| Package | qemu |
|---|---|
| Version | 1:2.8+dfsg-6+deb9u19 (stretch) |
| Related CVEs | CVE-2020-14394 CVE-2023-0330 CVE-2023-2861 CVE-2023-3180 CVE-2023-3354 CVE-2023-5088 |
Multiple vulnerabilities have been fixed in the machine emulator and virtualizer QEMU.
CVE-2020-14394
infinite loop in the USB xHCI controller emulation
CVE-2023-0330
reentrancy issues in the LSI controller
CVE-2023-2861
9pfs did not prohibit opening special files on the host side
CVE-2023-3180
heap buffer overflow in the virtual crypto device
CVE-2023-3354
remote unauthenticated clients could cause denial of service in VNC server
CVE-2023-5088
IDE guest I/O operation addressed to an arbitrary disk offset might get targeted to offset 0 instead
For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u19.
We recommend that you upgrade your qemu packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.