USN-4283-1: QEMU vulnerabilities
USN-4283-1: QEMU vulnerabilities qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in QEMU. Software Description qemu – Machine emulator and virtualizer Details Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 [ more… ]