Several security issues were fixed in QEMU ...
Multiple security issues were discovered in QEMU, a fast processor
emulator, which could result in denial of service, the execution of
arbitrary code or information disclosure
In addition this update backports support to passthrough the new
md-clear CPU flag added in the intel-microcode update shipped in DSA 4447
to x86-based guests
For the stabl ...
Synopsis
Important: qemu-kvm-ma security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty), Red Hat OpenStack Platform 90 (Mitaka), Red Hat OpenStack Platform 100 (Newton), Red Hat OpenStack Platform 120 (Pi ...
Synopsis
Important: qemu-kvm security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets It could occur while reassembling the fragmented datagrams of an incoming packet A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code ...
Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address A user or process could use this flaw to potentially achieve a ...
A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets It could occur while reassembling the fragmented datagrams of an incoming packet A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code ...
Debian Bug report logs -
#911470
qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:51:02 UTC
...
Debian Bug report logs -
#915884
qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 7 Dec 2018 ...
Debian Bug report logs -
#902725
CVE-2018-12617
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 29 Jun 2018 21:09:06 UTC
Severity: important
Tags: security
Found in version qemu/1:212+dfsg-3
Fixed in ...
Debian Bug report logs -
#911499
qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 21:15:01 UTC
Severity: import ...
Debian Bug report logs -
#914604
qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:48:01 UTC
Severity: i ...
Debian Bug report logs -
#911468
qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:03 UTC
Severity: grave
Tag ...
Debian Bug report logs -
#914727
qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 26 Nov 2018 18:21:01 UTC
Severity: import ...
Debian Bug report logs -
#929353
qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 22 May 2019 08:03:02 UTC
Sever ...
Debian Bug report logs -
#901017
qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 8 Jun 2018 03:42:01 UTC
...
Debian Bug report logs -
#910431
qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 6 Oct 2018 07:42:02 UTC
Severity: grave
Tags ...
Debian Bug report logs -
#907500
qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 28 Aug 2018 19:57:04 UTC
Severity: important ...
Debian Bug report logs -
#912535
qemu: CVE-2018-18849
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 1 Nov 2018 07:18:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version ...
Debian Bug report logs -
#911469
qemu: CVE-2018-17963: net: ignore packets with large size
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:07 UTC
Severity: grave
Tags: security, ...
Debian Bug report logs -
#914599
qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:09:01 UTC
Severit ...