Debian DSA-4454-1 : qemu - security update

high Nessus Plugin ID 125609

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.

In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update shipped in DSA 4447 to x86-based guests.

Solution

Upgrade the qemu packages.

For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u6.

See Also

https://security-tracker.debian.org/tracker/source-package/qemu

https://packages.debian.org/source/stretch/qemu

https://www.debian.org/security/2019/dsa-4454

Plugin Details

Severity: High

ID: 125609

File Name: debian_DSA-4454.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/31/2019

Updated: 6/4/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qemu, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/30/2019

Vulnerability Publication Date: 6/13/2018

Reference Information

CVE: CVE-2018-11806, CVE-2018-12617, CVE-2018-16872, CVE-2018-17958, CVE-2018-18849, CVE-2018-18954, CVE-2018-19364, CVE-2018-19489, CVE-2019-12155, CVE-2019-3812, CVE-2019-6778, CVE-2019-9824

DSA: 4454