Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-1585

Опубликовано: 09 авг. 2016
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2016-1585: qemu-kvm security update (MODERATE)

[0.12.1.2-2.491.el6_8.3]

  • kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359724]
  • Resolves: bz#1359724 (EMBARGOED CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-6.8.z])

[0.12.1.2-2.491.el6_8.2]

  • kvm-vga-add-sr_vbe-register-set.patch [bz#1347192]
  • Resolves: bz#1347192 (Regression from CVE-2016-3712: windows installer fails to start)

[0.12.1.2-2.491.el6_8.1]

  • kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407]
  • kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407]
  • kvm-vga-use-constants-from-vga.h.patch [bz#1331407]
  • kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407]
  • kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407]
  • kvm-vga-add-vbe_enabled-helper.patch [bz#1331407]
  • kvm-vga-factor-out-vga-register-setup.patch [bz#1331407]
  • kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407]
  • kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407]
  • Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z])

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

qemu-guest-agent

0.12.1.2-2.491.el6_8.3

qemu-img

0.12.1.2-2.491.el6_8.3

qemu-kvm

0.12.1.2-2.491.el6_8.3

qemu-kvm-tools

0.12.1.2-2.491.el6_8.3

Oracle Linux i686

qemu-guest-agent

0.12.1.2-2.491.el6_8.3

Связанные CVE

CVE-2016-5403

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2016-5403

CVSS3: 5.5
ubuntu
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

redhat логотип

CVE-2016-5403

CVSS3: 3.4
redhat
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

nvd логотип

CVE-2016-5403

CVSS3: 5.5
nvd
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

debian логотип

CVE-2016-5403

CVSS3: 5.5
debian
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...

github логотип

GHSA-w9gj-prpq-pxm9

CVSS3: 5.5
github
больше 3 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.