SUSE CVE-2015-8613

Stack-based buffer overflow in the megasasctrlgetinfo function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service QEMU instance crash via a crafted SCSI controller CTRLGETINFO command...

CVE-2015-8613

Stack-based buffer overflow in the megasasctrlgetinfo function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service QEMU instance crash via a crafted SCSI controller CTRLGETINFO command...

CVE-2015-8613

CVE-2015-8613 is a stack-based buffer overflow in QEMU’s megasas_ctrl_get_info when using SCSI MegaRAID SAS HBA emulation, allowing local guest users to crash the QEMU process (DoS) via a crafted CTRL_GET_INFO SCSI command. The vulnerability affects QEMU’s SCSI MegaRAID SAS HBA emulation and has ...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)

kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)

kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...

GLSA-201604-01 : QEMU: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201604-01 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Local users within a guest QEMU environment can execute...

Fedora 23 : xen-4.5.2-9.fc23 (2016-f4504e9445)

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 1296080 Qemu: i386: NULL pointer dereference in vapicwrite CVE-2016-1922 1292767 qemu: Stack-based buffer overflow in megasasctrlgetinfo CVE-2015-8613 1293305 qemu-kvm: Infinite loop and out-of-bounds transfer start i...

Fedora 22 : qemu-2.3.1-11.fc22 (2016-275e9ff483)

CVE-2015-8567: net: vmxnet3: host memory leakage bz 1289818 CVE-2016-1922: i386: avoid NULL pointer dereference bz 1292766 CVE-2015-8613: buffer overflow in megasasctrlgetinfo bz 1284008 CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions bz 1294787 Note that Tenable Network Security...

Debian DSA-3471-1 : qemu - security update

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. - CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. - CVE-2015-7504 Qinghao...

[SECURITY] [DSA 3471-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3471-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3471-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...

Mageia: Security Advisory (MGASA-2016-0023)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated qemu packages fix security vulnerabilities

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...