19 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-7840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1...
SUSE CVE-2014-7840
The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...
Mageia: Security Advisory (MGASA-2014-0525)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:0357-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2015-0349)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for qemu FEDORA-2015-8249
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:0349-1)
QEMU was updated to fix various bugs and security issues. Following security issues were fixed: CVE-2014-8106: Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU allowed local guest users to execute arbitrary code via vectors related to blit regions. -...
Fedora Update for qemu FEDORA-2015-5482
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : qemu-kvm (ELSA-2015-0349)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0349 advisory. - Resolves: bz1169456 CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks rhel-7.1 - Resolves: bz1163078 CVE-2014-7840 qemu-kvm: qemu...
RedHat Update for qemu-kvm RHSA-2015:0349-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : qemu-kvm-rhev (RHSA-2015:0624)
Updated qemu-kvm-rhev packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring Syste...
Important: Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Updated qemu-kvm-rhev packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring Syste...
Important: Red Hat Security Advisory: qemu-kvm security, bug fix, and enhancement update
Updated qemu-kvm packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...
GLSA-201412-37 : QEMU: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201412-37 QEMU: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary...
Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2439-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2439-1 advisory. Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipula...
Fedora 21 : qemu-2.1.2-7.fc21 (2014-16075)
Fix qemu-img convert corruption for unflushed files bz 1167249 - Fix SLES11 migration issue bz 1109427 - CVE-2014-7840: insufficient parameter validation during ram load bz 1163080 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
MGASA-2014-0525 Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in hostfromstreamoffset and also the length of the writes in the callers of the said function. A user able to alter the savevm data eith...
CVE-2014-7840
The CVE-2014-7840 entry concerns QEMU: during RAM loading in migration, the host_from_stream_offset function in arch_init.c accepts crafted savevm data offset/length values, enabling a remote attacker to execute arbitrary code. The vulnerability affects the RAM-load path of migration, with the de...
USN-2439-1: QEMU vulnerabilities
Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS,...