CVE-2017-17381

USN-3575-1 introduced a regression in QEMU ...

Several security issues were fixed in QEMU ...

Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service CVE-2017-15124 Daniel Berrange discovered that t ...

Debian Bug report logs - #883625 qemu: CVE-2017-17381: virtio: divide by zero exception while updating rings Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Dec 2017 21:15:01 UTC Severity: norm ...

Debian Bug report logs - #880832 qemu: CVE-2017-15289: cirrus: OOB access issue in mode4and5 write functions Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 Nov 2017 23:06:01 UTC Severity: impo ...

Debian Bug report logs - #883406 qemu: CVE-2017-15118: stack buffer overflow in NBD server triggered via long export name Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Dec 2017 16:36:01 UTC S ...

Debian Bug report logs - #880836 qemu: CVE-2017-15268: I/O: potential memory exhaustion via websock connection to VNC Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 Nov 2017 23:21:02 UTC Sever ...

Debian Bug report logs - #883399 qemu: CVE-2017-15119: DoS via large option request Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Dec 2017 15:51:01 UTC Severity: normal Tags: security, upstre ...

Debian Bug report logs - #886532 Coming updates for meltdown/spectre Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Nigel Kukard <nkukard@lbsdnet> Date: Sun, 7 Jan 2018 12:15:02 UTC Severity: grave Fo ...

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings ...