Several security issues were fixed in QEMU ...
Several vulnerabilities were discovered in qemu, a fast processor
emulator
CVE-2015-3214
Matt Tait of Google's Project Zero security team discovered a flaw
in the QEMU i8254 PIT emulation A privileged guest user in a guest
with QEMU PIT emulation enabled could potentially use this flaw to
execute arbitrary code on the host with t ...
Debian Bug report logs -
#794611
qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Aug 2015 20:27:02 UTC
Severity: important
...
Debian Bug report logs -
#793811
qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 27 Jul 2015 18:12:02 UTC
Severity: g ...
Debian Bug report logs -
#795461
qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 14 Aug 2015 08:12:10 UTC
Severi ...
Debian Bug report logs -
#793388
qemu: CVE-2015-5158: scsi stack buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 23 Jul 2015 15:06:03 UTC
Severity: important
Tags: patch, security, ...
Debian Bug report logs -
#794610
qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Aug 2015 20:24:02 UTC
Severi ...
Debian Bug report logs -
#795087
qemu: CVE-2015-5745: buffer overflow in virtio-serial
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 10 Aug 2015 13:24:06 UTC
Severity: normal
Tags: fixed-upstrea ...
Debian Bug report logs -
#796465
qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 21 Aug 2015 22:12:02 UTC
Severit ...
A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbit ...