Red Hat Security Advisory 2018-1104-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev. Issues addressed include buffer overflow, denial of service, randomization, and use-after-free vulnerabilities.
2cb26bd50990ca14d9d5a77af055d6edafcdcafbffd3b470bbe2f59d39ce1103Red Hat Security Advisory 2018-0816-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include randomization and use-after-free vulnerabilities.
2c9f96ba315d91d39a5a0320528c8af8d54b7aef8ad73fb28abf0584bfb86101Ubuntu Security Notice 3575-2 - USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
9552b2912301778a8c60092d6adbf1e844f5f2e13f1985b94b4fe06b63c2559cUbuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.
9216cd38d1a355f9c315588c2a43b7eb0867dc1c8b82f16c2edab968fb6683e4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed