ALT Linux Team

Package qemu update in sisyphus on 2015-06-16

ALT-PU-2015-1542-1

Package qemu updated to version 2.3.0-alt3 for branch sisyphus in task 145423.

Closed vulnerabilities

Published: 2015-06-15

BDU:2015-10394

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-06-15

BDU:2015-10395

Уязвимость гипервизора Xen, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-08-26

BDU:2015-11298

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2015-06-15
Modified: 2025-04-12

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-08-26
Modified: 2025-04-12

CVE-2015-4037

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top