Red Hat Security Advisory 2017-2408-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client that was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.
20c3d56cf43f3ca77bafe54885bbe8c3f543e06a0222599d837e53d50155a00dGentoo Linux Security Advisory 201706-3 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.9.0-r2 are affected.
084bb95086af0e33f54d877ff53d4043785b466e5629aaad50cc72dceafea3dcUbuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed