UBUNTU-CVE-2019-9824

Details

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Affected Packages

Ubuntu:14.04:LTSqemu

Affected versions:

1.5.0+dfsg-3ubuntu51.5.0+dfsg-3ubuntu61.6.0+dfsg-2ubuntu11.6.0+dfsg-2ubuntu21.6.0+dfsg-2ubuntu31.6.0+dfsg-2ubuntu41.7.0+dfsg-2ubuntu11.7.0+dfsg-2ubuntu21.7.0+dfsg-2ubuntu31.7.0+dfsg-2ubuntu4+58 more

Fixed in:

2.0.0+dfsg-2ubuntu1.46

Ubuntu:16.04:LTSqemu

Affected versions:

1:2.3+dfsg-5ubuntu101:2.3+dfsg-5ubuntu91:2.4+dfsg-4ubuntu11:2.4+dfsg-4ubuntu21:2.4+dfsg-4ubuntu31:2.4+dfsg-5ubuntu31:2.5+dfsg-1ubuntu21:2.5+dfsg-1ubuntu31:2.5+dfsg-1ubuntu41:2.5+dfsg-1ubuntu5+37 more

Fixed in:

1:2.5+dfsg-5ubuntu10.38

Ubuntu:18.04:LTSqemu

Affected versions:

1:2.10+dfsg-0ubuntu31:2.10+dfsg-0ubuntu41:2.10+dfsg-0ubuntu51:2.11+dfsg-1ubuntu11:2.11+dfsg-1ubuntu21:2.11+dfsg-1ubuntu41:2.11+dfsg-1ubuntu51:2.11+dfsg-1ubuntu61:2.11+dfsg-1ubuntu71:2.11+dfsg-1ubuntu7.1+10 more

Fixed in:

1:2.11+dfsg-1ubuntu7.13

References

REPORThttps://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html REPORThttps://ubuntu.com/security/CVE-2019-9824 REPORThttps://ubuntu.com/security/notices/USN-3978-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2019-9824 REPORThttps://www.openwall.com/lists/oss-security/2019/03/18/1

UBUNTU-CVE-2019-9824

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline