Scientific Linux Security Update : qemu-kvm on SL6.x x86_64 (20120905)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character device...

jakarta: JVM destabilization due to memory exhaustion when processing CDF/CFBF files

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...

USN-1505-2: IcedTea-Web regression

USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java SE 7 < Update 7 Multiple Vulnerabilities

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The 'getField' method in the 'sun.awt.SunToolkit class' provided by the bundled SunToolkit can be used ...

op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities

op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market...

Ubuntu Update for linux-ti-omap4 USN-1514-1

Ubuntu Update for Linux kernel vulnerabilities USN-1514-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15141.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-ti-omap4 USN-1514-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...

USN-1529-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM Kernel-based Virtual Machine to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhostnet module is loaded with the...

Scientific Linux Security Update : qemu-kvm on SL6.x x86_64

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guest...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : kvm on SL5.x x86_64

It was found that some structure padding and reserved fields in certain data structures in QEMU-KVM were not initialized properly before being copied to user-space. A privileged host user with access to '/dev/kvm' could use this flaw to leak kernel stack memory to user-space. CVE-2010-3881 This...

Scientific Linux Security Update : kvm on SL5.4 x86_64

CVE-2009-3722 KVM: Check cpl before emulating debug register access CVE-2010-0419 kvm: emulator privilege escalation segment selector check A flaw was found in the way the x86 emulator loaded segment selectors used for memory segmentation and protection into segment registers. In some guest syste...

Ubuntu: Security Advisory (USN-1505-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1505-1: OpenJDK 6 vulnerabilities

It was discovered that multiple flaws existed in the CORBA Common Object Request Broker Architecture implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711,...

VMware Player Multiple Vulnerabilities (VMSA-2012-0011)

The VMware Player install detected on the remote host is 3.x earlier than 3.1.6, or 4.0.x, earlier than 4.0.4 and is, therefore, potentially affected by the following vulnerabilities : - A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary code...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON()

The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service host OS crash by leveraging administrative access to the guest OS, related to the pmdnoneorclearbad function and page faults for huge pages...

[SECURITY] Fedora 17 Update: openstack-nova-2012.1-10.fc17

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...