Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2012-0050

Опубликовано: 23 янв. 2012
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2012-0050: qemu-kvm security, bug fix, and enhancement update (IMPORTANT)

[qemu-kvm-0.12.1.2-2.209.el6_2.4]

  • kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081]
  • Resolves: bz#772081 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z])

[qemu-kvm-0.12.1.2-2.209.el6_2.3]

  • kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721]
  • kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721]
  • CVE: CVE-2011-4127
  • Resolves: bz#767721 (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z])

[qemu-kvm-0.12.1.2-2.209.el6_2.2]

  • kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375]
  • CVE: CVE-2011-4127
  • Resolves: bz#767721 (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3])
  • Resolves: bz#767906 (qemu-kvm should be built with full relro and PIE support)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

qemu-img

0.12.1.2-2.209.el6_2.4

qemu-kvm

0.12.1.2-2.209.el6_2.4

qemu-kvm-tools

0.12.1.2-2.209.el6_2.4

Связанные CVE

CVE-2012-0029

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2012-0029

ubuntu
больше 13 лет назад

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

redhat логотип

CVE-2012-0029

redhat
больше 13 лет назад

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

nvd логотип

CVE-2012-0029

nvd
больше 13 лет назад

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

debian логотип

CVE-2012-0029

debian
больше 13 лет назад

Heap-based buffer overflow in the process_tx_desc function in the e100 ...

github логотип

GHSA-8rxf-mc82-x3wv

github
больше 3 лет назад

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.