23 matches found
EUVD-2019-3721
Malware in sbrugna...
DEBIAN-CVE-2024-6519
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...
SUSE CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)
This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...
SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)
This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...
SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1526-1)
This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...
SUSE-SU-2020:14396-1 Security update for kvm
This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. - CVE-2020-1983: Fixed a use-after-free in the ipreass function of slirp bsc1170940. - CVE-2020-8608: Fixed a potential OOB access in sli...
openSUSE: Security Advisory for qemu (openSUSE-SU-2019:2510-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : qemu (openSUSE-2019-2505)
This update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp CVE-2018-20126 bsc1119991 - Fix potential DOS in lsi scsi controller emulation CVE-2019-12068 bsc1146873 - Expose taa-no 'feature',...
openSUSE Security Update : qemu (openSUSE-2019-2510)
This update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. CVE-2018-20126 bsc1119991, CVE-2019-14378 bsc1143794, and CVE-2019-15890 bsc1149811...
USN-4191-2 qemu vulnerabilities
USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause...
USN-4191-1: QEMU vulnerabilities
It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. CVE-2019-12068 Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics...
Security update for qemu (important)
openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:2510-1 Rating: important References: 1079730 1098403 1111025 1117665 1119991 1143794 1144087 1145379 1145427 1145436 1145774 1146873 1149811 1152506 Cross-References: CVE-2018-12207 CVE-2018-20126 CVE-2019-11135...
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)
This update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. CVE-2018-20126 bsc1119991, CVE-2019-14378 bsc1143794, and CVE-2019-15890 bsc1149811...
CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
DEBIAN-CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
Code injection
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
UBUNTU-CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...
CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...