Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3578 qemu security update for Debian LTS 23 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-15890 CVE-2019-14378 CVE-2019-13164 CVE-2019-12155 CVE-2019-12068 CVE-2017-9375 CVE-2016-5403 CVE-2016-5126 Reference: ESB-2019.3474 ESB-2017.1882 ESB-2016.1934 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : qemu Version : 1:2.1+dfsg-12+deb8u12 CVE ID : CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Debian Bug : 826151 832619 864219 929353 931351 933741 933742 939868 939869 Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). CVE-2016-5126 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2017-9375 QEMU, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. CVE-2019-12068 QEMU scsi disk backend: lsi: exit infinite loop while executing script CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference. CVE-2019-13164 qemu-bridge-helper.c in QEMU does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. CVE-2019-14378 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-15890 libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in ip_input.c. For Debian 8 "Jessie", these problems have been fixed in version 1:2.1+dfsg-12+deb8u12. We recommend that you upgrade your qemu packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl2EkSsACgkQj/HLbo2J BZ8/AQf6AmErhOVKqKi+8HVX5GIdlfM25ZPGP1Qi6FDMTsHxqeWNJQZ8zceoZAnq 8/y+UTvpnHiwegB5rQCE5p7hf/dkVkVqqHMwSChdxtuBw9wZc6Wa9oPwwZFX84Hv gC2q0rHIfBL1m9t0yO0OhWPwxd9ReizeLI6GmLGZNAlob7jKDPi4hzvDtZx4Pnwb jYDNVihhepdYcVmTbIh9c9bSboHatsbLTySgltN8pTkW1zmCeBauqntwS8P5S1YO 9UqpIAbpfpnIiUwv/0mZSLJAd7100gyl2OcdhAe+y3/RK8jfc/6vCUhJE9a2gYBB eamzL+01LkHnGrBssrvO2rXoR1tA+w== =tnrb - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXYgywWaOgq3Tt24GAQgumxAAi6qvw+Y6d5Lbs1EDRJ4AgJSx9ydhMh0G ORqUVQeo78+IDUDKaxccvcPxnwKabB0okpeHAmIohCx8zElPzFW2aOsaJ4uHvYbB pDFCcOzeWqp4yfYRk27EOHMvDzWNGQNbOgwjJEB+WQXwK68MU6ajiAeIQAPfwo2/ EqCtzYBpw1Ny3AIP4XcxZDipfH2wFawvyheBg9E52hcE4k2RENssxlQRdgcheMfa mp+QzTpcqpn7Chf9qv8SGIdObugUZ/eivI+nt4PQcqI38n+UICr+p8xOhXNxdnoz YXzUVLW5u1hEFNDyWGwVARbOIpT2MpYrLVjH0iWC21QcHTl26Pm9zvd+ks7Ao5hC rYv0TR21x+iqS+QQa8bs4NCRDQ1GrggwCBXEMeLQOFO1iCfhKCjLyZ6B1tH2qiJu RrAXVO45Eb/cSsnLDqzI5Jbs0m7Gm+TUhNg4dq/FfWJgdlAvgK46nQ1YiAmOR3+u hKikj/EkPagHG48/BJ2gFiSZozmqREgRqnBeIxRHZ/7ZamRpgGiRv4vKKtjEc362 uKsgi9vG2euFopVtydRaXiJlz21PoHnL1rAbno0azCN2SdoVoWfcwUQf9g5cjTtu c8n421tDyamSnBMUyllEuT+bWl6TRvPaAbTpFz/9N/nNPDl+YDO+CR1fA1uKiFJ9 Y4j1vpJCRv0= =p21j -----END PGP SIGNATURE-----