Debian DSA-4733-1 : qemu - security update

medium Nessus Plugin ID 138914

Synopsis

The remote Debian host is missing a security-related update.

Description

It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.

Solution

Upgrade the qemu packages.

For the stable distribution (buster), this problem has been fixed in version 1:3.1+dfsg-8+deb10u7. In addition this update fixes a regression caused by the patch for CVE-2020-13754, which could lead to startup failures in some Xen setups.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964793

https://security-tracker.debian.org/tracker/CVE-2020-13754

https://security-tracker.debian.org/tracker/source-package/qemu

https://packages.debian.org/source/buster/qemu

https://www.debian.org/security/2020/dsa-4733

Plugin Details

Severity: Medium

ID: 138914

File Name: debian_DSA-4733.nasl

Version: 1.4

Type: local

Agent: unix

Published: 7/27/2020

Updated: 11/6/2020

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8608

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/24/2020

Vulnerability Publication Date: 2/6/2020

Reference Information

CVE: CVE-2020-8608

DSA: 4733

IAVB: 2020-B-0041-S