ALT-BU-2016-2982-1
Branch p8 update bulletin.
Package NetworkManager updated to version 1.4.0-alt2 for branch p8 in task 169284.
Closed bugs
соединение в беспроводной сетью не устанавливается (сбрасывается)
Package firefox-gost updated to version 45.3.0-alt1 for branch p8 in task 169269.
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Closed vulnerabilities
BDU:2016-02055
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2016-02072
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-4439
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
- [oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
- [oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
- 90760
- 90760
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1337502
- https://bugzilla.redhat.com/show_bug.cgi?id=1337502
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
- [qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
- GLSA-201609-01
- GLSA-201609-01
Modified: 2024-11-21
CVE-2016-4441
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
- [oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
- [oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
- 90762
- 90762
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1337505
- https://bugzilla.redhat.com/show_bug.cgi?id=1337505
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)
- [qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)
- GLSA-201609-01
- GLSA-201609-01
Modified: 2024-11-21
CVE-2016-4453
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
- [oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
- 90928
- USN-3047-1
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1336650
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once
- GLSA-201609-01
- [oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
- GLSA-201609-01
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1336650
- USN-3047-2
- USN-3047-1
- 90928
Modified: 2024-11-21
CVE-2016-4454
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
- [oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
- 90927
- USN-3047-1
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1336429
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length
- GLSA-201609-01
- [oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
- GLSA-201609-01
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1336429
- USN-3047-2
- USN-3047-1
- 90927
Modified: 2024-11-21
CVE-2016-4952
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
- [oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1334384
- https://bugzilla.redhat.com/show_bug.cgi?id=1334384
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
- [qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
Modified: 2024-11-21
CVE-2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
- RHSA-2016:1585
- RHSA-2016:1585
- RHSA-2016:1586
- RHSA-2016:1586
- RHSA-2016:1606
- RHSA-2016:1606
- RHSA-2016:1607
- RHSA-2016:1607
- RHSA-2016:1652
- RHSA-2016:1652
- RHSA-2016:1653
- RHSA-2016:1653
- RHSA-2016:1654
- RHSA-2016:1654
- RHSA-2016:1655
- RHSA-2016:1655
- RHSA-2016:1756
- RHSA-2016:1756
- RHSA-2016:1763
- RHSA-2016:1763
- RHSA-2016:1943
- RHSA-2016:1943
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 92148
- 92148
- 1036476
- 1036476
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- http://xenbits.xen.org/xsa/advisory-184.html
- http://xenbits.xen.org/xsa/advisory-184.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1358359
- https://bugzilla.redhat.com/show_bug.cgi?id=1358359
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update