Lucene search

DebianDEBIAN:DLA-1128-1:0ED63

HistoryOct 08, 2017 - 4:45 p.m.

[SECURITY] [DLA 1128-1] qemu-kvm security update

2017-10-0816:45:42

lists.debian.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Package : qemu-kvm
Version : 1.1.2+dfsg-6+deb7u24
CVE ID : CVE-2017-14167 CVE-2017-15038

Multiple vulnerabilities were discovered in qemu-kvm, a full
virtualization solution for Linux hosts on x86 hardware with x86 guests
based on the Quick Emulator(Qemu).

CVE-2017-14167

Incorrect validation of multiboot headers could result in the
execution of arbitrary code.

CVE-2017-15038

When using 9pfs qemu-kvm is vulnerable to an information
disclosure issue. It could occur while accessing extended attributes
of a file due to a race condition. This could be used to disclose
heap memory contents of the host.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.2+dfsg-6+deb7u24.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8amd64qemu-user< 1:2.1+dfsg-12+deb8u7qemu-user_1:2.1+dfsg-12+deb8u7_amd64.deb
Debian9mipselqemu-user-binfmt< 1:2.8+dfsg-6+deb9u4qemu-user-binfmt_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian7i386qemu-utils< 1.1.2+dfsg-6+deb7u24qemu-utils_1.1.2+dfsg-6+deb7u24_i386.deb
Debian9arm64qemu-system-sparc< 1:2.8+dfsg-6+deb9u4qemu-system-sparc_1:2.8+dfsg-6+deb9u4_arm64.deb
Debian9mipselqemu-system-common-dbgsym< 1:2.8+dfsg-6+deb9u4qemu-system-common-dbgsym_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian9arm64qemu-user-static< 1:2.8+dfsg-6+deb9u4qemu-user-static_1:2.8+dfsg-6+deb9u4_arm64.deb
Debian9ppc64elqemu-system-mips< 1:2.8+dfsg-6+deb9u4qemu-system-mips_1:2.8+dfsg-6+deb9u4_ppc64el.deb
Debian8i386qemu-user-static< 1:2.1+dfsg-12+deb8u7qemu-user-static_1:2.1+dfsg-12+deb8u7_i386.deb
Debian9mips64elqemu-guest-agent< 1:2.8+dfsg-6+deb9u4qemu-guest-agent_1:2.8+dfsg-6+deb9u4_mips64el.deb
Debian8i386qemu-system-sparc< 1:2.1+dfsg-12+deb8u7qemu-system-sparc_1:2.1+dfsg-12+deb8u7_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	qemu-user	< 1:2.1+dfsg-12+deb8u7	qemu-user_1:2.1+dfsg-12+deb8u7_amd64.deb
Debian	9	mipsel	qemu-user-binfmt	< 1:2.8+dfsg-6+deb9u4	qemu-user-binfmt_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian	7	i386	qemu-utils	< 1.1.2+dfsg-6+deb7u24	qemu-utils_1.1.2+dfsg-6+deb7u24_i386.deb
Debian	9	arm64	qemu-system-sparc	< 1:2.8+dfsg-6+deb9u4	qemu-system-sparc_1:2.8+dfsg-6+deb9u4_arm64.deb
Debian	9	mipsel	qemu-system-common-dbgsym	< 1:2.8+dfsg-6+deb9u4	qemu-system-common-dbgsym_1:2.8+dfsg-6+deb9u4_mipsel.deb
Debian	9	arm64	qemu-user-static	< 1:2.8+dfsg-6+deb9u4	qemu-user-static_1:2.8+dfsg-6+deb9u4_arm64.deb
Debian	9	ppc64el	qemu-system-mips	< 1:2.8+dfsg-6+deb9u4	qemu-system-mips_1:2.8+dfsg-6+deb9u4_ppc64el.deb
Debian	8	i386	qemu-user-static	< 1:2.1+dfsg-12+deb8u7	qemu-user-static_1:2.1+dfsg-12+deb8u7_i386.deb
Debian	9	mips64el	qemu-guest-agent	< 1:2.8+dfsg-6+deb9u4	qemu-guest-agent_1:2.8+dfsg-6+deb9u4_mips64el.deb
Debian	8	i386	qemu-system-sparc	< 1:2.1+dfsg-12+deb8u7	qemu-system-sparc_1:2.1+dfsg-12+deb8u7_i386.deb