Download
| Alert*
oval:org.secpod.oval:def:502216
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:1500304 Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which g ... oval:org.secpod.oval:def:203470 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s VGA emulator accessed frame buffer memory for high resolution displays. A ... oval:org.secpod.oval:def:203255 qemu-guest-agent is installed oval:org.secpod.oval:def:89003357 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ... oval:org.secpod.oval:def:89003212 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ... oval:org.secpod.oval:def:1500565 Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:89045344 This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed: - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet . - CVE-201 ... oval:org.secpod.oval:def:1500686 Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500620 An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host wi ... oval:org.secpod.oval:def:1500214 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500189 Updated qemu-kvm packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:203369 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ... oval:org.secpod.oval:def:1504739 qemu-kvm [4.2.0-34.el8_3.4] - kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch [bz#1919109] - kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch [bz#1919109] - kvm-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch [bz#1919109] - Resolves: bz#1919109 oval:org.secpod.oval:def:2500454 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89003267 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation . - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp . - CVE-2018-19489: Fixed a denial of ser ... oval:org.secpod.oval:def:202438 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges ... oval:org.secpod.oval:def:202894 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent created certain files with world-writable permissions when run in daemon mode . An unprivileged guest user ... oval:org.secpod.oval:def:501077 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissi ... oval:org.secpod.oval:def:203344 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virti ... oval:org.secpod.oval:def:202930 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissi ... oval:org.secpod.oval:def:203396 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ... oval:org.secpod.oval:def:203732 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:203618 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ... oval:org.secpod.oval:def:203797 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU"s AMD PC-Net II Ethernet Controller emulation received certa ... oval:org.secpod.oval:def:501738 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU"s AMD PC-Net II Ethernet Controller emulation received certa ... oval:org.secpod.oval:def:1501288 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. oval:org.secpod.oval:def:203835 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU"s Firmware Configuration device emulation processed certain f ... oval:org.secpod.oval:def:204678 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ... oval:org.secpod.oval:def:501135 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found ... oval:org.secpod.oval:def:507657 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm . Security Fix: ... oval:org.secpod.oval:def:89050266 This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu routine while emulating IRC and other protocols . - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation . - CVE-2020-1711: Fixed an ... oval:org.secpod.oval:def:89050506 This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . Non-security issues fixed: - Fixed an issue where limiting the memory bandwidth was not possible . - Fixed the issue that s390x could not read IPL channe ... oval:org.secpod.oval:def:89050230 This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device support infrastructure . - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation . - CVE-2020-13659: Fixed a null pointer dereference possibilit ... oval:org.secpod.oval:def:89050233 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets . - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs . - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device . - CVE-2020-24352: Fixed an ... oval:org.secpod.oval:def:89050551 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ... oval:org.secpod.oval:def:89050788 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ... oval:org.secpod.oval:def:1506676 [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 - Resolves: bz#2156876 [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz ... oval:org.secpod.oval:def:1500595 Updated qemu-kvm packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1500648 Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on th ... oval:org.secpod.oval:def:501337 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ... oval:org.secpod.oval:def:502735 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89049777 This update for qemu fixes the following issues: Security issue fixed: - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations . Non-security issue fixed: - Fixed serial console issue in SLES 12 SP2 that triggered a qemu-kvm bug . oval:org.secpod.oval:def:1500765 An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. oval:org.secpod.oval:def:500882 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges ... oval:org.secpod.oval:def:1503692 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500092 Updated qemu-kvm packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:501065 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent created certain files with world-writable permissions when run in daemon mode . An unprivileged guest user ... oval:org.secpod.oval:def:501016 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and ... oval:org.secpod.oval:def:202606 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and ... oval:org.secpod.oval:def:501761 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU"s Firmware Configuration device emulation processed certain f ... oval:org.secpod.oval:def:203640 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A p ... oval:org.secpod.oval:def:501657 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:501424 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s VGA emulator accessed frame buffer memory for high resolution displays. ... oval:org.secpod.oval:def:203983 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was ... oval:org.secpod.oval:def:501667 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ... oval:org.secpod.oval:def:203624 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:203749 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ... oval:org.secpod.oval:def:501315 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s IDE device driver handled the execution of SMART EXECUTE OFFLINE com ... oval:org.secpod.oval:def:204098 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ... oval:org.secpod.oval:def:1501178 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:1501196 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ... oval:org.secpod.oval:def:501364 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ... oval:org.secpod.oval:def:1501015 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:204443 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ... oval:org.secpod.oval:def:204447 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerabl ... oval:org.secpod.oval:def:501267 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block dri ... oval:org.secpod.oval:def:1501032 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A pr ... oval:org.secpod.oval:def:501560 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ... oval:org.secpod.oval:def:501567 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:89044958 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS . - CVE-2017-5857: The Virtio GPU Device em ... oval:org.secpod.oval:def:501574 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A p ... oval:org.secpod.oval:def:1501001 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ... oval:org.secpod.oval:def:1501778 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potent ... oval:org.secpod.oval:def:501983 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ... oval:org.secpod.oval:def:1501807 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU ... oval:org.secpod.oval:def:501821 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ... oval:org.secpod.oval:def:502000 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ... oval:org.secpod.oval:def:1501473 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:1501544 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:1501786 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501859 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was ... oval:org.secpod.oval:def:501984 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerabl ... oval:org.secpod.oval:def:1505295 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000312 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code . - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation . - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . ... oval:org.secpod.oval:def:89000321 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code . - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation . - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . ... oval:org.secpod.oval:def:1503048 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503049 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000498 This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu routine while emulating IRC and other protocols . - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation . - CVE-2020-1711: Fixed an ... oval:org.secpod.oval:def:89000630 This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . Non-security issue fixed: - Fixed an issue where limiting the memory bandwidth was not possible . - Miscellaneous fixes to the in-package support documen ... oval:org.secpod.oval:def:205689 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: usb: out-of-bounds r/w access issue while processing usb packets For more ... oval:org.secpod.oval:def:89000094 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect . - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code ... oval:org.secpod.oval:def:89000279 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect . - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code ... oval:org.secpod.oval:def:2600398 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. oval:org.secpod.oval:def:89044809 This update for qemu fixes the following issues: Security issues fixed: * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support * CVE-2017-11334: Fix OOB access during DMA operation * CVE-2017-11434: Fix OOB ac ... oval:org.secpod.oval:def:89002165 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ... oval:org.secpod.oval:def:205372 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams * QEMU ... oval:org.secpod.oval:def:89044823 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service by leveraging an incorrect return value . - CVE-2017-8379: Memory leak in the keyboard input event handlers support allo ... oval:org.secpod.oval:def:1501854 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502150 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:204765 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: cirrus: OOB access issue in mode4and5 write functions For more details abo ... oval:org.secpod.oval:def:502032 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ... oval:org.secpod.oval:def:89049595 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ... oval:org.secpod.oval:def:89049661 