ALT Linux Team

Package qemu update in c7 on 2017-10-09

ALT-PU-2017-2394-1

Package qemu updated to version 2.5.1.1-alt0.M70C.5 for branch c7 in task 188849.

Closed vulnerabilities

Published: 2017-06-11

BDU:2017-01803

Уязвимость в qemu-nbd эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2017-04-24

BDU:2017-02081

Уязвимость функции megasas_mmio_write эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать неопределенное воздействие

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2017-08-02
Modified: 2025-04-20

CVE-2017-10664

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-08-23
Modified: 2025-04-20

CVE-2017-12809

QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2017-09-01
Modified: 2025-04-20

CVE-2017-13672

QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-08-28
Modified: 2025-04-20

CVE-2017-8380

Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top