Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2932-1:6C1D7
HistoryMay 19, 2014 - 10:06 a.m.

[SECURITY] [DSA 2932-1] qemu security update

2014-05-1910:06:23
lists.debian.org
13

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Debian Security Advisory DSA-2932-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
May 19, 2014 http://www.debian.org/security/faq

Package : qemu
CVE ID : CVE-2013-4344 CVE-2014-2894
Debian Bug : 745157 725944

Several vulnerabilities were discovered in qemu, a fast processor emulator.

CVE-2013-4344

Buffer overflow in the SCSI implementation in QEMU, 
when a SCSI controller has more than 256 attached devices, allows
local users to gain privileges via a small transfer buffer in a
REPORT LUNS command.

CVE-2014-2894

Off-by-one error in the cmd_smart function in the smart self test in
hw/ide/core.c in QEMU allows local users to have
unspecified impact via a SMART EXECUTE OFFLINE command that triggers
a buffer underflow and memory corruption.

For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6a+deb7u3.

For the testing distribution (jessie), these problems have been fixed in
version 2.0.0+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 2.0.0+dfsg-1.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7allqemu< 1.1.2+dfsg-6a+deb7u3qemu_1.1.2+dfsg-6a+deb7u3_all.deb

Related

debian 3
nessus 30
osv 2
openvas 38
mageia 2
fedora 13
cve 2
redhat 8
centos 2
veracode 9
debiancve 2
xen 1
prion 2
ubuntucve 2
oraclelinux 4
cvelist 2
ubuntu 2
securityvulns 4
suse 3
gentoo 1
debian
debian
[SECURITY] [DSA 2932-1] qemu security update
2014-05-19 09:47:59
[SECURITY] [DSA 2933-1] qemu-kvm security update
2014-05-19 13:21:29
[SECURITY] [DSA 2933-1] qemu-kvm security update
2014-05-19 13:21:10
nessus
nessus
Debian DSA-2933-1 : qemu-kvm - security update
2014-05-20 00:00:00
Debian DSA-2932-1 : qemu - security update
2014-05-20 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2013-1553)
2013-11-29 00:00:00
osv
osv
qemu-kvm - security update
2014-05-19 00:00:00
qemu - security update
2014-05-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2933-1)
2014-05-18 00:00:00
Debian: Security Advisory (DSA-2932-1)
2014-05-18 00:00:00
Debian Security Advisory DSA 2933-1 (qemu-kvm - security update)
2014-05-19 00:00:00
mageia
mageia
Updated qemu package fixes security vulnerability
2013-11-22 22:49:20
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
fedora
fedora
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 17:09:01
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 07:06:04
[SECURITY] Fedora 20 Update: qemu-1.6.0-10.fc20
2013-10-15 06:37:36
cve
cve
CVE-2013-4344
2013-10-04 17:55:00
CVE-2014-2894
2014-04-23 15:55:00
redhat
redhat
(RHSA-2013:1754) Important: qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev security and bug fix update
2013-11-21 00:00:00
(RHSA-2013:1553) Important: qemu-kvm security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2014:0704) Moderate: qemu-kvm security and bug fix update
2014-06-10 00:00:00
centos
centos
qemu security update
2013-11-26 13:32:44
qemu security update
2014-06-11 11:37:18
veracode
veracode
Authorization Bypass
2019-01-15 08:51:30
Arbitrary Code Execution
2019-05-02 04:58:38
Arbitrary Code Execution
2019-05-02 04:58:38
debiancve
debiancve
CVE-2013-4344
2013-10-04 17:55:00
CVE-2014-2894
2014-04-23 15:55:00
xen
xen
qemu SCSI REPORT LUNS buffer overflow
2013-10-02 15:00:00
prion
prion
Buffer overflow
2013-10-04 17:55:00
Memory corruption
2014-04-23 15:55:00
ubuntucve
ubuntucve
CVE-2013-4344
2013-10-04 00:00:00
CVE-2014-2894
2014-04-23 00:00:00
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2013-11-21 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security and bug fix update
2014-06-10 00:00:00
cvelist
cvelist
CVE-2013-4344
2013-10-04 17:00:00
CVE-2014-2894
2014-04-23 14:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-01-30 00:00:00
QEMU vulnerabilities
2014-04-28 00:00:00
securityvulns
securityvulns
QEMU / Xen multiple security vulnerabilities
2014-02-01 00:00:00
[USN-2092-1] QEMU vulnerabilities
2014-02-01 00:00:00
[USN-2182-1] QEMU vulnerabilities
2014-05-04 00:00:00
suse
suse
Security update for kvm (important)
2014-05-08 19:04:16
xen: security and bugfix update (important)
2014-10-09 13:04:44
xen: security and bugfix update (important)
2014-10-09 13:09:07
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for DEBIAN:DSA-2932-1:6C1D7
debian3nessus30osv2openvas38mageia2fedora13cve2redhat8centos2veracode9debiancve2xen1prion2ubuntucve2oraclelinux4cvelist2ubuntu2securityvulns4suse3gentoo1