ALT-BU-2021-3760-1
Branch c9f1 update bulletin.
Closed vulnerabilities
BDU:2021-00072
Уязвимость множества функцийи из hw/usb/core.c эмулятора аппаратного обеспечения QEMU, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
- openSUSE-SU-2020:1664
- openSUSE-SU-2020:1664
- https://bugzilla.redhat.com/show_bug.cgi?id=1869201
- https://bugzilla.redhat.com/show_bug.cgi?id=1869201
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- [debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update
- FEDORA-2020-3689b67b53
- FEDORA-2020-3689b67b53
- FEDORA-2020-eeb29955ed
- FEDORA-2020-eeb29955ed
- GLSA-202009-14
- GLSA-202009-14
- GLSA-202011-09
- GLSA-202011-09
- https://security.netapp.com/advisory/ntap-20200924-0006/
- https://security.netapp.com/advisory/ntap-20200924-0006/
- USN-4511-1
- USN-4511-1
- DSA-4760
- DSA-4760
- https://www.openwall.com/lists/oss-security/2020/08/24/2
- https://www.openwall.com/lists/oss-security/2020/08/24/2
- https://www.openwall.com/lists/oss-security/2020/08/24/3
- https://www.openwall.com/lists/oss-security/2020/08/24/3
Package pve-spiceterm updated to version 3.1.1-alt4 for branch c9f1 in task 266336.
Closed bugs
pve-spiceterm
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-27135
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
- 20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology
- 20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology
- [oss-security] 20210210 Re: Re: screen crash processing combining characters
- [oss-security] 20210210 Re: Re: screen crash processing combining characters
- https://access.redhat.com/security/cve/CVE-2021-27135
- https://access.redhat.com/security/cve/CVE-2021-27135
- https://bugzilla.redhat.com/show_bug.cgi?id=1927559
- https://bugzilla.redhat.com/show_bug.cgi?id=1927559
- https://bugzilla.suse.com/show_bug.cgi?id=1182091
- https://bugzilla.suse.com/show_bug.cgi?id=1182091
- https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
- https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
- https://invisible-island.net/xterm/xterm.log.html
- https://invisible-island.net/xterm/xterm.log.html
- [debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update
- [debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update
- FEDORA-2021-e7a8e79fa8
- FEDORA-2021-e7a8e79fa8
- https://news.ycombinator.com/item?id=26524650
- https://news.ycombinator.com/item?id=26524650
- GLSA-202208-22
- GLSA-202208-22
- https://www.openwall.com/lists/oss-security/2021/02/09/7
- https://www.openwall.com/lists/oss-security/2021/02/09/7
- https://www.openwall.com/lists/oss-security/2021/02/09/9
- https://www.openwall.com/lists/oss-security/2021/02/09/9
Closed bugs
Собрать версию > 365 (CVE-2021-27135)