Red Hat Security Advisory 2019-2892-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include buffer overflow and null pointer vulnerabilities.
0fcbebe953b6c4aada1fd3c4b1308f4ee58c35bc19df6c3803aefe01b2e4c60a
Ubuntu Security Notice 3826-1 - Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
4e4c876bb878a34b2dd16b55e3b1d2a08ed115428511e04586ecb54058caa47b
Debian Linux Security Advisory 4338-1 - Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service.
3ee919b5ecb75492da066ae2c408500b9f95c2ae0828d39c6915d853e0f6a2af