|
|
Subscribe / Log in / New account

Debian alert DLA-4144-1 (qemu)

From:  Santiago Ruano Rincón <santiagorr@riseup.net>
To:  debian-lts-announce@lists.debian.org
Subject:  [SECURITY] [DLA 4144-1] qemu security update
Date:  Wed, 30 Apr 2025 15:44:45 -0300
Message-ID:  <aBJvnZP9Q2huFlrw@voleno>

------------------------------------------------------------------------- Debian LTS Advisory DLA-4144-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Santiago Ruano Rincón April 30, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : qemu Version : 1:5.2+dfsg-11+deb11u4 CVE ID : CVE-2023-1544 CVE-2023-3019 CVE-2023-5088 CVE-2023-6693 CVE-2024-3447 Debian Bug : 1034179 1041102 1068821 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or information leak. CVE-2023-1544 Potential out-of-bounds read and crash via VMWare's paravirtual RDMA device. CVE-2023-3019 Use-after-free error in the e1000e NIC emulation. CVE-2023-5088 IDE guest I/O operation addressed to an arbitrary disk offset may potentially allow to overwrite the VM's boot code. CVE-2023-6693 Stack based buffer overflow in the virtio-net device emulation that may be exploited to cause information leak. CVE-2024-3447 Heap-based buffer overflow in SDHCI device emulation. For Debian 11 bullseye, these problems have been fixed in version 1:5.2+dfsg-11+deb11u4. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS


Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCaBJvnQAKCRAn3j1FEEiG 75XAAP0ZcBmOfiG0H1NUhA0wZ+72ECquZ8ekx1upOUCtIZKcbwD+MSGMc9+3UDJw uG0kwz+BJlfOnmvBs2/GfIXEB8ovtQ8= =Juqo -----END PGP SIGNATURE-----


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds