Xen Project Explains Patch SNAFU

Xen Project dropped the ball on two important security patches when it released a maintenance update for its popular hypervisor software on Tuesday. On its company blog today, Xen acknowledged what it called an “oversight” and attempted to explain what went wrong. Effected is maintenance release...

QEMU pcnet_receive 堆缓冲区溢出漏洞(CVE-2015-7504)

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html pcnet是虚拟化软件QEMU中实现AMD PCNET网卡功能模拟的组件，相关的代码实现位于/hw/net/pcnet.c中。 在qemu软件中使用pcnet网卡，需要如下的命令行进行配置： qemu-system-x8664 centos-6.5-x64.img -m 1024 - net nic,model=pcnet -net user...

RHEL 5 : kvm (RHSA-2015:1189)

Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...

Important: Red Hat Security Advisory: kvm security update

Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...

[SECURITY] [DSA 3286-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3286-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...

RHEL 6 : qemu-kvm-rhev (RHSA-2015:1088)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1088 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the...

Debian DSA-3286-1 : xen - security update

Multiple security issues have been found in the Xen virtualisation solution : - CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card...

Debian DSA-3285-1 : qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A...

Debian DSA-3284-1 : qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a gues...

Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google OpenVAS Vulnerability Test $Id: deb3285.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3285-1 using nvtgen 1.0 Script version: 1.0...

DSA-3284-1 qemu - security update

Bulletin has no description...

DSA-3285-1 qemu-kvm - security update

Bulletin has no description...

[SECURITY] [DSA 3285-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3285-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3285-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3285-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3284-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3284-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 13, 2015 https://www.debian.org/security/faq -...

CentOS 6 : qemu-kvm (CESA-2015:1087)

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS Update for qemu-guest-agent CESA-2015:1087 centos6

Check the version of qemu-guest-agent SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882196";...

Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150610)

A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...

RHEL 6 : qemu-kvm (RHSA-2015:1087)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1087 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the...

RedHat Update for qemu-kvm RHSA-2015:1087-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...