Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3759-1:4DA3A
HistoryMar 11, 2024 - 5:27 p.m.

[SECURITY] [DLA 3759-1] qemu security update

2024-03-1117:27:07
lists.debian.org
18
qemu
vulnerabilities
debian 10 buster
security update

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Debian LTS Advisory DLA-3759-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
March 11, 2024 https://wiki.debian.org/LTS

Package : qemu
Version : 1:3.1+dfsg-8+deb10u12
CVE ID : CVE-2023-2861 CVE-2023-3354 CVE-2023-5088

Multiple vulnerabilities have been fixed in the machine emulator
and virtualizer QEMU.

CVE-2023-2861

9pfs did not prohibit opening special files on the host side

CVE-2023-3354

remote unauthenticated clients could cause denial of service in VNC server

CVE-2023-5088

IDE guest I/O operation addressed to an arbitrary disk offset might 
get targeted to offset 0 instead

For Debian 10 buster, these problems have been fixed in version
1:3.1+dfsg-8+deb10u12.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12s390xqemu-system-sparc-dbgsym< 1:7.2+dfsg-7+deb12u1qemu-system-sparc-dbgsym_1:7.2+dfsg-7+deb12u1_s390x.deb
Debian12armhfqemu-system-sparc-dbgsym< 1:7.2+dfsg-7+deb12u1qemu-system-sparc-dbgsym_1:7.2+dfsg-7+deb12u1_armhf.deb
Debian12arm64qemu-system-arm< 1:7.2+dfsg-7+deb12u1qemu-system-arm_1:7.2+dfsg-7+deb12u1_arm64.deb
Debian11i386qemu-guest-agent< 1:5.2+dfsg-11+deb11u3qemu-guest-agent_1:5.2+dfsg-11+deb11u3_i386.deb
Debian11mipselqemu-system-mips-dbgsym< 1:5.2+dfsg-11+deb11u3qemu-system-mips-dbgsym_1:5.2+dfsg-11+deb11u3_mipsel.deb
Debian12arm64qemu-system-arm-dbgsym< 1:7.2+dfsg-7+deb12u2qemu-system-arm-dbgsym_1:7.2+dfsg-7+deb12u2_arm64.deb
Debian12mips64elqemu-system-common-dbgsym< 1:7.2+dfsg-7+deb12u1qemu-system-common-dbgsym_1:7.2+dfsg-7+deb12u1_mips64el.deb
Debian11armhfqemu-system-x86-dbgsym< 1:5.2+dfsg-11+deb11u3qemu-system-x86-dbgsym_1:5.2+dfsg-11+deb11u3_armhf.deb
Debian12amd64qemu-system-ppc-dbgsym< 1:7.2+dfsg-7+deb12u2qemu-system-ppc-dbgsym_1:7.2+dfsg-7+deb12u2_amd64.deb
Debian12amd64qemu-system-common-dbgsym< 1:7.2+dfsg-7+deb12u3qemu-system-common-dbgsym_1:7.2+dfsg-7+deb12u3_amd64.deb
Rows per page:
1-10 of 11511

Related

osv 14
nessus 60
openvas 29
veracode 3
redos 3
alpinelinux 3
cvelist 3
ubuntucve 3
redhatcve 3
cbl_mariner 3
almalinux 3
prion 3
cve 3
nvd 3
debiancve 3
oraclelinux 8
vulnrichment 1
redhat 11
amazon 2
ubuntu 2
fedora 1
rocky 2
mageia 1
gentoo 1
ics 1
osv
osv
qemu - security update
2024-03-11 00:00:00
CVE-2023-5088
2023-11-03 14:15:08
CVE-2023-3354
2023-07-11 17:15:13
nessus
nessus
Debian dla-3759 : qemu - security update
2024-03-11 00:00:00
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2023-2999)
2024-01-16 00:00:00
EulerOS Virtualization 3.0.6.0 : qemu (EulerOS-SA-2024-1711)
2024-05-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3759-1)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-2999)
2023-10-13 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-1711)
2024-05-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-08-13 19:55:03
Buffer Overflows
2023-11-05 01:08:24
Improper Access Control
2023-07-09 23:31:15
redos
redos
ROS-20230825-05
2023-08-25 00:00:00
ROS-20240401-01
2024-04-01 00:00:00
ROS-20240611-14
2024-06-11 00:00:00
alpinelinux
alpinelinux
CVE-2023-5088
2023-11-03 14:15:08
CVE-2023-3354
2023-07-11 17:15:13
CVE-2023-2861
2023-12-06 07:15:41
cvelist
cvelist
CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite
2023-11-03 13:58:50
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
2023-07-11 16:16:56
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
2023-12-06 06:19:40
ubuntucve
ubuntucve
CVE-2023-5088
2023-11-03 00:00:00
CVE-2023-3354
2023-07-11 00:00:00
CVE-2023-2861
2023-06-30 00:00:00
redhatcve
redhatcve
CVE-2023-3354
2023-06-28 11:17:06
CVE-2023-5088
2023-10-31 23:29:28
CVE-2023-2861
2023-07-03 08:17:16
cbl_mariner
cbl_mariner
CVE-2023-3354 affecting package qemu for versions less than 6.2.0-19
2023-11-28 22:14:06
CVE-2023-3354 affecting package qemu for versions less than 8.2.0-1
2024-03-19 17:21:46
CVE-2023-2861 affecting package qemu for versions less than 8.2.0-1
2024-03-19 17:21:46
almalinux
almalinux
Important: qemu-kvm security and bug fix update
2023-09-12 00:00:00
Important: virt:rhel and virt-devel:rhel security and bug fix update
2023-09-19 00:00:00
Moderate: qemu-kvm security update
2024-04-30 00:00:00
prion
prion
Null pointer dereference
2023-07-11 17:15:00
Code injection
2023-11-03 14:15:00
Design/Logic Flaw
2023-12-06 07:15:00
cve
cve
CVE-2023-5088
2023-11-03 14:15:08
CVE-2023-3354
2023-07-11 17:15:13
CVE-2023-2861
2023-12-06 07:15:41
nvd
nvd
CVE-2023-5088
2023-11-03 14:15:08
CVE-2023-3354
2023-07-11 17:15:13
CVE-2023-2861
2023-12-06 07:15:41
debiancve
debiancve
CVE-2023-3354
2023-07-11 17:15:13
CVE-2023-2861
2023-12-06 07:15:41
CVE-2023-5088
2023-11-03 14:15:08
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2023-09-13 00:00:00
virt:ol and virt-devel:rhel security and bug fix update
2023-09-21 00:00:00
virt:ol and virt-devel:rhel security and enhancement update
2024-05-24 00:00:00
vulnrichment
vulnrichment
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
2023-12-06 06:19:40
redhat
redhat
(RHSA-2023:6227) Important: qemu-kvm security update
2023-11-01 08:58:37
(RHSA-2023:5094) Important: qemu-kvm security and bug fix update
2023-09-12 07:46:21
(RHSA-2023:5264) Important: virt:rhel and virt-devel:rhel security and bug fix update
2023-09-19 12:38:43
amazon
amazon
Medium: qemu
2023-11-09 19:19:00
Medium: qemu
2023-07-17 17:40:00
ubuntu
ubuntu
QEMU vulnerabilities
2024-01-08 00:00:00
QEMU regression
2024-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38
2023-08-29 01:35:27
rocky
rocky
virt:rhel and virt-devel:rhel security and enhancement update
2024-06-14 13:59:30
qemu-kvm security update
2024-05-10 14:32:42
mageia
mageia
Updated xen, qemu and libvirt packages fix security vulnerabilities
2024-02-25 01:51:43
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2024-08-09 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON
Related for DEBIAN:DLA-3759-1:4DA3A
osv14nessus60openvas29veracode3redos3alpinelinux3cvelist3ubuntucve3redhatcve3cbl_mariner3almalinux3prion3cve3nvd3debiancve3oraclelinux8vulnrichment1redhat11amazon2ubuntu2fedora1rocky2mageia1gentoo1ics1