USN-3575-1 introduced a regression in QEMU ...
Several security issues were fixed in QEMU ...
Several vulnerabilities were discovered in qemu, a fast processor
emulator
CVE-2017-15038
Tuomas Tynkkynen discovered an information leak in 9pfs
CVE-2017-15119
Eric Blake discovered that the NBD server insufficiently restricts
large option requests, resulting in denial of service
CVE-2017-15124
Daniel Berrange discovered that t ...
Synopsis
Moderate: qemu-kvm security update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 110 (Ocata)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Synopsis
Moderate: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Synopsis
Moderate: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7Red Hat ...
Synopsis
Moderate: qemu-kvm security update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue The issue could occur due to an integer overflow while loading a kernel image during a guest boot A user or process could use this flaw to potentially achieve arbitrary code execution on a host (CVE-2017-141 ...
Debian Bug report logs -
#883625
qemu: CVE-2017-17381: virtio: divide by zero exception while updating rings
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 5 Dec 2017 21:15:01 UTC
Severity: norm ...
Debian Bug report logs -
#880832
qemu: CVE-2017-15289: cirrus: OOB access issue in mode4and5 write functions
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 4 Nov 2017 23:06:01 UTC
Severity: impo ...
Debian Bug report logs -
#883406
qemu: CVE-2017-15118: stack buffer overflow in NBD server triggered via long export name
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 3 Dec 2017 16:36:01 UTC
S ...
Debian Bug report logs -
#880836
qemu: CVE-2017-15268: I/O: potential memory exhaustion via websock connection to VNC
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 4 Nov 2017 23:21:02 UTC
Sever ...
Debian Bug report logs -
#883399
qemu: CVE-2017-15119: DoS via large option request
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 3 Dec 2017 15:51:01 UTC
Severity: normal
Tags: security, upstre ...
Debian Bug report logs -
#886532
Coming updates for meltdown/spectre
Package:
qemu;
Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon)
Reported by: Nigel Kukard <nkukard@lbsdnet>
Date: Sun, 7 Jan 2018 12:15:02 UTC
Severity: grave
Fo ...
Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue The issue could occur while writing to VGA memory via mode4and5 write functions A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS) ...