Debian Linux Security Advisory 3847-1 - Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.
ef39c1de6d0ec5018cfe4cea5d3d68ce3dd8f308f08223198e250746818448e3Ubuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
55219cd93a67e26cc2c98285217c82a6a4c4a415f32a2bc50c406be0dfd12705Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3bGentoo Linux Security Advisory 201701-49 - Multiple vulnerabilities have been found in QEMU, the worst of which could cause a Denial of Service condition. Versions less than 2.8.0 are affected.
0e2d539d14e347d3bf17b029ab30f28001e77ddbe1f75f7299d20d446e40dd7dDebian Linux Security Advisory 3760-1 - Multiple vulnerabilities have been found in the Ikiwiki wiki compiler.
6e19296cb5fc5a258483e73f73dbc2c2eab301083ffe901763aaddbb247034deGentoo Linux Security Advisory 201612-56 - Multiple vulnerabilities have been found in Xen, the worst of which could lead to the execution of arbitrary code on the host system. Versions less than 4.7.1-r4 are affected.
70ed2e55c553c06ec58463cd484b2a108097349e02fa9a442b32774e3342fa47An included fuzzing case demonstrates a crash in Adobe Flash shape rendering.
efc9af51bcd69cfee5ecf9979add44fc4891f75646247fc53ec96acdedf5bccbRed Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed