Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201210-04
HistoryOct 18, 2012 - 12:00 a.m.

qemu-kvm: Multiple vulnerabilities

2012-10-1800:00:00
Gentoo Foundation
security.gentoo.org
11

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

Background

qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.

Description

Multiple vulnerabilities have been discovered in qemu-kvm. Please review the CVE identifiers referenced below for details.

Impact

These vulnerabilities allow a remote attacker to cause a Denial of Service condition on the host server or qemu process, might allow for arbitrary code execution or a symlink attack when qemu-kvm is in snapshot mode.

Workaround

There is no known workaround at this time.

Resolution

All qemu-kvm users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-kvm-1.1.1-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-emulation/qemu-kvm< 1.1.1-r1UNKNOWN

Related

nessus 49
openvas 62
ubuntu 4
suse 4
redhat 5
oraclelinux 6
fedora 8
debian 9
securityvulns 9
prion 6
ubuntucve 6
debiancve 2
cvelist 6
nvd 6
cve 6
veracode 5
osv 4
centos 2
nessus
nessus
GLSA-201210-04 : qemu-kvm: Multiple vulnerabilities
2012-10-19 00:00:00
SuSE 11.1 Security Update : kvm (SAT Patch Number 4574)
2011-05-25 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x x86_64
2012-08-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201210-04 (ebuild)
2012-10-22 00:00:00
Gentoo Security Advisory GLSA 201210-04 (ebuild)
2012-10-22 00:00:00
Ubuntu Update for qemu-kvm USN-1145-1
2011-06-20 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2011-06-09 00:00:00
QEMU vulnerabilities
2011-07-06 00:00:00
QEMU vulnerability
2012-08-02 00:00:00
suse
suse
Security update for KVM (critical)
2011-07-19 07:08:26
kvm (important)
2011-07-19 05:08:14
Security update for kvm (important)
2012-09-18 15:08:34
redhat
redhat
(RHSA-2011:0919) Important: qemu-kvm security and bug fix update
2011-07-05 00:00:00
(RHSA-2011:0534) Important: qemu-kvm security, bug fix, and enhancement update
2011-05-19 00:00:00
(RHSA-2012:0370) Important: xen security and bug fix update
2012-03-07 00:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2011-07-05 00:00:00
qemu-kvm security, bug fix, and enhancement update
2011-05-28 00:00:00
xen security and bug fix update
2012-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: qemu-0.15.1-7.fc16
2012-08-09 23:00:10
[SECURITY] Fedora 15 Update: qemu-0.14.0-9.fc15
2012-06-07 23:07:08
[SECURITY] Fedora 16 Update: qemu-0.15.1-8.fc16
2012-10-17 00:22:05
debian
debian
[BSA-039] Security Update for qemu-kvm
2011-07-04 14:46:56
[SECURITY] [DSA 2270-1] qemu-kvm security update
2011-07-01 20:51:24
[SECURITY] [DSA 2241-1] qemu-kvm security update
2011-05-24 21:02:40
securityvulns
securityvulns
KVM security vulnerabilities
2011-05-26 00:00:00
kvm code execution
2011-07-26 00:00:00
[USN-1522-1] QEMU vulnerability
2012-08-06 00:00:00
prion
prion
Heap overflow
2012-06-21 15:55:00
Hardcoded credentials
2012-08-07 20:55:00
Design/Logic Flaw
2012-06-21 15:55:00
ubuntucve
ubuntucve
CVE-2012-2652
2012-06-18 00:00:00
CVE-2011-2512
2011-07-05 00:00:00
CVE-2011-1750
2011-05-29 00:00:00
debiancve
debiancve
CVE-2012-2652
2012-08-07 20:55:03
CVE-2012-0029
2012-01-27 15:55:04
cvelist
cvelist
CVE-2012-2652
2012-08-07 20:00:00
CVE-2011-1751
2012-06-21 15:00:00
CVE-2011-2512
2012-06-21 15:00:00
nvd
nvd
CVE-2012-2652
2012-08-07 20:55:03
CVE-2011-2512
2012-06-21 15:55:09
CVE-2011-1750
2012-06-21 15:55:08
cve
cve
CVE-2011-1750
2012-06-21 15:55:08
CVE-2011-1751
2012-06-21 15:55:09
CVE-2011-2512
2012-06-21 15:55:09
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:59:10
Arbitrary Code Execution
2020-04-10 00:59:10
Privilege Escalation
2020-04-10 00:59:07
osv
osv
qemu-kvm - several
2011-05-01 00:00:00
qemu-kvm - multiple
2012-09-08 00:00:00
qemu - multiple
2012-09-08 00:00:00
centos
centos
qemu security update
2012-01-24 03:15:05
kmod, kvm security update
2012-01-24 20:53:03

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON
Related for GLSA-201210-04
nessus49openvas62ubuntu4suse4redhat5oraclelinux6fedora8debian9securityvulns9prion6ubuntucve6debiancve2cvelist6nvd6cve6veracode5osv4centos2