ALT Linux Team

Package qemu update in sisyphus on 2014-08-05

ALT-PU-2014-1987-1

Package qemu updated to version 2.1.0-alt1 for branch sisyphus in task 126888.

Closed vulnerabilities

Published: 2014-04-18

BDU:2015-00048

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая злоумышленнику вызвать отказ в обслуживании хостовой операционной системы или выполнить произвольный код

Severity: MEDIUM (4.9) Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P
References:
Published: 2017-08-10
Modified: 2025-04-20

CVE-2014-0142

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2014-04-18
Modified: 2025-04-12

CVE-2014-0150

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

Severity: MEDIUM (4.9) Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P
References:
Published: 2020-01-23
Modified: 2024-11-21

CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top