Debian LTS Advisory ([SECURITY] [DLA 1129-1] qemu security update)

Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-14167 Incorrect validation of multiboot headers could result in the execution of arbitrary code. CVE-2017-15038 When using 9pfs qemu-kvm is vulnerable to an information disclosure issue. It could occur while accessing extended attributes of a file due to a race condition. This could be used to disclose heap memory contents of the host.

qemu on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u24. We recommend that you upgrade your qemu packages.