Moderate: Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7, Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7, Red Hat OpenStack Platform 8.0 Liberty, Red Hat OpenStack Platform 9.0 Mitaka, Red Hat OpenStack Platform 10.0 Newton,...

CVE-2016-7422

The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...

CVE-2016-7422

CVE-2016-7422 affects QEMU’s virtio/virtio.c: virtqueue_map_desc allows a local guest OS administrator to trigger a NULL pointer dereference by using a large I/O descriptor buffer length, leading to QEMU process crash. Remediation in connected docs shows fixes via rebases to QEMU 2.9.0 (RHSA-2017...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2879-1)

This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed : - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU aka Quick Emulator allowed attackers to execute arbitrary code on the QEMU host via a large...

Fedora 25 : 2:qemu (2016-3d3218ec41)

CVE-2016-7155: pvscsi: OOB read and infinite loop bz 1373463 - CVE-2016-7156: pvscsi: infinite loop when building SG list bz 1373480 - CVE-2016-7156: pvscsi: infinite loop when processing IO requests bz 1373480 - CVE-2016-7170: vmwarevga: OOB stack memory access bz 1374709 - CVE-2016-7157:...

Fedora Update for qemu FEDORA-2016-a56fb613a8

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3125-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3125-1 advisory. Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause...

Fedora 24 : 2:qemu (2016-a56fb613a8)

CVE-2016-6351: scsi: esp: OOB write access in espdodma bz 1360600 - CVE-2016-6833: vmxnet3: use-after-free bz 1368982 - CVE-2016-6490: virtio: infinite loop in virtqueuepop bz 1361428 - CVE-2016-7156: pvscsi: infinite loop when building SG list bz 1373480 - CVE-2016-7170: vmwarevga: OOB stack...

CVE-2016-7422

The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...