ALT-PU-2024-10230-2
Closed vulnerabilities
BDU:2024-00308
Уязвимость функции qemu_clipboard_request() встроенного сервера VNC эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-6683
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
Modified: 2024-11-21
CVE-2024-4467
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
- http://www.openwall.com/lists/oss-security/2024/07/23/2
- RHSA-2024:4276
- RHSA-2024:4276
- RHSA-2024:4277
- RHSA-2024:4277
- RHSA-2024:4278
- RHSA-2024:4278
- RHSA-2024:4372
- RHSA-2024:4372
- RHSA-2024:4373
- RHSA-2024:4373
- RHSA-2024:4374
- RHSA-2024:4374
- RHSA-2024:4420
- RHSA-2024:4420
- RHSA-2024:4724
- RHSA-2024:4724
- RHSA-2024:4727
- RHSA-2024:4727
- https://access.redhat.com/security/cve/CVE-2024-4467
- https://access.redhat.com/security/cve/CVE-2024-4467
- RHBZ#2278875
- RHBZ#2278875
- https://security.netapp.com/advisory/ntap-20240822-0005/
Closed bugs
/lib/udev/rules.d/90-qemu-guest-agent.rules содержит синтаксические ошибки