Detections
Analytics

Debian dla-3099 : qemu - security update

high Nessus Plugin ID 164678

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3099 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3099-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA September 05, 2022 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : qemu Version : 1:3.1+dfsg-8+deb10u9 CVE ID : CVE-2020-13253 CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29443 CVE-2020-35504 CVE-2020-35505 CVE-2021-3392 CVE-2021-3416 CVE-2021-3507 CVE-2021-3527 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207 CVE-2021-20181 CVE-2021-20196 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2022-26354 CVE-2022-35414

 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code.

 For Debian 10 buster, these problems have been fixed in version 1:3.1+dfsg-8+deb10u9.

 We recommend that you upgrade your qemu packages.

 For the detailed security status of qemu please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/qemu

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the qemu packages.

See Also

https://security-tracker.debian.org/tracker/source-package/qemu

https://security-tracker.debian.org/tracker/CVE-2020-13253

https://security-tracker.debian.org/tracker/CVE-2020-15469

https://security-tracker.debian.org/tracker/CVE-2020-15859

https://security-tracker.debian.org/tracker/CVE-2020-25084

https://security-tracker.debian.org/tracker/CVE-2020-25085

https://security-tracker.debian.org/tracker/CVE-2020-25624

https://security-tracker.debian.org/tracker/CVE-2020-25625

https://security-tracker.debian.org/tracker/CVE-2020-25723

https://security-tracker.debian.org/tracker/CVE-2020-27617

https://security-tracker.debian.org/tracker/CVE-2020-27821

https://security-tracker.debian.org/tracker/CVE-2020-28916

https://security-tracker.debian.org/tracker/CVE-2020-29129

https://security-tracker.debian.org/tracker/CVE-2020-29443

https://security-tracker.debian.org/tracker/CVE-2020-35504

https://security-tracker.debian.org/tracker/CVE-2020-35505

https://security-tracker.debian.org/tracker/CVE-2021-20181

https://security-tracker.debian.org/tracker/CVE-2021-20196

https://security-tracker.debian.org/tracker/CVE-2021-20203

https://security-tracker.debian.org/tracker/CVE-2021-20221

https://security-tracker.debian.org/tracker/CVE-2021-20257

https://security-tracker.debian.org/tracker/CVE-2021-3392

https://security-tracker.debian.org/tracker/CVE-2021-3416

https://security-tracker.debian.org/tracker/CVE-2021-3507

https://security-tracker.debian.org/tracker/CVE-2021-3527

https://security-tracker.debian.org/tracker/CVE-2021-3582

https://security-tracker.debian.org/tracker/CVE-2021-3607

https://security-tracker.debian.org/tracker/CVE-2021-3608

https://security-tracker.debian.org/tracker/CVE-2021-3682

https://security-tracker.debian.org/tracker/CVE-2021-3713

https://security-tracker.debian.org/tracker/CVE-2021-3748

https://security-tracker.debian.org/tracker/CVE-2021-3930

https://security-tracker.debian.org/tracker/CVE-2021-4206

https://security-tracker.debian.org/tracker/CVE-2021-4207

https://security-tracker.debian.org/tracker/CVE-2022-26354

https://security-tracker.debian.org/tracker/CVE-2022-35414

https://packages.debian.org/source/buster/qemu

Plugin Details

Severity: High

ID: 164678

File Name: debian_DLA-3099.nasl

Version: 1.6

Type: local

Agent: unix

Published: 9/5/2022

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3748

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-35414

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu-utils, p-cpe:/a:debian:debian_linux:qemu-system-x86, p-cpe:/a:debian:debian_linux:qemu-block-extra, p-cpe:/a:debian:debian_linux:qemu-system-gui, p-cpe:/a:debian:debian_linux:qemu-system-data, p-cpe:/a:debian:debian_linux:qemu-user, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:qemu-system-common, p-cpe:/a:debian:debian_linux:qemu-system-misc, p-cpe:/a:debian:debian_linux:qemu-system-mips, p-cpe:/a:debian:debian_linux:qemu-user-binfmt, p-cpe:/a:debian:debian_linux:qemu-user-static, p-cpe:/a:debian:debian_linux:qemu-kvm, p-cpe:/a:debian:debian_linux:qemu-guest-agent, p-cpe:/a:debian:debian_linux:qemu, p-cpe:/a:debian:debian_linux:qemu-system-sparc, p-cpe:/a:debian:debian_linux:qemu-system-arm, p-cpe:/a:debian:debian_linux:qemu-system, p-cpe:/a:debian:debian_linux:qemu-system-ppc

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/5/2022

Vulnerability Publication Date: 5/7/2020

Reference Information

CVE: CVE-2020-13253, CVE-2020-15469, CVE-2020-15859, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27617, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29443, CVE-2020-35504, CVE-2020-35505, CVE-2021-20181, CVE-2021-20196, CVE-2021-20203, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3416, CVE-2021-3507, CVE-2021-3527, CVE-2021-3582, CVE-2021-3607, CVE-2021-3608, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748, CVE-2021-3930, CVE-2021-4206, CVE-2021-4207, CVE-2022-26354, CVE-2022-35414

IAVB: 2020-B-0026-S, 2020-B-0041-S, 2020-B-0063-S, 2020-B-0075-S