Debian: Security Advisory (DLA-652-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-653-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-7170

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors related to cursor.mask and cursor.image array sizes when processing a DEFINECURSOR svga command...

SUSE: Security Advisory (SUSE-SU-2016:2902-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2936-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2988-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : qemu (openSUSE-2016-1451)

This update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1 - Change package post script udevadm trigger calls to be device specific bsc1002116 - Address various security/stability issues - Fix OOB access in...

CVE-2016-7170

CVE-2016-7170 affects QEMU’s VMware SVGA path (hw/display/vmware_vga.c). Local privileged guests can trigger an out-of-bounds access in DEFINE_CURSOR handling (cursor.mask/image), leading to DoS via QEMU crash. Connected advisories (OpenSUSE, Debian DLA) confirm a fix in patched QEMU releases; up...

CVE-2016-7170

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors related to cursor.mask and cursor.image array sizes when processing a DEFINECURSOR svga command...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2988-1)

This update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1 - Change package post script udevadm trigger calls to be device specific bsc1002116 - Address various security/stability issues - Fix OOB access in...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2879-1)

This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed : - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU aka Quick Emulator allowed attackers to execute arbitrary code on the QEMU host via a large...

Fedora 25 : 2:qemu (2016-3d3218ec41)

CVE-2016-7155: pvscsi: OOB read and infinite loop bz 1373463 - CVE-2016-7156: pvscsi: infinite loop when building SG list bz 1373480 - CVE-2016-7156: pvscsi: infinite loop when processing IO requests bz 1373480 - CVE-2016-7170: vmwarevga: OOB stack memory access bz 1374709 - CVE-2016-7157:...

Fedora Update for qemu FEDORA-2016-a56fb613a8

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3125-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3125-1 advisory. Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause...

Fedora 24 : 2:qemu (2016-a56fb613a8)

CVE-2016-6351: scsi: esp: OOB write access in espdodma bz 1360600 - CVE-2016-6833: vmxnet3: use-after-free bz 1368982 - CVE-2016-6490: virtio: infinite loop in virtqueuepop bz 1361428 - CVE-2016-7156: pvscsi: infinite loop when building SG list bz 1373480 - CVE-2016-7170: vmwarevga: OOB stack...

Debian DLA-653-1 : qemu-kvm security update

Multiple vulnerabilities have been found in qemu-kvm : CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in qemu-kvm allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. CVE-2016-7170 The vmsvgafiforun function in...

[SECURITY] [DLA 653-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u16 CVE ID : CVE-2016-7161 CVE-2016-7170 CVE-2016-7908 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in qemu-kvm allows attackers to execute arbitrary...