MiracleLinux 4 : qemu-kvm-0.12.1.2-2.479.AXS4.4 (AXSA:2016-047:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-047:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

MiracleLinux 7 : qemu-kvm-1.5.3-105.el7.3 (AXSA:2016-049:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-049:01 advisory. qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together with the K...

Linux Distros Unpatched Vulnerability : CVE-2016-1714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow...

Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service,...

RHEL 7 : qemu-kvm-rhev (RHSA-2016:0084)

Updated qemu-kvm-rhev packages that fix two security issues and three bugs are now available for Red Hat Enterprise Virtualization. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)

kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)

kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...

qemu-kvm security update

0.12.1.2-2.491.el68.1 - kvm-Add-vga.h-unmodified-from-Linux.patch bz1331407 - kvm-vga.h-remove-unused-stuff-and-reformat.patch bz1331407 - kvm-vga-use-constants-from-vga.h.patch bz1331407 - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch bz1331407 -...

SOL75248350 - QEMU vulnerability CVE-2016-1714

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2016-1714

The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...

CVE-2016-1714

CVE-2016-1714 – QEMU firmware config flaw. Local CAP_SYS_RAWIO users can trigger out-of-bounds reads/writes in hw/nvram/fw_cfg.c (fw_cfg_write/fw_cfg_read) when Firmware Configuration device emulation is enabled, potentially crashing the guest or allowing code execution on the host. Affected: QEM...

CVE-2016-1714

The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...

GLSA-201604-01 : QEMU: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201604-01 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Local users within a guest QEMU environment can execute...

Fedora 23 : xen-4.5.2-9.fc23 (2016-f4504e9445)

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 1296080 Qemu: i386: NULL pointer dereference in vapicwrite CVE-2016-1922 1292767 qemu: Stack-based buffer overflow in megasasctrlgetinfo CVE-2015-8613 1293305 qemu-kvm: Infinite loop and out-of-bounds transfer start i...

Debian DSA-3471-1 : qemu - security update

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. - CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. - CVE-2015-7504 Qinghao...

[SECURITY] [DSA 3471-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3471-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3469-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3469-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3471-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...

CentOS 6 : qemu-kvm (CESA-2016:0082)

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS Update for qemu-guest-agent CESA-2016:0082 centos6

Check the version of qemu-guest-agent SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882389";...