MiracleLinux 4 : qemu-kvm-0.12.1.2-2.503.AXS4 (AXSA:2017-1378:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1378:03 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

EUVD-2016-4731

Malware in sbrugna...

EUVD-2016-4733

Malware in sbrugna...

SUSE CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service out-of-bounds read and QEMU process crash by editing VGA registers in VBE mode...

Updated xen packages fix security vulnerability

This xen update is based on upstream 4.5.5 maintenance release, and fixes the following security issues: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr CVE-2014-3672 The xrstor...

USN-3047-1: QEMU vulnerabilities

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is...

Debian DLA-571-1 : xen security update (Bunker Buster)

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-3672 XSA-180 Andrew Sorensen discovered that a HVM domain can exhaust the hosts disk space by filling up the log file. CVE-2016-3158,...

FreeBSD : xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks (e6ce6f50-4212-11e6-942d-bc5ff45d0f28)

The Xen Project reports : Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. A privileged guest user could us...

[SECURITY] [DLA 539-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u13 CVE ID : CVE-2016-3710 CVE-2016-3712 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an...

Ubuntu: Security Advisory (USN-2974-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-2974-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2974-1 advisory. Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue t...

USN-2974-1 qemu, qemu-kvm vulnerabilities

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-2391 Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A...

DEBIAN-CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service out-of-bounds read and QEMU process crash by editing VGA registers in VBE mode...

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service out-of-bounds read and QEMU process crash by editing VGA registers in VBE mode...

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

Integer overflow

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service out-of-bounds read and QEMU process crash by editing VGA registers in VBE mode...

Design/Logic Flaw

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service out-of-bounds read and QEMU process crash by editing VGA registers in VBE mode...

CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...