Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Several security issues were fixed in QEMU ...
Integer overflows in the processing of packets in network cards emulated
by QEMU, a fast processor emulator, could result in denial of service
In addition this update backports support to passthrough the new CPU
features added in the intel-microcode update shipped in DSA 4273 to
x86-based guests
For the stable distribution (stretch), these proble ...
An integer overflow issue was found in the NE200 NIC emulation It could occur while receiving packets from the network, if the size value was greater than INT_MAX Such overflow would lead to stack buffer overflow issue A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario ...
Debian Bug report logs -
#911470
qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:51:02 UTC
...
Debian Bug report logs -
#915884
qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 7 Dec 2018 ...
Debian Bug report logs -
#902725
CVE-2018-12617
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 29 Jun 2018 21:09:06 UTC
Severity: important
Tags: security
Found in version qemu/1:212+dfsg-3
Fixed in ...
Debian Bug report logs -
#911499
qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 21:15:01 UTC
Severity: import ...
Debian Bug report logs -
#914604
qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:48:01 UTC
Severity: i ...
Debian Bug report logs -
#911468
qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:03 UTC
Severity: grave
Tag ...
Debian Bug report logs -
#914727
qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 26 Nov 2018 18:21:01 UTC
Severity: import ...
Debian Bug report logs -
#910431
qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 6 Oct 2018 07:42:02 UTC
Severity: grave
Tags ...
Debian Bug report logs -
#907500
qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 28 Aug 2018 19:57:04 UTC
Severity: important ...
Debian Bug report logs -
#912535
qemu: CVE-2018-18849
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 1 Nov 2018 07:18:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version ...
Debian Bug report logs -
#911469
qemu: CVE-2018-17963: net: ignore packets with large size
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:07 UTC
Severity: grave
Tags: security, ...
Debian Bug report logs -
#914599
qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:09:01 UTC
Severit ...
Debian Bug report logs -
#901017
qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 8 Jun 2018 03:42:01 UTC
...
Vulmon