Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

Debian: DSA-4213-1 Critical: QEMU Denial Of Service & Information Leak

debian
Calendar Grey May 29, 2018
Scroller Debian
Urgent security notice for Debian addressing several QEMU flaws. Prompt updating advised for safeguarding against threats.
Several vulnerabilities were discovered in qemu, a fast processor emulator

Summary

CVE-2017-15038

Tuomas Tynkkynen discovered an information leak in 9pfs.

CVE-2017-15119

Eric Blake discovered that the NBD server insufficiently restricts
large option requests, resulting in denial of service.

CVE-2017-15124

Daniel Berrange discovered that the integrated VNC server
insufficiently restricted memory allocation, which could result in
denial of service.

CVE-2017-15268

A memory leak in websockets support may result in denial of service.

CVE-2017-15289

Guoxiang Niu discovered an OOB write in the emulated Cirrus graphics
adaptor which could result in denial of service.

CVE-2017-16845

Cyrille Chatras discovered an information leak in PS/2 mouse and
keyboard emulation which could be exploited during instance
migration.

CVE-2017-17381

Dengzhan Heyuandong Bijunhua and Liweichao discovered that an
implementation error in the virtio vring implementation could result
in denial of service.

CVE-2017-18043

Eric Blake discovered an integer over...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: qemu
CVE ID: CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.