CVE-2018-17958

Several security issues were fixed in QEMU ...

Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton), Red Hat OpenStack Platform 130 (Queens), and Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Secu ...

Synopsis Important: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 43Red Hat Product Security has rated this ...

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update shipped in DSA 4447 to x86-based guests For the stabl ...

An integer overflow issue was found in the RTL8139 NIC emulation in QEMU It could occur while receiving packets over the network if the size value is greater than INT_MAX Such overflow would lead to stack buffer overflow issue A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario ...

Debian Bug report logs - #911470 qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:51:02 UTC ...

Debian Bug report logs - #915884 qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Dec 2018 ...

Debian Bug report logs - #902725 CVE-2018-12617 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:09:06 UTC Severity: important Tags: security Found in version qemu/1:212+dfsg-3 Fixed in ...

Debian Bug report logs - #911499 qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 21:15:01 UTC Severity: import ...

Debian Bug report logs - #914604 qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:48:01 UTC Severity: i ...

Debian Bug report logs - #911468 qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:03 UTC Severity: grave Tag ...

Debian Bug report logs - #914727 qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Nov 2018 18:21:01 UTC Severity: import ...

Debian Bug report logs - #929353 qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 May 2019 08:03:02 UTC Sever ...

Debian Bug report logs - #901017 qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Jun 2018 03:42:01 UTC ...

Debian Bug report logs - #910431 qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Oct 2018 07:42:02 UTC Severity: grave Tags ...

Debian Bug report logs - #907500 qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Aug 2018 19:57:04 UTC Severity: important ...

Debian Bug report logs - #912535 qemu: CVE-2018-18849 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Nov 2018 07:18:02 UTC Severity: important Tags: patch, security, upstream Found in version ...

Debian Bug report logs - #911469 qemu: CVE-2018-17963: net: ignore packets with large size Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:07 UTC Severity: grave Tags: security, ...

Debian Bug report logs - #914599 qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:09:01 UTC Severit ...

Description of Problem Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8 ...