Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4213-1:F6297
HistoryMay 29, 2018 - 9:25 p.m.

[SECURITY] [DSA 4213-1] qemu security update

2018-05-2921:25:45
lists.debian.org
34

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Debian Security Advisory DSA-4213-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
May 29, 2018 https://www.debian.org/security/faq

Package : qemu
CVE ID : CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124
CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381
CVE-2017-18043 CVE-2018-5683 CVE-2018-7550
Debian Bug : 877890 880832 880836 882136 883399 883625 884806 886532
887392 892041

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2017-15038

Tuomas Tynkkynen discovered an information leak in 9pfs.

CVE-2017-15119

Eric Blake discovered that the NBD server insufficiently restricts
large option requests, resulting in denial of service.

CVE-2017-15124

Daniel Berrange discovered that the integrated VNC server
insufficiently restricted memory allocation, which could result in
denial of service.

CVE-2017-15268

A memory leak in websockets support may result in denial of service.

CVE-2017-15289

Guoxiang Niu discovered an OOB write in the emulated Cirrus graphics
adaptor which could result in denial of service.

CVE-2017-16845

Cyrille Chatras discovered an information leak in PS/2 mouse and
keyboard emulation which could be exploited during instance
migration.

CVE-2017-17381

Dengzhan Heyuandong Bijunhua and Liweichao discovered that an
implementation error in the virtio vring implementation could result
in denial of service.

CVE-2017-18043

Eric Blake discovered an integer overflow in an internally used
macro which could result in denial of service.

CVE-2018-5683

Jiang Xin and Lin ZheCheng discovered an OOB memory access in the
emulated VGA adaptor which could result in denial of service.

CVE-2018-7550

Cyrille Chatras discovered that an OOB memory write when using
multiboot could result in the execution of arbitrary code.

This update also backports a number of mitigations against the Spectre
v2 vulnerability affecting modern CPUs (CVE-2017-5715). For additional
information please refer to
https://www.qemu.org/2018/01/04/spectre/

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u4.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9i386pata-modules-4.9.0-6-686-di< 4.9.88-1pata-modules-4.9.0-6-686-di_4.9.88-1_i386.deb
Debian9amd64nvidia-driver-libs-nonglvnd< 384.111-4~deb9u1nvidia-driver-libs-nonglvnd_384.111-4~deb9u1_amd64.deb
Debian8i386nvidia-vdpau-driver< 340.106-1nvidia-vdpau-driver_340.106-1_i386.deb
Debian9ppc64eljfs-modules-4.9.0-6-powerpc64le-di< 4.9.88-1jfs-modules-4.9.0-6-powerpc64le-di_4.9.88-1_ppc64el.deb
Debian7armelcdrom-core-modules-3.2.0-6-versatile-di< 3.2.101-1cdrom-core-modules-3.2.0-6-versatile-di_3.2.101-1_armel.deb
Debian9armelqemu-guest-agent< 2.8+dfsg-6+deb9u4qemu-guest-agent_2.8+dfsg-6+deb9u4_armel.deb
Debian8i386ppp-modules-3.16.0-6-586-di< 3.16.57-1ppp-modules-3.16.0-6-586-di_3.16.57-1_i386.deb
Debian8armelfb-modules-3.16.0-6-kirkwood-di< 3.16.57-1fb-modules-3.16.0-6-kirkwood-di_3.16.57-1_armel.deb
Debian9amd64pcmcia-modules-4.9.0-6-amd64-di< 4.9.88-1pcmcia-modules-4.9.0-6-amd64-di_4.9.88-1_amd64.deb
Debian7amd64linux-headers-3.2.0-6-amd64< 3.2.101-1linux-headers-3.2.0-6-amd64_3.2.101-1_amd64.deb
Rows per page:
1-10 of 22831

