Several security issues were fixed in QEMU ...
Several vulnerabilities were discovered in qemu, a fast processor
emulator
CVE-2017-15038
Tuomas Tynkkynen discovered an information leak in 9pfs
CVE-2017-15119
Eric Blake discovered that the NBD server insufficiently restricts
large option requests, resulting in denial of service
CVE-2017-15124
Daniel Berrange discovered that t ...
Synopsis
Moderate: qemu-kvm-rhev security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Comm ...
Synopsis
Important: qemu-kvm security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 120 (Pike)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets It could occur while reassembling the fragmented datagrams of an incoming packet A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code ...
Debian Bug report logs -
#884806
qemu: CVE-2017-15124: memory exhaustion through framebuffer update request message in VNC server
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 19 Dec 2017 21:42:0 ...
Debian Bug report logs -
#887392
qemu: CVE-2018-5683: Out-of-bounds read in vga_draw_text routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 15 Jan 2018 20:21:01 UTC
Severity: important
Tags: ...
Debian Bug report logs -
#892041
qemu: CVE-2018-7550: i386: multiboot OOB access while loading kernel image
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 4 Mar 2018 13:15:12 UTC
Severity: impor ...
Debian Bug report logs -
#882136
qemu: CVE-2017-16845: ps2: information leakage via post_load routine
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 19 Nov 2017 14:21:04 UTC
Severity: important
T ...
Debian Bug report logs -
#892497
qemu: CVE-2018-7858: cirrus: OOB access when updating vga display allowing for DoS
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 9 Mar 2018 18:12:01 UTC
Severit ...
Debian Bug report logs -
#886532
Coming updates for meltdown/spectre
Package:
qemu;
Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon)
Reported by: Nigel Kukard <nkukard@lbsdnet>
Date: Sun, 7 Jan 2018 12:15:02 UTC
Severity: grave
Fo ...
Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address A user or process could use this flaw to potentially achieve a ...
Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address A user or process could use this flaw to potentially achieve a ...