Operating System:

[Debian]

Published:

19 February 2021

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2021.0614 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0614
                           qemu security update
                             19 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Increased Privileges     -- Existing Account      
                   Denial of Service        -- Existing Account      
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20221 CVE-2021-20181 CVE-2020-29443
                   CVE-2020-29130 CVE-2020-28916 CVE-2020-25084
                   CVE-2020-15859 CVE-2020-15469 CVE-2020-2891

Reference:         ESB-2021.0589
                   ESB-2021.0552
                   ESB-2021.0430

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- --------------------------------------------------------------------------
Debian LTS Advisory DLA-2560-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
February 18, 2021                             https://wiki.debian.org/LTS
- --------------------------------------------------------------------------

Package        : qemu
Version        : 1:2.8+dfsg-6+deb9u13
CVE ID         : CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-2891=
6=20
                 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20221
Debian Bug     : 970253 965978 970539 974687 976388

Several vulnerabilities were discovered in QEMU, a fast processor
emulator (notably used in KVM and Xen HVM virtualization). An attacker
could trigger a denial-of-service (DoS), information leak, and
possibly execute arbitrary code with the privileges of the QEMU
process on the host.

CVE-2020-15469

    A MemoryRegionOps object may lack read/write callback methods,
    leading to a NULL pointer dereference.

CVE-2020-15859

    QEMU has a use-after-free in hw/net/e1000e_core.c because a guest
    OS user can trigger an e1000e packet with the data's address set
    to the e1000e's MMIO address.

CVE-2020-25084

    QEMU has a use-after-free in hw/usb/hcd-xhci.c because the
    usb_packet_map return value is not checked.

CVE-2020-28916

    hw/net/e1000e_core.c has an infinite loop via an RX descriptor
    with a NULL buffer address.

CVE-2020-29130

    slirp.c has a buffer over-read because it tries to read a certain
    amount of header data even if that exceeds the total packet
    length.

CVE-2020-29443

    ide_atapi_cmd_reply_end in hw/ide/atapi.c allows out-of-bounds
    read access because a buffer index is not validated.

CVE-2021-20181

    9pfs: ZDI-CAN-10904: QEMU Plan 9 file system TOCTOU privilege
    escalation vulnerability.

CVE-2021-20221

    aarch64: GIC: out-of-bound heap buffer access via an interrupt ID
    field.

For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u13.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYC7/weNLKJtyKPYoAQjlJQ/+Oao25ZBYOAy9bNb/rd8zGBBeXDNAwy6y
WlmmIKNqscqMieyEOUdPPYgPDDMeORBAph7hi+nzszVJUORkuvbjMGyO6B3hJS5Q
MxyUaPlDuYuA8XERwucSqVMNmWLPFaLYc8/uWBvzafYdEBxwB3q8ngpTbkekcZef
xH+ET+AldoE3ksZdA0R0z+JaLm35mI+yZAdGQSmqvj9iPBLhYA8oZ6UgTYBdwYik
AYxVsMetFPR9pueCnB0PsNrll9OSLrYDdMvMdWnJoWbHAgiyRqROnql9annTp33L
DdN/nNj5Fyec6HPFPVcu5KcMLlFlmx4p+E6i5VKq7PoUp22VTbWyQs5+/MCWbPbQ
uQq/2hsRhHQqeJWTAvCIgK6hRy7gGjzRVJBcu837fQrySwR6Ox+EIIG2cF0KuqT0
hctZL7JhbYo3uAcXtEGnq+vIkndk6VwPAO1fEBWspYrt188hD7wavc82HYG3wnls
FegyXF8dLKS0tmuMrLK8iR8Ty2zwxv7unY11EmJOMUfpiD6HcAb9jX2nccmhC8cZ
3tuwADxn0cEviXBR2ivN5DBr9BGQe+9v3VBA2Q1cwEiQFfkba1XpCOZMKokSKda8
eBX+dwnXnOQVGkexIX+b5PVDwDpmw6yzbX0je1ZfYlT/wiyGauxmMdFTRaaQjfFn
pgTtd6sPE+E=
=Bpyg
-----END PGP SIGNATURE-----