Lucene search

K
debianDebianDEBIAN:DSA-4980-1:E965D
HistoryOct 03, 2021 - 6:26 p.m.

[SECURITY] [DSA 4980-1] qemu security update

2021-10-0318:26:45
lists.debian.org
53
qemu
security update
denial of service
arbitrary code
cve-2021-3544
cve-2021-3545
cve-2021-3546
cve-2021-3638
cve-2021-3682
cve-2021-3713
cve-2021-3748
debian bug 988174
debian bug 989042
debian bug 991911
debian bug 992726
debian bug 992727
debian bug 993401
bullseye distribution.

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

71.3%


Debian Security Advisory DSA-4980-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 03, 2021 https://www.debian.org/security/faq


Package : qemu
CVE ID : CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3638
CVE-2021-3682 CVE-2021-3713 CVE-2021-3748
Debian Bug : 988174 989042 991911 992726 992727 993401

Multiple security issues were discovered in QEMU, a fast processor
emulator, which could result in denial of service or the the execution
of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in
version 1:5.2+dfsg-11+deb11u1.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

71.3%