30 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-1779
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTT...
SUSE: Security Advisory (SUSE-SU-2015:0870-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:14704-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : qemu-kvm-rhev (RHSA-2015:1931)
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779)
Summary PowerKVM is vulnerable to Qemu vulnerability CVE-2015-1779. Vulnerability Details CVEID: CVE-2015-1779 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by an error when processing incoming frames by the websocket frame decoder. A remote attacker from within the local network...
Security update for xen (important)
xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed: - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling bsc967012. - CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463. - CVE-2016-2270: Xen allow...
SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1)
xen was updated to fix 47 security issues. These security issues were fixed : - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers bnc864673. - CVE-2013-4529: Buffer overflow in hw/pci/pcieaer...
CVE-2015-1779
CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....
Oracle Linux 7 : qemu-kvm (ELSA-2015-1943)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1943 advisory. - kvm-CVE-2015-1779-incrementally-decode-websocket-frames.patch bz1205050 - kvm-CVE-2015-1779-limit-size-of-HTTP-headers-from-websoc.patch bz1205050 Tenable has...
RHEL 7 : qemu-kvm (RHSA-2015:1943)
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20151027)
It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...
Moderate: Red Hat Security Advisory: qemu-kvm security update
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...
qemu-kvm security update
1.5.3-86.el71.8 - kvm-qtest-ide-test-disable-flush-test.patch bz1273098 - Resolves: bz1273098 qemu-kvm build failure race condition in tests/ide-test 1.5.3-86.el71.7 - kvm-CVE-2015-1779-incrementally-decode-websocket-frames.patch bz1205050 -...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
SUSE: Security Advisory for kvm (SUSE-SU-2015:0870-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for qemu FEDORA-2015-8249
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2608-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-2608-1] QEMU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2608-1 May 13, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
SuSE 11.3 Security Update : kvm (SAT Patch Number 10645)
This update for KVM fixes an issue in the virtio-blk driver which could result in incorrectly setting its WCE configuration. Under some circumstances, this misconfiguration could cause severe file system corruption, because cache flushes were not generated as they ought to have been. The update...
[SECURITY] [DSA 3259-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3259-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2015 http://www.debian.org/security/faq -...