Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:0082
HistoryJan 28, 2016 - 12:00 a.m.

(RHSA-2016:0082) Important: qemu-kvm security update

2016-01-2800:00:00
access.redhat.com
15

0.006 Low

EPSS

Percentile

78.7%

JSON

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.

An out-of-bounds read/write flaw was discovered in the way QEMU’s Firmware
Configuration device emulation processed certain firmware configurations.
A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
QEMU process instance or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2016-1714)

Red Hat would like to thank Donghai Zhu of Alibaba for reporting this
issue.

All qemu-kvm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64qemu-kvm< 0.12.1.2-2.479.el6_7.4qemu-kvm-0.12.1.2-2.479.el6_7.4.x86_64.rpm
RedHat6i686qemu-kvm-debuginfo< 0.12.1.2-2.479.el6_7.4qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.i686.rpm
RedHat6srcqemu-kvm< 0.12.1.2-2.479.el6_7.4qemu-kvm-0.12.1.2-2.479.el6_7.4.src.rpm
RedHat6ppc64qemu-guest-agent< 0.12.1.2-2.479.el6_7.4qemu-guest-agent-0.12.1.2-2.479.el6_7.4.ppc64.rpm
RedHat6x86_64qemu-guest-agent< 0.12.1.2-2.479.el6_7.4qemu-guest-agent-0.12.1.2-2.479.el6_7.4.x86_64.rpm
RedHat6x86_64qemu-kvm-debuginfo< 0.12.1.2-2.479.el6_7.4qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.x86_64.rpm
RedHat6i686qemu-guest-agent< 0.12.1.2-2.479.el6_7.4qemu-guest-agent-0.12.1.2-2.479.el6_7.4.i686.rpm
RedHat6ppc64qemu-kvm-debuginfo< 0.12.1.2-2.479.el6_7.4qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.ppc64.rpm
RedHat6x86_64qemu-img< 0.12.1.2-2.479.el6_7.4qemu-img-0.12.1.2-2.479.el6_7.4.x86_64.rpm
RedHat6x86_64qemu-kvm-tools< 0.12.1.2-2.479.el6_7.4qemu-kvm-tools-0.12.1.2-2.479.el6_7.4.x86_64.rpm

Related

openvas 30
redhat 7
nessus 34
f5 2
oraclelinux 4
cvelist 1
centos 2
prion 1
veracode 1
ubuntucve 1
cve 1
debiancve 1
nvd 1
ibm 2
debian 6
osv 3
gentoo 1
fedora 2
mageia 1
ubuntu 1
suse 13
openvas
openvas
RedHat Update for qemu-kvm RHSA-2016:0083-01
2016-01-29 00:00:00
CentOS Update for qemu-guest-agent CESA-2016:0082 centos6
2016-02-02 00:00:00
RedHat Update for qemu-kvm RHSA-2016:0082-01
2016-01-29 00:00:00
redhat
redhat
(RHSA-2016:0081) Important: qemu-kvm-rhev security update
2016-01-28 00:00:00
(RHSA-2016:0083) Important: qemu-kvm security and bug fix update
2016-01-28 15:38:19
(RHSA-2016:0085) Important: qemu-kvm-rhev security update
2016-01-28 15:42:25
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2016:0082)
2016-01-29 00:00:00
RHEL 7 : qemu-kvm (RHSA-2016:0083)
2016-01-29 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2016-0082)
2016-01-29 00:00:00
f5
f5
K75248350 : QEMU vulnerability CVE-2016-1714
2016-05-10 00:00:00
SOL75248350 - QEMU vulnerability CVE-2016-1714
2016-05-10 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2016-01-28 00:00:00
qemu-kvm security and bug fix update
2016-01-28 00:00:00
qemu-kvm security update
2016-05-16 00:00:00
cvelist
cvelist
CVE-2016-1714
2016-04-07 19:00:00
centos
centos
qemu security update
2016-02-01 10:06:38
libcacard, qemu security update
2016-02-01 10:07:16
prion
prion
Out-of-bounds
2016-04-07 19:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:47
ubuntucve
ubuntucve
CVE-2016-1714
2016-01-12 00:00:00
cve
cve
CVE-2016-1714
2016-04-07 19:59:02
debiancve
debiancve
CVE-2016-1714
2016-04-07 19:59:02
nvd
nvd
CVE-2016-1714
2016-04-07 19:59:02
ibm
ibm
Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
2018-06-18 01:33:29
debian
debian
[SECURITY] [DSA 3469-1] qemu security update
2016-02-08 19:45:45
[SECURITY] [DSA 3469-1] qemu security update
2016-02-08 19:45:45
[SECURITY] [DSA 3470-1] qemu-kvm security update
2016-02-08 19:45:53
osv
osv
qemu-kvm - security update
2016-02-08 00:00:00
qemu - security update
2016-02-08 00:00:00
qemu - security update
2016-02-08 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2016-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.2-9.fc22
2016-03-19 21:28:58
[SECURITY] Fedora 23 Update: xen-4.5.2-9.fc23
2016-03-20 02:32:30
mageia
mageia
Updated qemu packages fix security vulnerabilities
2016-01-17 03:26:26
ubuntu
ubuntu
QEMU vulnerabilities
2016-02-03 00:00:00
suse
suse
Security update for xen (important)
2016-03-30 20:07:33
Security update for xen (important)
2016-04-26 16:08:08
Security update for qemu (important)
2016-07-06 22:04:21

0.006 Low

EPSS

Percentile

78.7%

JSON
Related for RHSA-2016:0082
openvas30redhat7nessus34f52oraclelinux4cvelist1centos2prion1veracode1ubuntucve1cve1debiancve1nvd1ibm2debian6osv3gentoo1fedora2mageia1ubuntu1suse13