SUSE: Security Advisory (SUSE-SU-2016:2100-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2528-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2725-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2093-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : qemu (SUSE-SU-2016:2781-1)

qemu was updated to fix 21 security issues. These security issues were fixed : - CVE-2014-5388: Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allowed local guest users to obtain sensitive information and have other unspecified impact related to...

openSUSE Security Update : qemu (openSUSE-2016-1234)

qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

SUSE SLES11 Security Update : xen (SUSE-SU-2016:2528-1) (Bunker Buster)

This update for xen fixes several issues. These security issues were fixed : - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update bsc995792 - CVE-2016-7092: The getpagefroml3e...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:2628-1)

kvm was updated to fix 16 security issues. These security issues were fixed : - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. bsc944697. - CVE-2016-2391: Th...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2589-1)

qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)

This update for xen fixes the following issues : These security issues were fixed : - CVE-2016-7092: The getpagefroml3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables bsc995785 -...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU regression (USN-3047-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3047-2 advisory. USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memor...

USN-3047-2: QEMU regression

USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize fo...

Ubuntu: Security Advisory (USN-3047-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3047-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3047-1 advisory. Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this...

Fedora 22 : xen (2016-9c228cbf13)

Qemu: scsi: esp: OOB r/w access while processing ESPFIFO CVE-2016-5338 1343323 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for qemu FEDORA-2016-a80eab65ba

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5338

The 1 espregread and 2 espregwrite functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service QEMU process crash or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer...

CVE-2016-5338

CVE-2016-5338 affects QEMU when built with the ESP/NCR53C9x SCSI controller emulation. The flaw is in esp_reg_read() and esp_reg_write(), allowing a local guest OS privileged user to trigger an out-of-bounds access in the information transfer buffer, which can crash the QEMU process and may enabl...

CVE-2016-5338

The 1 espregread and 2 espregwrite functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service QEMU process crash or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer...