-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4338-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2018-10839 CVE-2018-17962 CVE-2018-17963 Debian Bug : 908682 910431 911468 911469 Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests. For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u5. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvobXQACgkQEMKTtsN8 Tja8oRAAoCobtSQUeeX3J/w/+6xgkjqjlJJVJX1UDljdaYbTZGXJH825fLnHVQ4e RlNhnbxtMJyFS13MHKMf0IOrowzVBfkKcyQFe7KuUktkDAs9rWcKT2Z6YS3jNDpU vOGZ4MJLf/VRJSTFPQSzHfdkfpJKBDncgM25a77k9z8j43c9SDHIp0g3+eLNGw74 a+Hbq9Q/Jk8dFTvfcerdbY15ihutpPJumNcXtyZZsRXICV65ERSOaeRFz+UPrXoe fF2RtG29KIflDp6v+T4D9jeTh80YNd8DtLi6el+OeaDq3ZhEfMg1A+LhA9jz73Ak 2yGhXqSYhX6hbSJuD7TDJbzm7Dd74PCKala8MdpWaACtKRNhUtfx5R41X0pWQP2K 1CnQGeHqN9vyGP+7CU5AzAyuu5rz8v1O41efdIliL0HwB4pPueHeQT3N797fAumN v4gos7D7fyVhj5geUlkkPH0trb8doaHxMKOVQ5g9qMMsGOLM2Y6tPD1BloRyqNrM MPEWuOjO6uVz1kD8U7kN4LyeVmck5hE9hmLgxTJKIGdDIT6V+w00Uz+Gmzrk+8ys lm80EexBE64gMtTNmPXufPkjsiFlwlLkh2St+WnhwY0/tUYiLU2QBA/cTaw4opyX 9U9qFVIQE6cgKjNa10fLfuEbLK9rzQJgt9ty7S7utajRXM5Izcc=q2tu -----END PGP SIGNATURE-----