Related

debian 5
openvas 29
nessus 58
osv 14
suse 9
ubuntu 3
gentoo 1
fedora 5
oraclelinux 6
redhat 5
centos 2
amazon 2
prion 10
debiancve 10
redhatcve 10
ubuntucve 10
cve 10
veracode 8
ibm 1
f5 1
debian
debian
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DLA 1350-1] qemu-kvm security update
2018-04-17 14:17:19
[SECURITY] [DLA 1351-1] qemu security update
2018-04-17 14:48:41
openvas
openvas
Debian: Security Advisory (DSA-4213-1)
2018-05-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0762-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2018:0780-1)
2018-03-25 00:00:00
nessus
nessus
Debian DSA-4213-1 : qemu - security update (Spectre)
2018-05-30 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:0762-1) (Spectre)
2018-03-22 00:00:00
openSUSE Security Update : qemu (openSUSE-2018-291) (Spectre)
2018-03-23 00:00:00
osv
osv
qemu - security update
2018-05-29 00:00:00
CVE-2017-17381
2017-12-07 02:29:13
CVE-2017-18043
2018-01-31 20:29:00
suse
suse
Security update for qemu (important)
2018-03-21 21:07:13
Security update for qemu (important)
2018-03-23 00:07:04
Security update for qemu (important)
2018-03-27 21:08:28
ubuntu
ubuntu
QEMU regression
2018-03-05 00:00:00
QEMU vulnerabilities
2018-02-20 00:00:00
QEMU vulnerabilities
2018-05-16 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2018-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27
2018-08-24 07:15:55
[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27
2017-11-11 13:46:42
[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27
2017-11-11 03:30:22
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2018-04-16 00:00:00
qemu security update
2018-11-20 00:00:00
qemu security update
2018-11-28 00:00:00
redhat
redhat
(RHSA-2018:1104) Important: qemu-kvm-rhev security, bug fix, and enhancement update
2018-04-10 18:43:01
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update
2018-04-10 05:01:42
(RHSA-2018:1113) Moderate: qemu-kvm-rhev security and bug fix update
2018-04-11 17:35:52
centos
centos
qemu security update
2018-04-26 17:50:14
qemu security update
2018-03-14 14:47:19
amazon
amazon
Important: qemu-kvm
2018-06-07 23:41:00
Important: qemu-kvm
2018-06-08 18:29:00
prion
prion
Denial of service
2018-07-27 16:29:00
Design/Logic Flaw
2017-12-07 02:29:00
Memory corruption
2017-10-12 15:29:00
debiancve
debiancve
CVE-2017-17381
2017-12-07 02:29:00
CVE-2017-15119
2018-07-27 16:29:00
CVE-2017-18043
2018-01-31 20:29:00
redhatcve
redhatcve
CVE-2017-15268
2017-10-12 20:49:03
CVE-2017-15119
2020-04-05 16:54:44
CVE-2017-17381
2017-12-05 07:50:17
ubuntucve
ubuntucve
CVE-2017-17381
2017-12-06 00:00:00
CVE-2017-18043
2018-01-31 00:00:00
CVE-2017-15119
2017-11-28 00:00:00
cve
cve
CVE-2017-17381
2017-12-07 02:29:00
CVE-2017-18043
2018-01-31 20:29:00
CVE-2017-15119
2018-07-27 16:29:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:37:26
Denial Of Service (DoS)
2019-05-16 02:53:05
Denial Of Service (DoS)
2019-05-16 02:53:05
ibm
ibm
Security Bulletin: App Connect Professional is affected by Quick Emulator vulnerability
2022-02-21 04:46:26
f5
f5
K22572754 : QEMU vulnerability CVE-2017-15289
2021-01-25 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for DEBIAN:DSA-4213-1:F6297
debian5openvas29nessus58osv14suse9ubuntu3gentoo1fedora5oraclelinux6redhat5centos2amazon2prion10debiancve10redhatcve10ubuntucve10cve10veracode8ibm1f51