Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedoracritical updateFedora 27 Advisory 2017-8db9c497f9 Critical: QEMU Memory Issues
* Fix ppc64 KVM failure (bz #1501936) * CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111) * CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882) ---- qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-8db9c497f9 2017-11-11 01:32:26.765894 --------------------------------------------------------------------------------Name : qemu Product : Fedora 27 Version : 2.10.1 Release : 1.fc27 URL : https://www.qemu.org/ Summary : QEMU is a FAST! processor emulator Description : QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. --------------------------------------------------------------------------------Update Information: * Fix ppc64 KVM failure (bz #1501936) * CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111) * CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882) ----qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other small changes to the qemu-pr-helper service are included. ---- Backport qemu-pr-helper from QEMU 2.11. This daemon allows unprivilegedusers (who have access to the daemon) to use persistent reservation commands on both regular disks and multipath block devices. --------------------------------------------------------------------------------References: [ 1 ] Bug #1499110 - CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes https://bugzilla.redhat.com/show_bug.cgi?id=1499110 [ 2 ] Bug #1496879 - CVE-2017-15268 Qemu: I/O: potential memory exhaustion via websock connection to VNC https://bugzilla.redhat.com/show_bug.cgi?id=1496879 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade qemu' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 11, 2017
•Critical
Fedora
89
security advisorycriticalFedoraFedora 24 QEMU: 2016-1b264ab4a4 Critical Integer Overflow
* CVE-2016-2538: Integer overflow in usb module (bz #1305815) * CVE-2016-2841: ne2000: infinite loop (bz #1304047) * CVE-2016-2857: net: out of bounds read (bz #1309564) * CVE-2016-2392: usb: null pointer dereference (bz #1307115) * Fix external snapshot any more after active committing (bz #1300209). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-1b264ab4a4 2016-03-27 00:00:51.391668 -------------------------------------------------------------------------------- Name : qemu Product : Fedora 24 Version : 2.5.0 Release : 10.fc24 URL : https://www.qemu.org/ Summary : QEMU is a FAST! processor emulator Description : QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. -------------------------------------------------------------------------------- Update Information: * CVE-2016-2538: Integer overflow in usb module (bz #1305815) * CVE-2016-2841: ne2000: infinite loop (bz #1304047) * CVE-2016-2857: net: out of bounds read (bz #1309564) * CVE-2016-2392: usb: null pointer dereference (bz #1307115) * Fix external snapshot any more after active committing (bz #1300209) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1303120 [ 2 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infiniteloop in ne2000_receive https://bugzilla.redhat.com/show_bug.cgi?id=1303106 [ 3 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() https://bugzilla.redhat.com/show_bug.cgi?id=1296567 [ 4 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1302299 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update qemu' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Mar 27, 2016
•Critical
Fedora
89
security advisorybuffer overflowcriticalFedora 22: 2015-13402 Critical: Qemu Buffer Overflows And Memory Access
* Rebased to version 2.3.1 * Fix crash in qemu_spice_create_display (bz #1163047) * Fix qemu-img map crash for unaligned image (bz #1229394) * CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13402 2015-08-13 14:44:07 -------------------------------------------------------------------------------- Name : qemu Product : Fedora 22 Version : 2.3.1 Release : 1.fc22 URL : https://www.qemu.org/ Summary : QEMU is a FAST! processor emulator Description : QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. -------------------------------------------------------------------------------- Update Information: * Rebased to version 2.3.1 * Fix crash in qemu_spice_create_display (bz #1163047) * Fix qemu-img map crash for unaligned image (bz #1229394) * CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728) * CVE-2015-5158: scsi stack buffer overflow (bz #1246025) * CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141) * CVE-2015-5166: BlockBackend object use after free issue (bz #1249758) * CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160) * CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz#1249755) -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 11 2015 Cole Robinson - 2:2.3.1-1 - Rebased to version 2.3.1 * Tue Aug 11 2015 Cole Robinson - 2:2.3.0-7 - Fix crash in qemu_spice_create_display (bz #1163047) - Fix qemu-img map crash for unaligned image (bz #1229394) - CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536) - CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728) - CVE-2015-5158: scsi stack buffer overflow (bz #1246025) - CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz - CVE-2015-5166: BlockBackend object use after free issue (bz #1249758) - CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160) - CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755) * Mon Jul 20 2015 Richard W.M. Jones - 2:2.3.0-6 - Fix: qemu-img: error while compressing sector : Input/output error (bz #1214855) * Fri Jun 5 2015 Cole Robinson - 2:2.3.0-5 - CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894) * Wed May 13 2015 Cole Robinson - 2:2.3.0-4 - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz -------------------------------------------------------------------------------- References: [ 1 ] Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path https://bugzilla.redhat.com/show_bug.cgi?id=1225882 [ 2 ] Bug #1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function https://bugzilla.redhat.com/show_bug.cgi?id=1229640 [ 3 ] Bug #1244332 - CVE-2015-5158 Qemu: scsi stack buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1244332 [ 4 ] Bug #1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1243563 [ 5 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 6 ] Bug #1251157 - CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial https://bugzilla.redhat.com/show_bug.cgi?id=1251157 [ 7 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update qemu' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 18, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!