Synopsis
Important: kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for kvm is now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Several security issues were fixed in QEMU ...
Several vulnerabilities were discovered in qemu, a fast processor
emulator
CVE-2016-3710
Wei Xiao and Qinghao Tang of 360cn Inc discovered an out-of-bounds
read and write flaw in the QEMU VGA module A privileged guest user
could use this flaw to execute arbitrary code on the host with the
privileges of the hosting QEMU process
...
Debian Bug report logs -
#815680
qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 23 Feb 2016 16:54:02 UTC
Severit ...
Debian Bug report logs -
#813194
CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Sat, 30 Jan 2016 11:30:01 UTC
Severity: important
T ...
Debian Bug report logs -
#821038
qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 14 Apr 2016 21:18:05 UTC
Severity: important
T ...
Debian Bug report logs -
#815008
qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 17 Feb 2016 16:42:01 UTC
...
Debian Bug report logs -
#817181
qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 8 Mar 2016 19:18:02 UTC
Severity: important
Tags ...
Debian Bug report logs -
#817183
qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 8 Mar 2016 19:21:02 UTC
Se ...
Debian Bug report logs -
#815009
qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 17 Feb 2016 16:42:06 UTC
Se ...
Debian Bug report logs -
#822344
qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 23 Apr 2016 17:27:01 UTC
Sever ...
Debian Bug report logs -
#817182
qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 8 Mar 2016 19:18:06 UTC
Severity: important ...
Debian Bug report logs -
#813193
CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Michael Tokarev <mjt@tlsmskru>
Date: Sat, 30 Jan 2016 11:24:01 UTC
Severity: important
Tags: pat ...
Debian Bug report logs -
#823830
qemu: CVE-2016-3710 CVE-2016-3712
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 9 May 2016 12:27:02 UTC
Severity: grave
Tags: security, upstream
Found in versi ...
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration) or an attacker on the management network to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and includin ...