Download
| Alert*
oval:org.secpod.oval:def:66753
Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service. CVE-2020-14364 An out-of-bands write in the USB emulation code may result in guest-to-host code execution. CVE-2020-15863 A buf ... oval:org.secpod.oval:def:67117 qemu: Machine emulator and virtualizer QEMU could be made to crash or run programs. oval:org.secpod.oval:def:67391 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89050233 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets . - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs . - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device . - CVE-2020-24352: Fixed an ... oval:org.secpod.oval:def:118684 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118709 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:605007 Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service. CVE-2020-14364 An out-of-bands write in the USB emulation code may result in guest-to-host code execution. CVE-2020-15863 A buf ... oval:org.secpod.oval:def:89000222 This update for qemu fixes the following issues: - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation . - CVE-2020-14364: Fixed an OOB access while processing USB packets . - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs . - CVE ... oval:org.secpod.oval:def:69549 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:504357 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: usb: out-of-bounds r/w access issue while processing usb packets * QEMU: s ... oval:org.secpod.oval:def:504363 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: usb: out-of-bounds r/w access issue while processing usb packets For more ... oval:org.secpod.oval:def:1503048 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503049 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705631 qemu: Machine emulator and virtualizer QEMU could be made to crash or run programs. oval:org.secpod.oval:def:89000297 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path - CVE-2020-25604: Fixed a race condition when migrating t ... oval:org.secpod.oval:def:205689 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: usb: out-of-bounds r/w access issue while processing usb packets For more ... oval:org.secpod.oval:def:504334 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix: * QEMU: usb: out-o ... oval:org.secpod.oval:def:89000209 This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers - CVE-2020-25597: Fixed an issue where a valid event channels may no ... oval:org.secpod.oval:def:1700514 A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib"s data object. This allocated memory is not freed upon disconnection, resultin ... oval:org.secpod.oval:def:1503059 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000447 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path - CVE-2020-25604: Fixed a race condition when migrating t ... oval:org.secpod.oval:def:205678 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: usb: out-of-bounds r/w access issue while processing usb packets * QEMU: s ... oval:org.secpod.oval:def:2500062 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1601209 qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service by leveraging mishandling of the seccomp policy for threads other than the main thread. A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip ... oval:org.secpod.oval:def:89044379 This update for qemu fixes the following issues: - Fix OOB access during mmio operations - Fix sPAPR emulator leaks the host hardware identity - Fix out-of-bounds read information disclosure in icmp6_send_echoreply - Fix out-of-bound heap buffer access via an interrupt ID field - For the record, ... oval:org.secpod.oval:def:1504760 [15:4.2.1-4.el7] - Document CVE-2020-25723 as fixed [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors [Orabug: 32217570] - libslirp: Update version ... oval:org.secpod.oval:def:89044451 This update for qemu fixes the following issues: - Fix OOB access during mmio operations - Fix out-of-bounds read information disclosure in icmp6_send_echoreply - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: oval:org.secpod.oval:def:89047086 This update for qemu fixes the following issues: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream - Fix OOB access in sdhci interface - Fix potential privilege escalation in virtiofsd tool - Fix OOB access in rtl8139 NIC emulation - Fix heap ... oval:org.secpod.oval:def:89044447 This update for qemu fixes the following issues: - Fix OOB access during mmio operations - Fix out-of-bounds read information disclosure in icmp6_send_echoreply - Fix out-of-bound heap buffer access via an interrupt ID field - For the record, these issues are fixed in this package already. Most a ... oval:org.secpod.oval:def:89044405 This update for qemu fixes the following issues: - Fix OOB access during mmio operations - Fix out-of-bounds read information disclosure in icmp6_send_echoreply - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: oval:org.secpod.oval:def:89049531 This update for qemu fixes the following issues: - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply - Fix issue where s390 guest fails to find zipl boot menu index - QEMU BIOS fails t ... oval:org.secpod.oval:def:89044389 This update for qemu fixes the following issues: - Fix out-of-bounds access issue while doing multi block SDMA - Fix out-of-bounds read information disclosure in icmp6_send_echoreply - QEMU BIOS fails to read stage2 loader on s390x - Change dependency from CONFIG_VFIO back to CONFIG_LINUX - For ... oval:org.secpod.oval:def:89044339 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:89044446 This update for qemu fixes the following issues: - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply oval:org.secpod.oval:def:89044202 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:89044350 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:89044349 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:89044340 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:89044183 This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm501_2d_operation in hw/display/sm501.c - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet hand ... oval:org.secpod.oval:def:89000559 This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers - CVE-2020-25597: Fixed an issue where a valid event channels may no ... oval:org.secpod.oval:def:89000368 This update for xen fixes the following issues: - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling aka quot;CrossTalkquot; - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets . - CVE-2020-15565: Fixed an issue cache write . - CVE-2020-15567: ... |