oval:org.mitre.oval:def:28286
Definition Id: oval:org.mitre.oval:def:28286 | |||
Oval ID: | oval:org.mitre.oval:def:28286 | ||
Title: | USN-2409-1 -- QEMU vulnerabilities | ||
Description: | Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2409-1 CVE-2014-3615 CVE-2014-3640 CVE-2014-3689 CVE-2014-5263 CVE-2014-5388 CVE-2014-7815 | Version: | 5 |
Platform(s): | Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | qemu qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13089 | |||
Oval ID: | oval:org.mitre.oval:def:13089 | ||
Title: | Ubuntu 10.04 is installed | ||
Description: | Ubuntu 10.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:10.04 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:28286 |
Definition Id: oval:org.mitre.oval:def:27174 | |||
Oval ID: | oval:org.mitre.oval:def:27174 | ||
Title: | Ubuntu 14.10 is installed | ||
Description: | Ubuntu 14.10 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:14.10 | Version: | 5 |
Platform(s): | Ubuntu 14.10 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:28286 |
Definition Id: oval:org.mitre.oval:def:24421 | |||
Oval ID: | oval:org.mitre.oval:def:24421 | ||
Title: | Ubuntu 14.04 is installed | ||
Description: | Ubuntu 14.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:14.04 | Version: | 5 |
Platform(s): | Ubuntu 14.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:28286 |
Definition Id: oval:org.mitre.oval:def:15824 | |||
Oval ID: | oval:org.mitre.oval:def:15824 | ||
Title: | Ubuntu 12.04 is installed | ||
Description: | Ubuntu 12.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:12.04 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:28286 |