First published: Tue Feb 18 2020(Updated: )
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/qemu | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-arm | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-mips | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-ppc | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-s390x | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-sparc | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu-system-x86 | <1:4.0+dfsg-0ubuntu9.4 | 1:4.0+dfsg-0ubuntu9.4 |
=19.10 | ||
All of | ||
ubuntu/qemu | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-arm | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-mips | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-ppc | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-s390x | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-sparc | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu-system-x86 | <1:2.11+dfsg-1ubuntu7.23 | 1:2.11+dfsg-1ubuntu7.23 |
=18.04 | ||
All of | ||
ubuntu/qemu | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-aarch64 | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-arm | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-mips | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-ppc | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-s390x | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-sparc | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 | ||
All of | ||
ubuntu/qemu-system-x86 | <1:2.5+dfsg-5ubuntu10.43 | 1:2.5+dfsg-5ubuntu10.43 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID is CVE-2020-1711.
QEMU, qemu-system, qemu-system-arm, qemu-system-mips, qemu-system-ppc, qemu-system-s390x, qemu-system-sparc, qemu-system-x86 are affected by CVE-2020-1711.
CVE-2020-1711 could allow a remote attacker to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code.
Update to version 1:4.0+dfsg-0ubuntu9.4 for Ubuntu 19.10, version 1:2.11+dfsg-1ubuntu7.23 for Ubuntu 18.04, or version 1:2.5+dfsg-5ubuntu10.43 for Ubuntu 16.04.
You can find more information about CVE-2020-1711 at the following references: [1], [2].