MiracleLinux 8 : container-tools:rhel8 (AXSA:2020-917:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-917:01 advisory. QEMU: slirp: use-after-free in ipreass function in ipinput.c CVE-2020-1983 Modularity name: container-tools Stream name: rhel8 CVE-2020-1983 A use after free...

TencentOS Server 3: container-tools:rhel8 (TSSA-2022:0110)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0110 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2020-12773

Malware in sbrugna...

SUSE CVE-2019-14378

ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment...

SUSE CVE-2019-15890

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c...

SUSE CVE-2020-1983

A use after free vulnerability in ipreass in ipinput.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service...

SUSE: Security Advisory (SUSE-SU-2020:14396-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

QEMU: slirp: use-after-free in ip_reass() function in ip_input.c

A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...

Moderate: Red Hat Security Advisory: qemu-kvm-ma security update

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Amazon Linux AMI : qemu-img (ALAS-2020-1466) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1466 advisory. - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 Note that Nessus...

Amazon Linux 2 : qemu (ALAS-2020-1570)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1570 advisory. A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ipreass...

Use-after-free

libslirp is vulnerable to use-after-free. It is due to a flaw in ipreass in ipinput.c...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. A use after free vulnerability in ipreass in ipinput.c of libslirp allows an attacker to crash the application using malicious packets...

Amazon Linux 2 : qemu (ALAS-2020-1485)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1485 advisory. A use after free vulnerability in ipreass in ipinput.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial o...

Medium: qemu

Issue Overview: A use after free vulnerability in ipreass in ipinput.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the iprea...

RLSA-2020:3053 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: use-after-free in ipreass function in ipinput.c CVE-2020-1983 For more details about the security issues, including the impact, a CVSS score,...

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: use-after-free in ipreass function in ipinput.c CVE-2020-1983 For more details about the security issues, including the impact, a CVSS score,...

SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...

SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...