21 matches found
SUSE CVE-2016-5106
The megasasdcmdsetproperties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service out-of-bounds write access via vectors involving a MegaRAID Firmware Interface MFI command...
SUSE: Security Advisory (SUSE-SU-2016:2100-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2628-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2589-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : qemu (SUSE-SU-2016:2781-1)
qemu was updated to fix 21 security issues. These security issues were fixed : - CVE-2014-5388: Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allowed local guest users to obtain sensitive information and have other unspecified impact related to...
openSUSE Security Update : qemu (openSUSE-2016-1234)
qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:2628-1)
kvm was updated to fix 16 security issues. These security issues were fixed : - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. bsc944697. - CVE-2016-2391: Th...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2589-1)
qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...
SUSE-SU-2016:2589-1 Security update for qemu
qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...
CVE-2016-5106
The megasasdcmdsetproperties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service out-of-bounds write access via vectors involving a MegaRAID Firmware Interface MFI command...
CVE-2016-5106
CVE-2016-5105, CVE-2016-5106, and CVE-2016-5107 affect QEMU when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation. The IBM PowerKVM bulletin (E73B43A9…) states the root cause as: a MegaRAID emulation path (megasas.c) with an uninitialized variable leading to host memory read (5105), an ...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU regression (USN-3047-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3047-2 advisory. USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memor...
USN-3047-2: QEMU regression
USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize fo...
Ubuntu: Security Advisory (USN-3047-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3047-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3047-1 advisory. Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this...
Fedora 24 : xen (2016-cfea37952b)
cleaner way to set kernel module load list Unrestricted qemu logging XSA-180, CVE-2014-3672 1339125 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in espregwrite CVE-2016-4439 1337502 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in getcmd CVE-2016-4441 1337505 Qemu: scsi: megasa...
Fedora 22 : xen (2016-4edd58a3b5)
cleaner way to set kernel module load list Unrestricted qemu logging XSA-180, CVE-2014-3672 1339125 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in espregwrite CVE-2016-4439 1337502 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in getcmd CVE-2016-4441 1337505 Qemu: scsi: megasa...
Fedora 23 : xen (2016-8d3fe9914b)
cleaner way to set kernel module load list Unrestricted qemu logging XSA-180, CVE-2014-3672 1339125 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in espregwrite CVE-2016-4439 1337502 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in getcmd CVE-2016-4441 1337505 Qemu: scsi: megasa...
Fedora Update for qemu FEDORA-2016-73853a7a16
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for qemu FEDORA-2016-a80eab65ba
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...