Lucene search
DebianDEBIAN:DSA-2933-1:97BFBHistoryMay 19, 2014 - 1:21 p.m.
[SECURITY] [DSA 2933-1] qemu-kvm security update
2014-05-1913:21:10
lists.debian.org
15
0.0004 Low
EPSS
Percentile
5.1%
Debian Security Advisory DSA-2933-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
May 19, 2014 http://www.debian.org/security/faq
Package : qemu-kvm
CVE ID : CVE-2013-4344 CVE-2014-2894
Debian Bug : 745157 725944
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.
CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU,
when a SCSI controller has more than 256 attached devices, allows
local users to gain privileges via a small transfer buffer in a
REPORT LUNS command.
CVE-2014-2894
Off-by-one error in the cmd_smart function in the smart self test in
hw/ide/core.c in QEMU allows local users to have
unspecified impact via a SMART EXECUTE OFFLINE command that triggers
a buffer underflow and memory corruption.
For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6+deb7u3.
We recommend that you upgrade your qemu-kvm packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | all | qemu-kvm | < 1.1.2+dfsg-6+deb7u3 | qemu-kvm_1.1.2+dfsg-6+deb7u3_all.deb |
| Debian | 7 | s390x | qemu | < 1.1.2+dfsg-6a+deb7u3 | qemu_1.1.2+dfsg-6a+deb7u3_s390x.deb |
| Debian | 7 | all | qemu | < 1.1.2+dfsg-6a+deb7u3 | qemu_1.1.2+dfsg-6a+deb7u3_all.deb |
| Debian | 7 | mips | qemu-user | < 1.1.2+dfsg-6a+deb7u3 | qemu-user_1.1.2+dfsg-6a+deb7u3_mips.deb |
| Debian | 7 | mipsel | qemu-utils | < 1.1.2+dfsg-6a+deb7u3 | qemu-utils_1.1.2+dfsg-6a+deb7u3_mipsel.deb |
| Debian | 7 | ia64 | qemu-user-static | < 1.1.2+dfsg-6a+deb7u3 | qemu-user-static_1.1.2+dfsg-6a+deb7u3_ia64.deb |
| Debian | 7 | ia64 | qemu-user | < 1.1.2+dfsg-6a+deb7u3 | qemu-user_1.1.2+dfsg-6a+deb7u3_ia64.deb |
| Debian | 7 | kfreebsd-amd64 | qemu-system | < 1.1.2+dfsg-6a+deb7u3 | qemu-system_1.1.2+dfsg-6a+deb7u3_kfreebsd-amd64.deb |
| Debian | 7 | kfreebsd-amd64 | qemu-utils | < 1.1.2+dfsg-6a+deb7u3 | qemu-utils_1.1.2+dfsg-6a+deb7u3_kfreebsd-amd64.deb |
| Debian | 7 | armel | qemu | < 1.1.2+dfsg-6a+deb7u3 | qemu_1.1.2+dfsg-6a+deb7u3_armel.deb |
Related
openvas
openvas
Debian Security Advisory DSA 2932-1 (qemu - security update)
2014-05-19 00:00:00
Debian Security Advisory DSA 2933-1 (qemu-kvm - security update)
2014-05-19 00:00:00
Debian: Security Advisory (DSA-2932-1)
2014-05-18 00:00:00
nessus
nessus
Debian DSA-2932-1 : qemu - security update
2014-05-20 00:00:00
Debian DSA-2933-1 : qemu-kvm - security update
2014-05-20 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2013-1553)
2013-11-29 00:00:00
debian
debian
[SECURITY] [DSA 2932-1] qemu security update
2014-05-19 09:47:59
[SECURITY] [DSA 2933-1] qemu-kvm security update
2014-05-19 13:21:10
[SECURITY] [DSA 2932-1] qemu security update
2014-05-19 09:47:59
osv
osv
qemu-kvm - security update
2014-05-19 00:00:00
qemu - security update
2014-05-19 00:00:00
mageia
mageia
Updated qemu package fixes security vulnerability
2013-11-22 22:49:20
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
cve
cve
CVE-2013-4344
2013-10-04 17:55:09
CVE-2014-2894
2014-04-23 15:55:05
fedora
fedora
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 17:09:01
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 07:06:04
[SECURITY] Fedora 20 Update: qemu-1.6.0-10.fc20
2013-10-15 06:37:36
redhat
redhat
centos
centos
qemu security update
2013-11-26 13:32:44
qemu security update
2014-06-11 11:37:18
xen
xen
qemu SCSI REPORT LUNS buffer overflow
2013-10-02 15:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:30
Arbitrary Code Execution
2019-05-02 04:58:38
Memory Corruption
2019-05-02 04:58:38
debiancve
debiancve
CVE-2013-4344
2013-10-04 17:55:09
CVE-2014-2894
2014-04-23 15:55:05
cvelist
cvelist
CVE-2013-4344
2013-10-04 17:00:00
CVE-2014-2894
2014-04-23 14:00:00
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2013-11-21 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security and bug fix update
2014-06-10 00:00:00
prion
prion
Buffer overflow
2013-10-04 17:55:00
Memory corruption
2014-04-23 15:55:00
nvd
nvd
CVE-2013-4344
2013-10-04 17:55:09
CVE-2014-2894
2014-04-23 15:55:05
ubuntucve
ubuntucve
CVE-2013-4344
2013-10-04 00:00:00
CVE-2014-2894
2014-04-23 00:00:00
securityvulns
securityvulns
[USN-2092-1] QEMU vulnerabilities
2014-02-01 00:00:00
QEMU / Xen multiple security vulnerabilities
2014-02-01 00:00:00
[USN-2182-1] QEMU vulnerabilities
2014-05-04 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-01-30 00:00:00
QEMU vulnerabilities
2014-04-28 00:00:00
suse
suse
Security update for kvm (important)
2014-05-08 19:04:16
xen: security and bugfix update (important)
2014-10-09 13:09:07
xen: security and bugfix update (important)
2014-10-09 13:04:44
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00