Debian Security Advisory
DSA-3925-1 qemu -- security update
- Date Reported:
- 04 Aug 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 865755, Bug 869171, Bug 869173, Bug 867751, Bug 869945.
In Mitre's CVE dictionary: CVE-2017-9524, CVE-2017-10806, CVE-2017-11334, CVE-2017-11434.
- More information:
Multiple vulnerabilities were found in qemu, a fast processor emulator:
Denial of service in qemu-nbd server
Buffer overflow in USB redirector
Out-of-band memory access in DMA operations
Out-of-band memory access in SLIRP/DHCP
For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u2.
We recommend that you upgrade your qemu packages.