ALT-PU-2017-2421-1
Closed vulnerabilities
BDU:2019-00222
Уязвимость сервера Qemu-NBD эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-04102
Уязвимость компонента io/channel-websock.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-15268
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
- http://www.securityfocus.com/bid/101277
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://bugs.launchpad.net/qemu/+bug/1718964
- https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.securityfocus.com/bid/101277
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://bugs.launchpad.net/qemu/+bug/1718964
- https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2017-7539
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
- http://www.openwall.com/lists/oss-security/2017/07/21/4
- http://www.securityfocus.com/bid/99944
- https://access.redhat.com/errata/RHSA-2017:2628
- https://access.redhat.com/errata/RHSA-2017:3466
- https://access.redhat.com/errata/RHSA-2017:3470
- https://access.redhat.com/errata/RHSA-2017:3471
- https://access.redhat.com/errata/RHSA-2017:3472
- https://access.redhat.com/errata/RHSA-2017:3473
- https://access.redhat.com/errata/RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
- http://www.openwall.com/lists/oss-security/2017/07/21/4
- http://www.securityfocus.com/bid/99944
- https://access.redhat.com/errata/RHSA-2017:2628
- https://access.redhat.com/errata/RHSA-2017:3466
- https://access.redhat.com/errata/RHSA-2017:3470
- https://access.redhat.com/errata/RHSA-2017:3471
- https://access.redhat.com/errata/RHSA-2017:3472
- https://access.redhat.com/errata/RHSA-2017:3473
- https://access.redhat.com/errata/RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19