Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information disclosure
The oldstable distribution (wheezy) will be updated in a separate DSA
For the stable distribution (jessie), these problems have been fixed in
version 441-9+deb8u4
For the unstable distribution (sid), thes ...
Several vulnerabilities were discovered in qemu, a full virtualization
solution on x86 hardware
CVE-2015-7295
Jason Wang of Red Hat Inc discovered that the Virtual Network
Device support is vulnerable to denial-of-service, that could
occur when receiving large packets
CVE-2015-7504
Qinghao Tang of Qihoo 360 Inc and Ling Liu of ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in QEMU ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability ...
Debian Bug report logs -
#809229
CVE-2015-8550: xen: unsafe access to shared memory
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 14:48:02 UTC
Severity: important
Tags: fixed-upstream, patch ...
Debian Bug report logs -
#810527
qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 9 Jan 2016 14:51:01 UTC
Severity: ...
Debian Bug report logs -
#808293
Regression in short UDP reads caused by "net: Fix skb csum races when peeking"
Package:
src:linux;
Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>;
Affects: freeradius
Reported by: Francesco Politi <fpoliti@micsoit>
Date: Fri, 18 Dec 2015 12:09:01 UTC
...
Debian Bug report logs -
#808145
CVE-2015-8567 CVE-2015-8568: qemu-system: net: vmxnet3: host memory leakage
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 13:18:02 UTC
Severity: important
Ta ...
Debian Bug report logs -
#806373
qemu: CVE-2015-8345: net: eepro100: infinite loop in processing command block list
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 26 Nov 2015 18:18:02 UTC
Severity: im ...
Debian Bug report logs -
#809237
CVE-2015-8619: hmp: stack based OOB write in hmp_sendkey routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 15:30:02 UTC
Severity: important
Tags: patch, ...
Debian Bug report logs -
#811201
qemu: CVE-2016-1922: i386: null pointer dereference in vapic_write()
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Jan 2016 18:54:02 UTC
Severity: important
T ...
Debian Bug report logs -
#806742
qemu: CVE-2015-7504: net: pcnet: heap overflow vulnerability in pcnet_receive
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 30 Nov 2015 18:06:01 UTC
Severity: im ...
Debian Bug report logs -
#812307
CVE-2016-1981: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 22 Jan 2016 06:00:02 UTC
Sever ...
Debian Bug report logs -
#810519
qemu: CVE-2015-8743: net: ne2000: OOB r/w in ioport operations
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 9 Jan 2016 13:30:01 UTC
Severity: important
Tags: s ...
Debian Bug report logs -
#809232
CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 15:12:01 UTC
Severity: important
Tags ...
Debian Bug report logs -
#823620
Multiple security issues
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 6 May 2016 18:03:02 UTC
Severity: grave
Tags: security
Fixed in versions xen/480~rc3-1, xen/48 ...
Debian Bug report logs -
#808131
CVE-2015-7549: msi-x null-pointer dereference issue in qemu-system
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 11:03:06 UTC
Severity: important
Tags: fixed ...
Debian Bug report logs -
#808130
CVE-2015-8504: vnc floating point exception
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 11:03:02 UTC
Severity: serious
Tags: fixed-upstream, patch, securit ...
Debian Bug report logs -
#806741
qemu: CVE-2015-7512: net: pcnet: buffer overflow in non-loopback mode
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 30 Nov 2015 18:03:02 UTC
Severity: important
...
Debian Bug report logs -
#808144
CVE-2015-8558: usb: infinite loop in ehci_advance_state results in DoS
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 13:09:02 UTC
Severity: important
Tags: f ...