2016-08-23
ALT-BU-2016-2946-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2017-01-09
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10124
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (8.6)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
References:
- http://www.openwall.com/lists/oss-security/2014/12/15/5
- http://www.openwall.com/lists/oss-security/2015/09/03/5
- http://www.securityfocus.com/bid/95404
- https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
- https://security.gentoo.org/glsa/201711-09
- http://www.openwall.com/lists/oss-security/2014/12/15/5
- http://www.openwall.com/lists/oss-security/2015/09/03/5
- http://www.securityfocus.com/bid/95404
- https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
- https://security.gentoo.org/glsa/201711-09
Published: 2020-02-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-18641
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Severity: CRITICAL (9.3)
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Closed vulnerabilities
Published: 2016-06-16
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.0)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360
- http://www.openwall.com/lists/oss-security/2016/02/16/2
- http://www.securityfocus.com/bid/83263
- http://www.ubuntu.com/usn/USN-2974-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360
- http://www.openwall.com/lists/oss-security/2016/02/16/2
- http://www.securityfocus.com/bid/83263
- http://www.ubuntu.com/usn/USN-2974-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
Published: 2016-06-01
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Severity: MEDIUM (4.6)
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
- http://rhn.redhat.com/errata/RHSA-2016-1606.html
- http://rhn.redhat.com/errata/RHSA-2016-1607.html
- http://rhn.redhat.com/errata/RHSA-2016-1653.html
- http://rhn.redhat.com/errata/RHSA-2016-1654.html
- http://rhn.redhat.com/errata/RHSA-2016-1655.html
- http://rhn.redhat.com/errata/RHSA-2016-1756.html
- http://rhn.redhat.com/errata/RHSA-2016-1763.html
- http://www.openwall.com/lists/oss-security/2016/05/30/6
- http://www.openwall.com/lists/oss-security/2016/05/30/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/90948
- http://www.ubuntu.com/usn/USN-3047-1
- http://www.ubuntu.com/usn/USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
- https://security.gentoo.org/glsa/201609-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
- http://rhn.redhat.com/errata/RHSA-2016-1606.html
- http://rhn.redhat.com/errata/RHSA-2016-1607.html
- http://rhn.redhat.com/errata/RHSA-2016-1653.html
- http://rhn.redhat.com/errata/RHSA-2016-1654.html
- http://rhn.redhat.com/errata/RHSA-2016-1655.html
- http://rhn.redhat.com/errata/RHSA-2016-1756.html
- http://rhn.redhat.com/errata/RHSA-2016-1763.html
- http://www.openwall.com/lists/oss-security/2016/05/30/6
- http://www.openwall.com/lists/oss-security/2016/05/30/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/90948
- http://www.ubuntu.com/usn/USN-3047-1
- http://www.ubuntu.com/usn/USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
- https://security.gentoo.org/glsa/201609-01
Published: 2016-12-10
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6490
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f
- http://www.openwall.com/lists/oss-security/2016/07/28/4
- http://www.openwall.com/lists/oss-security/2016/07/28/9
- https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
- https://security.gentoo.org/glsa/201609-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f
- http://www.openwall.com/lists/oss-security/2016/07/28/4
- http://www.openwall.com/lists/oss-security/2016/07/28/9
- https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
- https://security.gentoo.org/glsa/201609-01