Debian: Security Advisory (DLA-965-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2963-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1647)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1497-1] qemu security update

Package : qemu Version : 1:2.1+dfsg-12+deb8u7 CVE ID : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921 CVE-2016-9922...

CVE-2016-9602

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host...

CVE-2016-9602

CVE-2016-9602 is tied to QEMU (qemu-kvm) built with VirtFS where, before version 2.9, a privileged guest user can trigger an improper link following to access the host filesystem outside the shared folder, potentially escalating privileges on the host. The connected EulerOS advisory confirms this...

SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)

This update for kvm fixes several issues. These security issues were fixed : - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024972 -...

SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)

This update for kvm fixes several issues. These security issues were fixed : - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System9pfs support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the...

[SECURITY] [DLA 965-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u22 CVE ID : CVE-2016-9602 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-8086 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu...

Ubuntu 17.04 : qemu vulnerabilities (USN-3268-1)

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-10028 It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker...

Ubuntu: Security Advisory (USN-3268-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3261-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3261-1 advisory. Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU ...

QEMU: virtfs permits guest to access entire host filesystem (CVE-2016-9602)

If an attacker can execute arbitrary code in the guest kernel and a virtfs is set up, the attacker can access the entire filesystem of the host using a symlink attack. This might require the security model "passthrough" or "none" - I haven't tested with the mapped modes. Repro steps: 1. Place som...