Several security issues were fixed in QEMU ...
USN-3575-1 introduced a regression in QEMU ...
Synopsis
Low: qemu-kvm-ma security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (C ...
Synopsis
Low: qemu-kvm security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...
Synopsis
Important: qemu-kvm-rhev security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton), Red Hat OpenStack Platform 110 (Ocata), Red Hat OpenStack Platform 120 (Pike), Red Hat OpenStack Platform ...
Several vulnerabilities were discovered in qemu, a fast processor
emulator
CVE-2017-15038
Tuomas Tynkkynen discovered an information leak in 9pfs
CVE-2017-15119
Eric Blake discovered that the NBD server insufficiently restricts
large option requests, resulting in denial of service
CVE-2017-15124
Daniel Berrange discovered that t ...
Debian Bug report logs -
#884806
qemu: CVE-2017-15124: memory exhaustion through framebuffer update request message in VNC server
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 19 Dec 2017 21:42:0 ...
Debian Bug report logs -
#887392
qemu: CVE-2018-5683: Out-of-bounds read in vga_draw_text routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 15 Jan 2018 20:21:01 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#892041
qemu: CVE-2018-7550: i386: multiboot OOB access while loading kernel image
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 4 Mar 2018 13:15:12 UTC
Severity: impor ...
Debian Bug report logs -
#882136
qemu: CVE-2017-16845: ps2: information leakage via post_load routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 19 Nov 2017 14:21:04 UTC
Severity: important
T ...
Debian Bug report logs -
#892497
qemu: CVE-2018-7858: cirrus: OOB access when updating vga display allowing for DoS
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 9 Mar 2018 18:12:01 UTC
Severit ...
Debian Bug report logs -
#886532
Coming updates for meltdown/spectre
Package:
qemu;
Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon)
Reported by: Nigel Kukard <nkukard@lbsdnet>
Date: Sun, 7 Jan 2018 12:15:02 UTC
Severity: grave
Fo ...
An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU) It could occur while reading VGA memory to update graphics display A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation(CVE-2017-13672)
A memory leakage ...
An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU) It could occur while reading VGA memory to update graphics display A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation(CVE-2017-13672)
A memory leakage ...
VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client If the client did not consume these updates, VNC server allocates growing memory to hold onto this data A malicious remote VNC client could use this flaw to cause ...