This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS These non-security issues were fixed: - Al ... oval:org.secpod.oval:def:89003411 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation . - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp . - CVE-2018-19489: Fixed a denial of ser ... oval:org.secpod.oval:def:89002316 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ... oval:org.secpod.oval:def:89044675 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c . - CVE-2017-9524: The qemu-nbd server when built with the Network Bloc ... oval:org.secpod.oval:def:89044659 This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 . These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, ... oval:org.secpod.oval:def:502247 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: cirrus: OOB access issue in mode4and5 write functions For more details abo ... oval:org.secpod.oval:def:204491 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ... oval:org.secpod.oval:def:89003104 This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp - CVE-2018-19489: Fixed a Denial-of-Service in virtfs - CVE-20 ... oval:org.secpod.oval:def:1502682 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89047400 This update for qemu fixes the following issues: - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash . oval:org.secpod.oval:def:89047511 This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd . - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device . Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline . - Included ... oval:org.secpod.oval:def:4501157 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:89045528 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc - NULL pointer dereference in ESP - NULL pointer dereference issue in megasas-gen2 host bus adapter - eepro100: stack overflow via infinite recursion - usb: unbounded ... oval:org.secpod.oval:def:1505670 qemu-kvm [4.2.1.16.el8] - Document CVE-2021-4145 as fixed [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently - migration: Introduce ram_transferred_add - ACPI ERST: specification for ERST support - ACPI ERST: step 6 of bios-tables-test.c - ... oval:org.secpod.oval:def:89047120 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc - NULL pointer dereference in ESP - NULL pointer dereference issue in megasas-gen2 host bus adapter - eepro100: stack overflow via infinite recursion - usb: unbounded ... oval:org.secpod.oval:def:89047116 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS device emulation - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd - Fix ... oval:org.secpod.oval:def:2500580 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89047101 This update for qemu fixes the following issues: - CVE-2021-3546: Fixed out-of-bounds write in virgl_cmd_get_capset . - CVE-2021-3544: Fixed memory leaks found in the virtio vhost-user GPU device . - CVE-2021-3545: Fixed information disclosure due to uninitialized memory read . oval:org.secpod.oval:def:89045105 This update for qemu fixes the following issues: - CVE-2021-3595: Fixed an invalid pointer initialization may lead to information disclosure . - CVE-2021-3592: Fixed an invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed an invalid pointer initialization may ... oval:org.secpod.oval:def:89045115 This update for qemu fixes the following issues: Security fixes: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure - CVE-2021-3594: Fix for slirp: inval ... oval:org.secpod.oval:def:89047115 This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma - CVE-2021-3607: Ensure correct input on ring init - CVE-2021-3608: Fix the ring init error flow - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow oval:org.secpod.oval:def:509077 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89049335 This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files in 9pfs . * CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net . * CVE-2023-3255: Fixed infinite loop in inflate_buffer leads to denial of service . oval:org.secpod.oval:def:1701933 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead . This could be used, for example, by L2 guests with a virtual disk stored on a virtual disk of an L1 hypervisor to read and/or write data to LBA 0 of vdiskL1, potenti ... oval:org.secpod.oval:def:89051240 This update for qemu fixes the following issues: * CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt * CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request * CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake * [openSUSE] roms/ ... oval:org.secpod.oval:def:1505685 hivex [1.3.18-23] - Limit recursion in ri-records resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ... oval:org.secpod.oval:def:4500929 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:507826 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1506767 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:4501380 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1506326 hivex libguestfs [1.40.2-28.0.4] - v2v: Cope with libvirt vpx/esx driver which does not set [Orabug: 34026544] [1.40.2-28.0.3] - virt-v2v: Specify backing file format to qemu-img command [Orabug: 33906330] - Require "kernel-uek" RPM for installation instead of "kernel" [Orabug: 33986812] [1.40.2-28. ... oval:org.secpod.oval:def:1505420 libguestfs-winsupport [8.2] - Resolves: bz#1810193 libguestfs [1.40.2-28.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.40.2-28] - daemon: lvm: Use lvcreate --yes to avoid i ... oval:org.secpod.oval:def:506505 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:2500506 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:4501389 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1505231 libvirt [6.0.0-35.