Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Several security issues were fixed in QEMU ...
Integer overflows in the processing of packets in network cards emulated
by QEMU, a fast processor emulator, could result in denial of service
In addition this update backports support to passthrough the new CPU
features added in the intel-microcode update shipped in DSA 4273 to
x86-based guests
For the stable distribution (stretch), these proble ...
An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU It could occur while receiving packets, if the size value was greater than INT_MAX Such overflow would lead to stack buffer overflow issue A user inside guest could use this flaw to crash the QEMU process resulting in DoS ...
Debian Bug report logs -
#911470
qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:51:02 UTC
...
Debian Bug report logs -
#915884
qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 7 Dec 2018 ...
Debian Bug report logs -
#902725
CVE-2018-12617
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Fri, 29 Jun 2018 21:09:06 UTC
Severity: important
Tags: security
Found in version qemu/1:212+dfsg-3
Fixed in ...
Debian Bug report logs -
#911499
qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 21:15:01 UTC
Severity: import ...
Debian Bug report logs -
#914604
qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:48:01 UTC
Severity: i ...
Debian Bug report logs -
#911468
qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:03 UTC
Severity: grave
Tag ...
Debian Bug report logs -
#914727
qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 26 Nov 2018 18:21:01 UTC
Severity: import ...
Debian Bug report logs -
#901017
qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 8 Jun 2018 03:42:01 UTC
...
Debian Bug report logs -
#910431
qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 6 Oct 2018 07:42:02 UTC
Severity: grave
Tags ...
Debian Bug report logs -
#907500
qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 28 Aug 2018 19:57:04 UTC
Severity: important ...
Debian Bug report logs -
#912535
qemu: CVE-2018-18849
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 1 Nov 2018 07:18:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version ...
Debian Bug report logs -
#911469
qemu: CVE-2018-17963: net: ignore packets with large size
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 20 Oct 2018 14:45:07 UTC
Severity: grave
Tags: security, ...
Debian Bug report logs -
#914599
qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Nov 2018 15:09:01 UTC
Severit ...