it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4338-1] qemu security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4338-1] qemu security update
Date: Sun, 11 Nov 2018 17:59:48 +0000
List-archive: https://lists.debian.org/msgid-search/20181111175947.l6624o5btmfh7gjf AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 11 Nov 2018 18:00:13 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <ULF2pbxkUsI.A.9xF.t4G6bB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4338-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 11, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2018-10839 CVE-2018-17962 CVE-2018-17963
Debian Bug : 908682 910431 911468 911469

Integer overflows in the processing of packets in network cards emulated
by QEMU, a fast processor emulator, could result in denial of service.

In addition this update backports support to passthrough the new CPU
features added in the intel-microcode update shipped in DSA 4273 to
x86-based guests.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u5.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvobXQACgkQEMKTtsN8
Tja8oRAAoCobtSQUeeX3J/w/+6xgkjqjlJJVJX1UDljdaYbTZGXJH825fLnHVQ4e
RlNhnbxtMJyFS13MHKMf0IOrowzVBfkKcyQFe7KuUktkDAs9rWcKT2Z6YS3jNDpU
vOGZ4MJLf/VRJSTFPQSzHfdkfpJKBDncgM25a77k9z8j43c9SDHIp0g3+eLNGw74
a+Hbq9Q/Jk8dFTvfcerdbY15ihutpPJumNcXtyZZsRXICV65ERSOaeRFz+UPrXoe
fF2RtG29KIflDp6v+T4D9jeTh80YNd8DtLi6el+OeaDq3ZhEfMg1A+LhA9jz73Ak
2yGhXqSYhX6hbSJuD7TDJbzm7Dd74PCKala8MdpWaACtKRNhUtfx5R41X0pWQP2K
1CnQGeHqN9vyGP+7CU5AzAyuu5rz8v1O41efdIliL0HwB4pPueHeQT3N797fAumN
v4gos7D7fyVhj5geUlkkPH0trb8doaHxMKOVQ5g9qMMsGOLM2Y6tPD1BloRyqNrM
MPEWuOjO6uVz1kD8U7kN4LyeVmck5hE9hmLgxTJKIGdDIT6V+w00Uz+Gmzrk+8ys
lm80EexBE64gMtTNmPXufPkjsiFlwlLkh2St+WnhwY0/tUYiLU2QBA/cTaw4opyX
9U9qFVIQE6cgKjNa10fLfuEbLK9rzQJgt9ty7S7utajRXM5Izcc=
=q2tu
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4338-1] qemu security update, Moritz Muehlenhoff, 11.11.2018

Archiv bereitgestellt durch MHonArc 2.6.19.