Debian alert DLA-2090-1 (qemu)

From:
             
 
Utkarsh Gupta <utkarsh@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2090-1] qemu security update 
Date:
             
 
Fri, 31 Jan 2020 02:14:40 +0100
Message-ID:
             
 
<21bbce0f-fcfc-833e-8816-c2c4273c72b2@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : qemu
Version        : 1:2.1+dfsg-12+deb8u13
CVE ID         : CVE-2020-7039
Debian Bug     : 949085


tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag
es
memory, as demonstrated by IRC DCC commands in EMU_IRC.
This can cause a heap-based buffer overflow or other out-of-bounds acces
s
which can lead to a DoS or potential execute arbitrary code.

For Debian 8 "Jessie", this problem has been fixed in version
1:2.1+dfsg-12+deb8u13.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl4zf3oACgkQgj6WdgbD
S5a+lA//dP1jvG/zMvusgDGZ7kQpFMz8ZOqMRrVso8NfpfgvL2x3YFO3F3i5SrgT
bepEOSQX/v0A/VnbN06M0vmLxTxIyVnuZ+einGSxhdikc6o6KC3pNHTMi6h2GmIu
AXgqFGaOZSLu5mQ6MUzItbQIC8MGXY5WxgSaBbEECe3uX3tu4Wn+PhbDCnmPwj6n
fKFkL6B7JHhQvLHk6PiDzDu6yzYMpOuW+kf4EcwS8KqsgxrMIWTDCvNS+wTEaX88
AuWn/qLl3QhHRdAd5IBoooIVc4aJz2ExE4/8ILtPIDqV1c17b4pTSANu0G5PxirQ
Pt6gLP/c21fYlkVzZ0MNM15GptfCpPStKFlWOudMkgH5hDj6Y6q1wTQTRSgTS7Jk
4uYeCWU5DP9EJnHSzJBYpvBwpo6pLw3w9qIdXD9nuKbIF/JF02iO3Z3mfJ4UV8JQ
nXX1HqWr1vbsvw9oiyMksPLWU9NLe3L2mcE3TqzEm7Qq/c4FY07tJ5DVgwlRRDXb
vyFS0k1BR3liA1/yslUoLaeOy5DMLYUwDsgnjV1rZsw0KuXYNr6y9pMkUv2Vrh9/
BozSbEsZ+hEmx44AYXY+EZdxiLEqlAUv6p8S0Ouz2Edb738D67gPKMnsSVaoO/Ui
0ed98xOlqTem2WAkJ9ONIL61zAsE5fCyE6p1FKwGbu/LEGVfwTk=
=uhdP
-----END PGP SIGNATURE-----