Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2448
qemu security update
20 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu
Publisher: Debian
Operating System: Debian GNU/Linux 10
Impact/Access: Denial of Service -- Existing Account
Access Confidential Data -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-13754 CVE-2020-13659 CVE-2020-13362
CVE-2020-13361 CVE-2020-10756
Reference: ESB-2020.2236
Original Bulletin:
http://www.debian.org/security/2020/dsa-4728
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4728-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2020-10756 CVE-2020-13361 CVE-2020-13362
CVE-2020-13754 CVE-2020-13659
Debian Bug : 964247 961887 961887 961888
Multiple security issues were discovered in QEMU, a fast processor
emulator, which could result in denial of service.
For the stable distribution (buster), these problems have been fixed in
version 1:3.1+dfsg-8+deb10u6.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8UiCQACgkQEMKTtsN8
TjZQlg//RGbQ8itldZ9UrqeazXDIWCyuLIpw3STOHm6oHrWR+9M5kL1RSnHODYYY
hxj7FHfa6ChUmA9Ilike8jad7+IRC7HMiiP6jE0Tug+eLIRqDT6DQCUIXPTZFCJa
U6wrBJH/MpgqrCleqxHhK/iz0B98hOOnNchgNT7LIb5/11qGMrQJR7LDDEBDyJ9Q
MzeWD98E7I4z1T1/vXqTO1EIKJT0hsebcCsgz/wgFCPn0f0fYEn8unkSmMjtS03t
o0DRH7RI3rV8XfM6NAYsRslS9Fa4NWIPVdjJTdvILZZEXgH92S8mk+lOEtWdNNI0
B6b5B9xR4CJ9CYvrn5RLIijJpI7X2vfNddh0C9nJWJFwPTkAr8ZJlYJPxPz8TZE0
Bka63iq/G0aJrIVv3Lyzck4FXuuK1R587mREIf/DndQiEVVNQrhiDD566DLUAL/Y
e+lySiEYkkx99syxPEsCHrcXlPgaKG593JUu5lskYvShu1YnhLmyXcL9HH+09NM/
9Krcx7VeIXCc7IWLCjB1o5hiHsEW0BVwtqDXi8SpBuG5IxYm5vuJNnmMHEVz+AnX
R5t7SVKpbbYopaufMQb2ztuf4oC4WuWTOmTcZJ8I+cTJu4DqtL/P67jFG2soOFoK
kRmx/QR+qohjGNFvbqJl942+42yEz68q+anpm33pmV2D1v4oqb4=
=UOnl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXxT3LONLKJtyKPYoAQg2dA//QhzYN31rsvgwL3LDpjTCrK4UR26lQxSI
7dH4+3VnX5dsZt3WMGMyfAk+6t00R2P7kxS5AyPhiZ1XicWa9yiiSN2Yc9/Oo7w7
Gdij5LXH2/rSXoLxNCxjEdp5E5kJK3fL9PTiYdwaufubkau4JEsQNebNPiXsf23F
OqZxLZH+ONqfrofSuC9O8/jNZDFC8VqMDUmHcF61nbsLk+5HcXYmmp19kq5kLWcy
xkj0VSkkzmHhUtM5Gtgi1SntOdOrVARB7fEQYv1iAit4d5G88NUAEPdGxiE45UNr
rS0kg5l45ozw7Sww/uZdttfUFp/5GyxynNs739knf3jEhPABEsmHtd06WenNxauv
HGeA+LjtuwtnSu2sIrqX8sAw6UT/o6FspbDm3BIdYkvy2RgWGGc5rM7ykUPl3zX5
mR1Ccd5TZXp8ZklghjlB5qqyxMR2+cPlwoxy6QsBUM0ScXYwpNfBcP7Dq5AlIBkW
rTJBpSDgigXJD2DaYr7YtR+mUTZWF9WLQtz8SJqS48uCBgcWmEhGbnSKjI8Ax6kM
JQButIW79f8yeg1e0acmgoCiB1NGaq3c77AV5H6vSa520ZJkOZxOHvWiOt29FN3E
sgQ+oDzT6mH8oJcDKf9Hew8m1rMb9i01NnW+Cmje00sPHYCfl/NWy5QguKc29ARG
plWpHvhwdfU=
=b1AW
-----END PGP SIGNATURE-----