Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2448 qemu security update 20 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Denial of Service -- Existing Account Access Confidential Data -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-13754 CVE-2020-13659 CVE-2020-13362 CVE-2020-13361 CVE-2020-10756 Reference: ESB-2020.2236 Original Bulletin: http://www.debian.org/security/2020/dsa-4728 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4728-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13754 CVE-2020-13659 Debian Bug : 964247 961887 961887 961888 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in version 1:3.1+dfsg-8+deb10u6. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8UiCQACgkQEMKTtsN8 TjZQlg//RGbQ8itldZ9UrqeazXDIWCyuLIpw3STOHm6oHrWR+9M5kL1RSnHODYYY hxj7FHfa6ChUmA9Ilike8jad7+IRC7HMiiP6jE0Tug+eLIRqDT6DQCUIXPTZFCJa U6wrBJH/MpgqrCleqxHhK/iz0B98hOOnNchgNT7LIb5/11qGMrQJR7LDDEBDyJ9Q MzeWD98E7I4z1T1/vXqTO1EIKJT0hsebcCsgz/wgFCPn0f0fYEn8unkSmMjtS03t o0DRH7RI3rV8XfM6NAYsRslS9Fa4NWIPVdjJTdvILZZEXgH92S8mk+lOEtWdNNI0 B6b5B9xR4CJ9CYvrn5RLIijJpI7X2vfNddh0C9nJWJFwPTkAr8ZJlYJPxPz8TZE0 Bka63iq/G0aJrIVv3Lyzck4FXuuK1R587mREIf/DndQiEVVNQrhiDD566DLUAL/Y e+lySiEYkkx99syxPEsCHrcXlPgaKG593JUu5lskYvShu1YnhLmyXcL9HH+09NM/ 9Krcx7VeIXCc7IWLCjB1o5hiHsEW0BVwtqDXi8SpBuG5IxYm5vuJNnmMHEVz+AnX R5t7SVKpbbYopaufMQb2ztuf4oC4WuWTOmTcZJ8I+cTJu4DqtL/P67jFG2soOFoK kRmx/QR+qohjGNFvbqJl942+42yEz68q+anpm33pmV2D1v4oqb4= =UOnl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXxT3LONLKJtyKPYoAQg2dA//QhzYN31rsvgwL3LDpjTCrK4UR26lQxSI 7dH4+3VnX5dsZt3WMGMyfAk+6t00R2P7kxS5AyPhiZ1XicWa9yiiSN2Yc9/Oo7w7 Gdij5LXH2/rSXoLxNCxjEdp5E5kJK3fL9PTiYdwaufubkau4JEsQNebNPiXsf23F OqZxLZH+ONqfrofSuC9O8/jNZDFC8VqMDUmHcF61nbsLk+5HcXYmmp19kq5kLWcy xkj0VSkkzmHhUtM5Gtgi1SntOdOrVARB7fEQYv1iAit4d5G88NUAEPdGxiE45UNr rS0kg5l45ozw7Sww/uZdttfUFp/5GyxynNs739knf3jEhPABEsmHtd06WenNxauv HGeA+LjtuwtnSu2sIrqX8sAw6UT/o6FspbDm3BIdYkvy2RgWGGc5rM7ykUPl3zX5 mR1Ccd5TZXp8ZklghjlB5qqyxMR2+cPlwoxy6QsBUM0ScXYwpNfBcP7Dq5AlIBkW rTJBpSDgigXJD2DaYr7YtR+mUTZWF9WLQtz8SJqS48uCBgcWmEhGbnSKjI8Ax6kM JQButIW79f8yeg1e0acmgoCiB1NGaq3c77AV5H6vSa520ZJkOZxOHvWiOt29FN3E sgQ+oDzT6mH8oJcDKf9Hew8m1rMb9i01NnW+Cmje00sPHYCfl/NWy5QguKc29ARG plWpHvhwdfU= =b1AW -----END PGP SIGNATURE-----