English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.842861
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3047-2)
Summary:The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-3047-2 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-3047-2 advisory.

Vulnerability Insight:
USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403
caused a regression which resulted in save/restore failures when virtio
memory balloon statistics are enabled. This update temporarily reverts the
security fix for CVE-2016-5403 pending further investigation. We apologize
for the inconvenience.

Original advisory details:

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI
controller emulation. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code on the host. In the default installation, when QEMU
is used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-6351)

Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454)

Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual
SCSI bus emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4952)

Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host
Bus Adapter emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly to obtain sensitive host memory. This issue only applied to Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106,
CVE-2016-5107, CVE-2016-5337)

It was discovered that QEMU incorrectly handled certain iSCSI asynchronous
I/O ioctl calls. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is used
with libvirt, attackers would be isolated by the libvirt AppArmor profile.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5126)

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2016-5403)

Affected Software/OS:
'qemu, qemu-kvm' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4439
90760
http://www.securityfocus.com/bid/90760
GLSA-201609-01
https://security.gentoo.org/glsa/201609-01
USN-3047-1
http://www.ubuntu.com/usn/USN-3047-1
USN-3047-2
http://www.ubuntu.com/usn/USN-3047-2
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
http://www.openwall.com/lists/oss-security/2016/05/19/3
[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
https://bugzilla.redhat.com/show_bug.cgi?id=1337502
Common Vulnerability Exposure (CVE) ID: CVE-2016-4441
90762
http://www.securityfocus.com/bid/90762
[oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
http://www.openwall.com/lists/oss-security/2016/05/19/4
[qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
https://bugzilla.redhat.com/show_bug.cgi?id=1337505
Common Vulnerability Exposure (CVE) ID: CVE-2016-4453
90928
http://www.securityfocus.com/bid/90928
[oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
http://www.openwall.com/lists/oss-security/2016/05/30/2
[qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
https://bugzilla.redhat.com/show_bug.cgi?id=1336650
Common Vulnerability Exposure (CVE) ID: CVE-2016-4454
90927
http://www.securityfocus.com/bid/90927
[oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
http://www.openwall.com/lists/oss-security/2016/05/30/3
[qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
https://bugzilla.redhat.com/show_bug.cgi?id=1336429
Common Vulnerability Exposure (CVE) ID: CVE-2016-4952
[oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
http://www.openwall.com/lists/oss-security/2016/05/23/1
[oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
http://www.openwall.com/lists/oss-security/2016/05/23/4
[qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
https://bugzilla.redhat.com/show_bug.cgi?id=1334384
Common Vulnerability Exposure (CVE) ID: CVE-2016-5105
[oss-security] 20160525 CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration
http://www.openwall.com/lists/oss-security/2016/05/25/5
[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration
http://www.openwall.com/lists/oss-security/2016/05/26/7
[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: initialise local configuration da
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
https://bugzilla.redhat.com/show_bug.cgi?id=1339583
Common Vulnerability Exposure (CVE) ID: CVE-2016-5106
[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties
http://www.openwall.com/lists/oss-security/2016/05/25/6
[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties
http://www.openwall.com/lists/oss-security/2016/05/26/8
[qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
https://bugzilla.redhat.com/show_bug.cgi?id=1339578
Common Vulnerability Exposure (CVE) ID: CVE-2016-5107
90874
http://www.securityfocus.com/bid/90874
[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function
http://www.openwall.com/lists/oss-security/2016/05/25/7
[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function
http://www.openwall.com/lists/oss-security/2016/05/26/9
[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: check 'read_queue_head' index val
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
https://bugzilla.redhat.com/show_bug.cgi?id=1336461
Common Vulnerability Exposure (CVE) ID: CVE-2016-5126
90948
http://www.securityfocus.com/bid/90948
RHSA-2016:1606
http://rhn.redhat.com/errata/RHSA-2016-1606.html
RHSA-2016:1607
http://rhn.redhat.com/errata/RHSA-2016-1607.html
RHSA-2016:1653
http://rhn.redhat.com/errata/RHSA-2016-1653.html
RHSA-2016:1654
http://rhn.redhat.com/errata/RHSA-2016-1654.html
RHSA-2016:1655
http://rhn.redhat.com/errata/RHSA-2016-1655.html
RHSA-2016:1756
http://rhn.redhat.com/errata/RHSA-2016-1756.html
RHSA-2016:1763
http://rhn.redhat.com/errata/RHSA-2016-1763.html
[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
[oss-security] 20160530 CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
http://www.openwall.com/lists/oss-security/2016/05/30/6
[oss-security] 20160530 Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
http://www.openwall.com/lists/oss-security/2016/05/30/7
[qemu-block] 20160524 [Qemu-block] [PATCH] block/iscsi: avoid potential overflow of acb->task->cdb
https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://bugzilla.redhat.com/show_bug.cgi?id=1340924
Common Vulnerability Exposure (CVE) ID: CVE-2016-5238
90995
http://www.securityfocus.com/bid/90995
[oss-security] 20160602 CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd
http://www.openwall.com/lists/oss-security/2016/06/02/2
[oss-security] 20160602 Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd
http://www.openwall.com/lists/oss-security/2016/06/02/9
[qemu-devel] 20160531 [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html
[qemu-devel] 20160601 Re: [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
https://bugzilla.redhat.com/show_bug.cgi?id=1341931
Common Vulnerability Exposure (CVE) ID: CVE-2016-5337
91097
http://www.securityfocus.com/bid/91097
[oss-security] 20160608 CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info
http://www.openwall.com/lists/oss-security/2016/06/08/3
[oss-security] 20160608 Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info
http://www.openwall.com/lists/oss-security/2016/06/08/13
[qemu-devel] 20160607 [PULL 06/13] scsi: megasas: null terminate bios version buffer
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6
Common Vulnerability Exposure (CVE) ID: CVE-2016-5338
91079
http://www.securityfocus.com/bid/91079
[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
http://www.openwall.com/lists/oss-security/2016/06/07/3
[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
http://www.openwall.com/lists/oss-security/2016/06/08/14
[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
Common Vulnerability Exposure (CVE) ID: CVE-2016-5403
1036476
http://www.securitytracker.com/id/1036476
92148
http://www.securityfocus.com/bid/92148
RHSA-2016:1585
http://rhn.redhat.com/errata/RHSA-2016-1585.html
RHSA-2016:1586
http://rhn.redhat.com/errata/RHSA-2016-1586.html
RHSA-2016:1652
http://rhn.redhat.com/errata/RHSA-2016-1652.html
RHSA-2016:1943
http://rhn.redhat.com/errata/RHSA-2016-1943.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://xenbits.xen.org/xsa/advisory-184.html
https://bugzilla.redhat.com/show_bug.cgi?id=1358359
Common Vulnerability Exposure (CVE) ID: CVE-2016-6351
92119
http://www.securityfocus.com/bid/92119
[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command
http://www.openwall.com/lists/oss-security/2016/07/25/14
[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command
http://www.openwall.com/lists/oss-security/2016/07/26/7
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.