SB2018112121 - Debian update for qemu 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018112121

SB2018112121 - Debian update for qemu

Published: November 21, 2018 Updated: November 21, 2018

Security Bulletin ID SB2018112121
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2018-10839)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow when built with the NE2000 NIC emulation support. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


2) Buffer overflow (CVE-ID: CVE-2018-17962)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in pcnet_receive in hw/net/pcnet.c when an incorrect integer data type is used. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


3) Buffer overflow (CVE-ID: CVE-2018-17963)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow when qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


Remediation

Install update from vendor's website.

References