Synopsis
Moderate: qemu-kvm security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Several security issues were fixed in QEMU ...
Several vulnerabilities were discovered in qemu, a full virtualization
solution on x86 hardware
CVE-2015-7295
Jason Wang of Red Hat Inc discovered that the Virtual Network
Device support is vulnerable to denial-of-service, that could
occur when receiving large packets
CVE-2015-7504
Qinghao Tang of Qihoo 360 Inc and Ling Liu of ...
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware
CVE-2015-7295
Jason Wang of Red Hat Inc discovered that the Virtual Network
Device support is vulnerable to denial-of-service (via resource
exhaustion), that could occur when receiving large packets
CVE-2015-7504
Qinghao Tang of Q ...
An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions A privileged user inside a guest could use this flaw to crash the QEMU instance ...
Debian Bug report logs -
#808131
CVE-2015-7549: msi-x null-pointer dereference issue in qemu-system
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 11:03:06 UTC
Severity: important
Tags: fixed ...
Debian Bug report logs -
#810519
qemu: CVE-2015-8743: net: ne2000: OOB r/w in ioport operations
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 9 Jan 2016 13:30:01 UTC
Severity: important
Tags: s ...
Debian Bug report logs -
#809232
CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 15:12:01 UTC
Severity: important
Tags ...
Debian Bug report logs -
#808130
CVE-2015-8504: vnc floating point exception
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 11:03:02 UTC
Severity: serious
Tags: fixed-upstream, patch, securit ...
Debian Bug report logs -
#806741
qemu: CVE-2015-7512: net: pcnet: buffer overflow in non-loopback mode
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 30 Nov 2015 18:03:02 UTC
Severity: important
...
Debian Bug report logs -
#811201
qemu: CVE-2016-1922: i386: null pointer dereference in vapic_write()
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 16 Jan 2016 18:54:02 UTC
Severity: important
T ...
Debian Bug report logs -
#806742
qemu: CVE-2015-7504: net: pcnet: heap overflow vulnerability in pcnet_receive
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 30 Nov 2015 18:06:01 UTC
Severity: im ...
Debian Bug report logs -
#806373
qemu: CVE-2015-8345: net: eepro100: infinite loop in processing command block list
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 26 Nov 2015 18:18:02 UTC
Severity: im ...
Debian Bug report logs -
#809229
CVE-2015-8550: xen: unsafe access to shared memory
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 14:48:02 UTC
Severity: important
Tags: fixed-upstream, patch ...
Debian Bug report logs -
#808145
CVE-2015-8567 CVE-2015-8568: qemu-system: net: vmxnet3: host memory leakage
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 13:18:02 UTC
Severity: important
Ta ...
Debian Bug report logs -
#810527
qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 9 Jan 2016 14:51:01 UTC
Severity: ...
Debian Bug report logs -
#812307
CVE-2016-1981: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 22 Jan 2016 06:00:02 UTC
Sever ...
Debian Bug report logs -
#808144
CVE-2015-8558: usb: infinite loop in ehci_advance_state results in DoS
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Wed, 16 Dec 2015 13:09:02 UTC
Severity: important
Tags: f ...
Debian Bug report logs -
#809237
CVE-2015-8619: hmp: stack based OOB write in hmp_sendkey routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Mon, 28 Dec 2015 15:30:02 UTC
Severity: important
Tags: patch, ...