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:74239 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:68020 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1505306 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504698 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:507717 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1506733 hivex libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] ... oval:org.secpod.oval:def:4500038 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89048616 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read . * CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext . * CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd . Bugfixes: * Fi ... oval:org.secpod.oval:def:89047086 This update for qemu fixes the following issues: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream - Fix OOB access in sdhci interface - Fix potential privilege escalation in virtiofsd tool - Fix OOB access in rtl8139 NIC emulation - Fix heap ... oval:org.secpod.oval:def:4500940 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:89048604 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt . * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length . * CVE ... oval:org.secpod.oval:def:2600036 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. oval:org.secpod.oval:def:4500971 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:89048513 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation that can lead to out-of- bounds read in qxl_phys2virt . oval:org.secpod.oval:def:89048629 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt . * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . The following non-security bugs were fixed: * Fix bsc#1202364. * Introd ... oval:org.secpod.oval:def:89047775 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash oval:org.secpod.oval:def:5800100 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm . Security Fix: ... oval:org.secpod.oval:def:507382 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm . Security Fix: ... oval:org.secpod.oval:def:506291 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89048930 This update for qemu fixes the following issues: * CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout in hw/scsi/lsi53c895a.c . * CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue . * CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor . * CVE ... oval:org.secpod.oval:def:1505427 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89048487 This update for qemu fixes the following issues: * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length . oval:org.secpod.oval:def:1506406 libvirt [8.0.0-10.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 oval:org.secpod.oval:def:1506145 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 [1.3.18] - Resolves: bz#1810193 [1.3.18] - Resolves: bz#1810193 [1.3.15-7] - Rebuild all virt packages to fix RHEL"s upgrade path - Resolves: rhbz#1695587 [1.3.15-6] - Drop hivex-static subpackage resolves: r ... oval:org.secpod.oval:def:1505063 hivex [1.3.18-21] - Bounds check for block exceeding page length resolves: rhbz#1950501 libvirt [6.0.0-35.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 = 1:10.2.5 - Disable parallel builds [6.0.0-35.1.el8] - network: make it safe to call netwo ... oval:org.secpod.oval:def:89047358 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed integer overflow in cursor_alloc can lead to heap buffer over ... oval:org.secpod.oval:def:89048567 This update for qemu fixes the following issues: * bsc#1172033 * bsc#1180207 * bsc#1172382 * bsc#1198038 * bsc#1193880 * bsc#1197653 * bsc#1205808 , bsc#1198712 * bsc#1175144 , bsc#1185000 , bsc#1201367, CVE-2022-35414 * About bsc#1175144, see also bsc#1182282 * bsc#1198035, CVE-2021-4206 oval:org.secpod.oval:def:1505866 [6.2.0-11.el9_0.3] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102] - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635] - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640] - Resolves: bz#2071102 - Resolves: bz#2075635 - ... oval:org.secpod.oval:def:89047702 This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. - CVE-2021-4207: Fixed a double fetch in qxl_cursor ... oval:org.secpod.oval:def:1506173 libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] - Obs ... oval:org.secpod.oval:def:1505761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:4501202 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:1506463 libvirt [5.7.0-38.el8] - qemu: Don"t report spurious errors from vCPU tid validation on hotunplug timeout [Orabug: 34826758] - security: fix SELinux label generation logic [Orabug: 34773029] {CVE-2021-3631} - qemu: Set default qdisc before setting bandwidth [Orabug: 34724925] - qemu: Taint cpu ho ... oval:org.secpod.oval:def:2500706 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:2600110 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. oval:org.secpod.oval:def:507453 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:507336 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:2500267 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:87138 [7.0.0-13] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546] - Resolves: bz#2117546 [7.0.0-12] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275] - kvm-vhost-Get-vring-base-from-vq- ... oval:org.secpod.oval:def:89047690 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2022-26353: Fixed map leaking on error during receive - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed ... oval:org.secpod.oval:def:1505454 qemu-kvm [4.2.0-59.el8_5] - kvm-hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-allowed-in-MODE.patch [bz#2025605] - kvm-e1000-fix-tx-re-entrancy-problem.patch [bz#2025011] - Resolves: bz#2025605 - Resolves: bz#2025011 oval:org.secpod.oval:def:4501250 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the ... oval:org.secpod.oval:def:89044202 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ... oval:org.secpod.oval:def:2500263 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89050697 This update for qemu fixes the following issues: qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. Security