Several security issues were fixed in QEMU ...
Several security issues were fixed in QEMU ...
Qemu before version 29 is vulnerable to an improper link following when built with the VirtFS A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host ...
Debian Bug report logs -
#856969
qemu: CVE-2017-6505: infinite loop issue in ohci_service_ed_list
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 6 Mar 2017 18:51:01 UTC
Severity: normal
Tags: pa ...
Debian Bug report logs -
#861348
qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 27 Apr 2017 19:45:02 UTC
Severity: normal
Tags: ...
Debian Bug report logs -
#859854
qemu: CVE-2017-7377
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 7 Apr 2017 19:48:02 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
F ...
Debian Bug report logs -
#857744
qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 14 Mar 2017 16:15:01 UTC
Severity: grave
Tags: ...
Debian Bug report logs -
#855616
qemu: CVE-2017-6058: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 20 Feb 2017 19:51:01 UTC
...
Debian Bug report logs -
#854731
qemu: CVE-2017-2615
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 9 Feb 2017 22:45:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in vers ...
Debian Bug report logs -
#854730
CVE-2017-5931
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 9 Feb 2017 22:42:04 UTC
Severity: important
Tags: security
Fixed in version qemu/1:28+dfsg-3
Done: Mic ...
Debian Bug report logs -
#855227
qemu: CVE-2017-2630: nbd: oob stack write in client routine drop_sync
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 15 Feb 2017 18:21:01 UTC
Severity: grave
Tags ...
Debian Bug report logs -
#840950
qemu: CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 16 Oct 2016 12:21:02 UTC
Severity: normal
Ta ...
Debian Bug report logs -
#855159
qemu: CVE-2017-5987: sd: infinite loop issue in multi block transfers
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 14 Feb 2017 19:45:02 UTC
Severity: important
...
Debian Bug report logs -
#854729
CVE-2017-5898
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 9 Feb 2017 22:42:01 UTC
Severity: important
Tags: security
Fixed in version qemu/1:28+dfsg-3
Done: Mic ...
Debian Bug report logs -
#839986
qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 7 Oct 2016 06:45:01 UTC
Severity: normal
Tags: ...
Debian Bug report logs -
#855791
qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 21 Feb 2017 16:06:01 UTC
Seve ...
Debian Bug report logs -
#853996
CVE-2017-5667 / CVE-2017-5856 / CVE-2017-5857
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Thu, 2 Feb 2017 22:06:02 UTC
Severity: important
Tags: security
Fixed in vers ...
Debian Bug report logs -
#853002
qemu: CVE-2017-5579: serial: host memory leakage 16550A UART emulation
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 28 Jan 2017 20:51:04 UTC
Severity: normal
Ta ...
Debian Bug report logs -
#855611
qemu: CVE-2017-5973: usb: infinite loop while doing control transfer in xhci_kick_epctx
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 20 Feb 2017 19:21:04 UTC
Se ...
Debian Bug report logs -
#853006
qemu: CVE-2016-9602: 9p: virtfs allows guest to access host filesystem
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 28 Jan 2017 21:18:01 UTC
Severity: grave
Tag ...