD2b6ctW/BHh5Y+JyEF2BmbXIi 667vzxPT/c+jYg2dYYmhtpVkbEX2GLmg2tPssWrGeIRiYR5vwFHevQJeHS7rzyZ2 7CCpbx7ktv7jUea44iUYfsImmejEjcAeUSYj7fnEbmYeyywmDbVY6uEtSFKv5INn K74ZCwC1mQOmb8DZBnG1noDh62u8eBoe/CIl4aH1KBbd0+Y3hmdfIFbE+e3f2LVt ORuIrQJDm19ZmAx+C78ifWJL77KFS0Gvqsp3Qipak7XGyaEwTwUavriYwW9VyJVL tP5yKXHstJWDV8oyQZ3w+GPLJH4p1G0cquy3Dn/Ne5dE9d3Q/w5Q5v5UNYCuqtDL RwzaM7BUQXw2tO0cG2Q7O4e6iTq5XbEzR35cngIy6wDs67WnuH0Wvwfwt8vWNWpW cIKg5UH9J2CXYmlzfKOkE9IoiKlAAhWClDPeFvaBJyZMFDqFMzZysht+/1ywbT7k IX2oSA9Q+tu1sXTHHtMI9oUDs7MjfUpcQO+L5Ua/SbTm2uKA6sg= =Vlo1 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXWMvl2aOgq3Tt24GAQgROxAAme3QCst8Psd3rf80Y9YL9/aZxvq9DK90 th7SHss6+Chgp3/Waj6expWif0zBHQvROxpDcI43CVpLFwvOOvWrC0dxP75FlHA6 kp3yooQg6llvl8h6CMCuBlLwpblHpChCY0MkoHOE17kfbAtMKQ2Uef+q01p21w8o huPzsVmxU2965yjS1YXTH6Wx4mAXc5xo5QMTOwMD52A3frHahJMY7HIizASgKLdk GCmYTUdoEtlH+t94pP3dUoWkVE96MnIZchymzuhi1petFx1b34MQ8sp8QAPXOFAS uIUmOrTjpQeEVoMinL9ARKQg0tUy//BUjWjAV+HwNOKWK9wgtd2/3P8PLouZr+Sv WTn21Px9sdm91Bb8mNtkuVyZD1XTh1gAKolJYwIij3ZVd8fzKsWn73Po8My6mr32 KEjN3Y1HMMnj1v8Ntg8rbX8p3m2Lkkwy+H9Ub6vW4uPFxdPBuyObA2zXjwo9ELrA ESll3A02sLGKQgqIAPi4WvAwNBq1Cl1RRP61OUa9nMXiSLgxIf2LRKUeylu4ZX/R 5KEYcKy3UP6W0OEXEF16pOQ1LU5R+5JZHPOiTNclwMQqgvxQR0B/IMZ4SJLeE4vi lisKLcEocMVkcGtvDLWfspZCckHCKkceVWBF9uIXtjMIkl48VkqLZ87XCk1/ZGPX Kx0Abgk0ViI= =1ri2 -----END PGP SIGNATURE-----