issues fixed: - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulati ... oval:org.secpod.oval:def:89003053 This update for qemu fixes the following issues: - Remove a backslash (\) escape character from 80-qemu-ga.rules Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character. - Fix use-after-free in slirp - Fix potential DOS i ... oval:org.secpod.oval:def:89050663 This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp - Fix potential DOS in lsi scsi controller emulation - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerabil ... oval:org.secpod.oval:def:1502504 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89003173 This update for qemu fixes the following issues: - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature quot;md-clearquot; oval:org.secpod.oval:def:502713 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * A flaw was found in the implementation of the "fill buffer", a mechanis ... oval:org.secpod.oval:def:502714 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:89003099 This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue - CVE-2019-3812: Fixed OOB memory access and information l ... oval:org.secpod.oval:def:89003091 This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2018-20815: Fix DOS possibility in device tree processing - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature quot;md-cl ... oval:org.secpod.oval:def:205204 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * A flaw was found in the implementation of the "fill buffer", a mechanis ... oval:org.secpod.oval:def:89050620 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue - CVE-2019-3812: Fixed OOB memory a ... oval:org.secpod.oval:def:502296 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:204854 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:1502099 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002408 This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS . - CVE-2018-11806: Prevent heap-based b ... oval:org.secpod.oval:def:1502271 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002451 This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl featur ... oval:org.secpod.oval:def:502333 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:1502229 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002437 This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling b ... oval:org.secpod.oval:def:89049622 This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams . - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 . - CVE-2018-7550: F ... oval:org.secpod.oval:def:89043990 This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests . Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writ ... oval:org.secpod.oval:def:204808 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:1506667 [6.1.1-6.el9] - Update changelog [Orabug: 35343538] - ebpf: fix compatibility with libbpf 1.0+ [Orabug: 35268538] - ebpf: replace deprecated bpf_program__set_socket_filter [Orabug: 35268538] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: d ... oval:org.secpod.oval:def:89049163 This update for qemu fixes the following issues: * CVE-2021-4207: Fixed double fetch in qxl_cursor that could lead to heap buffer overflow . * CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow . * CVE-2023-2861: Fixed improper access control on special files . oval:org.secpod.oval:def:1506773 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.1.1-6-el8] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding [Orabug: 35304723] - ... oval:org.secpod.oval:def:89049413 This update for qemu fixes the following issues: * CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. * CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2020-13754: Fixed ... oval:org.secpod.oval:def:89049568 This update for qemu fixes the following issues: * CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. * CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2020-13754: Fixed ... oval:org.secpod.oval:def:89049321 This update for qemu fixes the following issues: * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. * CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_ ... oval:org.secpod.oval:def:1506723 hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-40] - build: change dependency to allow post install erasing of /usr/bin/nc [Orabug: 35289777] - util: Make virFileClose quiet on success [Orabug: 35090886] [5.7.0-39] - exadata: update maxvcpus for vNUMA only [Orabug: 34863357 ... oval:org.secpod.oval:def:89049184 This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present . * CVE-2023-0330: Fixed reentrancy issues in the LSI controller . * CVE-2023-2861: Fixed opening special files in 9pfs . * CVE-2023-3255: Fixed infinite ... oval:org.secpod.oval:def:89050951 This update for qemu fixes the following issues: * CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device . * CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free . * CVE-2021-3638: Fixed a buffer overflow in the ati-vga device . * CVE-2023-3354: ... oval:org.secpod.oval:def:89051732 This update for qemu fixes the following issues: * CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value . * CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command . * CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx . * CVE-2023-1544: Fix ... oval:org.secpod.oval:def:89051796 This update for qemu fixes the following issues: * CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest * CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request * CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command * CVE-2024-344 ... oval:org.secpod.oval:def:89051798 This update for qemu fixes the following issues: * CVE-2021-3750: Fixed DMA reentrancy issue that could lead to use-after-free * CVE-2022-0216: Fixed use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c * CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow * CV ... |