Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3225
qemu security update
26 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-14378 CVE-2019-13164 CVE-2018-20815
Reference: ESB-2019.3191
ESB-2019.3141
ESB-2019.1919
ESB-2019.1639
Original Bulletin:
http://www.debian.org/security/2019/dsa-4506
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4506-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 24, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2018-20815 CVE-2019-13164 CVE-2019-14378
Debian Bug : 873012 933741 931351
Multiple security issues were discovered in QEMU, a fast processor
emulator, which could result in denial of service, the execution of
arbitrary code or bypass of ACLs.
In addition this update fixes a regression which could cause NBD
connections to hang.
For the oldstable distribution (stretch), these problems have been fixed
in version 1:2.8+dfsg-6+deb9u8.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1hCR8ACgkQEMKTtsN8
TjbIsQ//RgsOLWDU5rkXicnpyEhAG5QwkZijXFkIbrhvDuQdYThZzJKT0AdFFAti
ZzdfLxnc4arR160CoccIcw0J4pESoRcE/LWid7hNhCSpc9WX4KZc5cabwef0VuLw
4TAlqWMzPrV/1Hj5r2YGxb0OWO6YkWgcjJx0homD2b6ctW/BHh5Y+JyEF2BmbXIi
667vzxPT/c+jYg2dYYmhtpVkbEX2GLmg2tPssWrGeIRiYR5vwFHevQJeHS7rzyZ2
7CCpbx7ktv7jUea44iUYfsImmejEjcAeUSYj7fnEbmYeyywmDbVY6uEtSFKv5INn
K74ZCwC1mQOmb8DZBnG1noDh62u8eBoe/CIl4aH1KBbd0+Y3hmdfIFbE+e3f2LVt
ORuIrQJDm19ZmAx+C78ifWJL77KFS0Gvqsp3Qipak7XGyaEwTwUavriYwW9VyJVL
tP5yKXHstJWDV8oyQZ3w+GPLJH4p1G0cquy3Dn/Ne5dE9d3Q/w5Q5v5UNYCuqtDL
RwzaM7BUQXw2tO0cG2Q7O4e6iTq5XbEzR35cngIy6wDs67WnuH0Wvwfwt8vWNWpW
cIKg5UH9J2CXYmlzfKOkE9IoiKlAAhWClDPeFvaBJyZMFDqFMzZysht+/1ywbT7k
IX2oSA9Q+tu1sXTHHtMI9oUDs7MjfUpcQO+L5Ua/SbTm2uKA6sg=
=Vlo1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXWMvl2aOgq3Tt24GAQgROxAAme3QCst8Psd3rf80Y9YL9/aZxvq9DK90
th7SHss6+Chgp3/Waj6expWif0zBHQvROxpDcI43CVpLFwvOOvWrC0dxP75FlHA6
kp3yooQg6llvl8h6CMCuBlLwpblHpChCY0MkoHOE17kfbAtMKQ2Uef+q01p21w8o
huPzsVmxU2965yjS1YXTH6Wx4mAXc5xo5QMTOwMD52A3frHahJMY7HIizASgKLdk
GCmYTUdoEtlH+t94pP3dUoWkVE96MnIZchymzuhi1petFx1b34MQ8sp8QAPXOFAS
uIUmOrTjpQeEVoMinL9ARKQg0tUy//BUjWjAV+HwNOKWK9wgtd2/3P8PLouZr+Sv
WTn21Px9sdm91Bb8mNtkuVyZD1XTh1gAKolJYwIij3ZVd8fzKsWn73Po8My6mr32
KEjN3Y1HMMnj1v8Ntg8rbX8p3m2Lkkwy+H9Ub6vW4uPFxdPBuyObA2zXjwo9ELrA
ESll3A02sLGKQgqIAPi4WvAwNBq1Cl1RRP61OUa9nMXiSLgxIf2LRKUeylu4ZX/R
5KEYcKy3UP6W0OEXEF16pOQ1LU5R+5JZHPOiTNclwMQqgvxQR0B/IMZ4SJLeE4vi
lisKLcEocMVkcGtvDLWfspZCckHCKkceVWBF9uIXtjMIkl48VkqLZ87XCk1/ZGPX
Kx0Abgk0ViI=
=1ri2
-----END PGP SIGNATURE-----