Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.892373 |
Category: | Debian Local Security Checks |
Title: | Debian LTS: Security Advisory for qemu (DLA-2373-1) |
Summary: | The remote host is missing an update for the 'qemu'; package(s) announced via the DLA-2373-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'qemu' package(s) announced via the DLA-2373-1 advisory. Vulnerability Insight: The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code. CVE-2020-1711 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. CVE-2020-13253 An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent 'address' which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS. CVE-2020-14364 An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in, out} routines. CVE-2020-16092 An assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c Affected Software/OS: 'qemu' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u11. We recommend that you upgrade your qemu packages. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-1711 https://security.gentoo.org/glsa/202005-02 https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html https://www.openwall.com/lists/oss-security/2020/01/23/3 https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html RedHat Security Advisories: RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0669 RedHat Security Advisories: RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730 RedHat Security Advisories: RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0731 RedHat Security Advisories: RHSA-2020:0773 https://access.redhat.com/errata/RHSA-2020:0773 SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/4283-1/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |