Errata ALT-PU-2017-2394-1: Information
Fixes
Published: June 11, 2017
BDU:2017-01803
Уязвимость в qemu-nbd эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: April 24, 2017
BDU:2017-02081
Уязвимость функции megasas_mmio_write эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать неопределенное воздействие
Severity: HIGH (7.5)
Links:
Published: Aug. 2, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE
- https://bugzilla.redhat.com/show_bug.cgi?id=1466190
- 99513
- [oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
- DSA-3920
- RHSA-2017:3474
- RHSA-2017:3473
- RHSA-2017:3472
- RHSA-2017:3471
- RHSA-2017:3470
- RHSA-2017:3466
- RHSA-2017:2445
- RHSA-2017:2390
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
Published: Aug. 23, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-12809
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: Sept. 1, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions
- https://bugzilla.redhat.com/show_bug.cgi?id=1486560
- [oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update
- 100540
- DSA-3991
- USN-3575-1
- RHSA-2018:1104
- RHSA-2018:0816
- RHSA-2018:1113
- RHSA-2018:2162
- openSUSE-SU-2019:1074
Published: Aug. 28, 2017
Modified: Sept. 6, 2017
Modified: Sept. 6, 2017
CVE-2017-8380
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links: