Synopsis
Moderate: qemu-kvm security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Several security issues were fixed in QEMU ...
An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests The flaw could occur while accessing TPR A privileged user inside a guest could use this issue to read portions of the host memory ...
Debian Bug report logs -
#821062
qemu: CVE-2016-4020: i386: leakage of stack memory to guest in kvmvapicc
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 15 Apr 2016 04:57:01 UTC
Severity: import ...
Debian Bug report logs -
#825207
qemu: CVE-2016-4964: scsi: mptsas infinite loop in mptsas_fetch_requests
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 24 May 2016 14:42:01 UTC
Severity: importa ...
Debian Bug report logs -
#821061
qemu: CVE-2016-4002: net: buffer overflow in MIPSnet emulator
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 15 Apr 2016 04:12:02 UTC
Severity: important
Tags: pa ...
Debian Bug report logs -
#826151
qemu: CVE-2016-5126: block: iscsi: buffer overflow in iscsi_aio_ioctl
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 2 Jun 2016 18:45:02 UTC
Severity: important
...
Debian Bug report logs -
#825210
qemu: CVE-2016-4952: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 24 May 2016 15:00 ...
Debian Bug report logs -
#825616
qemu: CVE-2016-5107: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 28 May 2016 07:54:02 UTC
...
Debian Bug report logs -
#825614
qemu: CVE-2016-5105: scsi: megasas: stack information leakage while reading configuration
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 28 May 2016 07:51:02 UTC
...
Debian Bug report logs -
#827026
qemu: CVE-2016-5337: scsi: megasas: information leakage in megasas_ctrl_get_info
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 11 Jun 2016 10:15:01 UTC
Severity: ...
Debian Bug report logs -
#827024
qemu: CVE-2016-5338: scsi: esp: OOB r/w access while processing ESP_FIFO
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 11 Jun 2016 10:12:02 UTC
Severity: normal
...
Debian Bug report logs -
#824856
qemu: CVE-2016-4439 CVE-2016-4441
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 20 May 2016 13:21:07 UTC
Severity: important
Tags: patch, security, upstream
Fou ...
Debian Bug report logs -
#825615
qemu: CVE-2016-5106: scsi: megasas: out-of-bounds write while setting controller properties
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 28 May 2016 07:51:09 UTC ...
Vulmon