Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в libvirt / qemu
дополнено с 3 августа 2015 г.
Опубликовано:31 августа 2015 г.
Источник:
SecurityVulns ID:14620
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:QEMU : qemu 2.2
CVE:CVE-2015-5745
 CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.)
 CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.)
 CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.)
 CVE-2015-5158
 CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.)
 CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.)
Оригинальный текстdocumentUBUNTU, [USN-2724-1] QEMU vulnerabilities (31.08.2015)
 documentUBUNTU, [USN-2692-1] QEMU vulnerabilities (03.08.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород