FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517921
Date:      2019-11-18
Time:      18:13:56Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
60cb2055-b1b8-11e5-9728-002590263bf5qemu -- denial of service vulnerability in USB EHCI emulation support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a isochronous transfer descriptor list(iTD) and an infinite loop unfolds if there is a closed loop in this list.

A privileges user inside guest could use this flaw to consume excessive CPU cycles & resources on the host.


Discovery 2015-12-14
Entry 2016-01-03
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-8558
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/14/9
http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
https://github.com/seanbruno/qemu-bsd-user/commit/156a2e4dbffa85997636a7a39ef12da6f1b40254
b3f9f8ef-b1bb-11e5-9728-002590263bf5qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could use this flaw to crash the Qemu process instance resulting in DoS.


Discovery 2015-12-21
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20160213

CVE-2015-8613
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/21/7
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
http://git.qemu.org/?p=qemu.git;a=commit;h=36fef36b91f7ec0435215860f1458b5342ce2811
https://github.com/seanbruno/qemu-bsd-user/commit/36fef36b91f7ec0435215860f1458b5342ce2811
405446f4-b1b3-11e5-9728-002590263bf5qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the AMD PC-Net II Ethernet Controller support is vulnerable to a heap buffer overflow flaw. While receiving packets in the loopback mode, it appends CRC code to the receive buffer. If the data size given is same as the receive buffer size, the appended CRC code overwrites 4 bytes beyond this 's->buffer' array.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host.

The AMD PC-Net II emulator(hw/net/pcnet.c), while receiving packets from a remote host(non-loopback mode), fails to validate the received data size, thus resulting in a buffer overflow issue. It could potentially lead to arbitrary code execution on the host, with privileges of the Qemu process. It requires the guest NIC to have larger MTU limit.

A remote user could use this flaw to crash the guest instance resulting in DoS or potentially execute arbitrary code on a remote host with privileges of the Qemu process.


Discovery 2015-11-30
Entry 2016-01-03
Modified 2016-01-06
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

xen-tools
lt 4.5.2_1

CVE-2015-7504
CVE-2015-7512
http://www.openwall.com/lists/oss-security/2015/11/30/2
http://www.openwall.com/lists/oss-security/2015/11/30/3
http://git.qemu.org/?p=qemu.git;a=commit;h=837f21aacf5a714c23ddaadbbc5212f9b661e3f7
http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f2ec56343
https://github.com/seanbruno/qemu-bsd-user/commit/837f21aacf5a714c23ddaadbbc5212f9b661e3f7
https://github.com/seanbruno/qemu-bsd-user/commit/8b98a2f07175d46c3f7217639bd5e03f2ec56343
http://xenbits.xen.org/xsa/advisory-162.html
3fb06284-b1b7-11e5-9728-002590263bf5qemu -- denial of service vulnerability in MSI-X support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method.

A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue.


Discovery 2015-06-26
Entry 2016-01-03
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-7549
http://www.openwall.com/lists/oss-security/2015/12/14/2
http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b7542856ade23d1b
https://github.com/seanbruno/qemu-bsd-user/commit/43b11a91dd861a946b231b89b7542856ade23d1b
6aa3322f-b150-11e5-9728-002590263bf5qemu -- denial of service vulnerabilities in NE2000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.


Discovery 2015-09-15
Entry 2016-01-02
qemu
qemu-devel
lt 2.4.0.1

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-5278
CVE-2015-5279
http://www.openwall.com/lists/oss-security/2015/09/15/2
http://www.openwall.com/lists/oss-security/2015/09/15/3
http://git.qemu.org/?p=qemu.git;a=commit;h=5a1ccdfe44946e726b4c6fda8a4493b3931a68c1
https://github.com/seanbruno/qemu-bsd-user/commit/737d2b3c41d59eb8f94ab7eb419b957938f24943
http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
https://github.com/seanbruno/qemu-bsd-user/commit/9bbdbc66e5765068dce76e9269dce4547afd8ad4
1384f2fd-b1be-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Rocker switch emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit(tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments.

A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the Qemu process instance resulting in DoS issue.


Discovery 2015-12-28
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.50

qemu-sbruno
qemu-user-static
lt 2.5.50.g20160213

CVE-2015-8701
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/28/6
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
http://git.qemu.org/?p=qemu.git;a=commit;h=007cd223de527b5f41278f2d886c1a4beb3e67aa
https://github.com/seanbruno/qemu-bsd-user/commit/007cd223de527b5f41278f2d886c1a4beb3e67aa
10bf8eed-b14d-11e5-9728-002590263bf5qemu -- denial of service vulnerability in e1000 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.


Discovery 2015-09-04
Entry 2016-01-02
qemu
qemu-devel
lt 2.4.0.1

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-6815
http://www.openwall.com/lists/oss-security/2015/09/04/4
http://git.qemu.org/?p=qemu.git;a=commit;h=3a56af1fbc17ff453f6e90fb08ce0c0e6fd0b61b
https://github.com/seanbruno/qemu-bsd-user/commit/b947ac2bf26479e710489739c465c8af336599e7
67feba97-b1b5-11e5-9728-002590263bf5qemu -- denial of service vulnerability in VNC

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the VNC display driver support is vulnerable to an arithmetic exception flaw. It occurs on the VNC server side while processing the 'SetPixelFormat' messages from a client.

A privileged remote client could use this flaw to crash the guest resulting in DoS.


Discovery 2015-12-08
Entry 2016-01-03
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-8504
http://www.openwall.com/lists/oss-security/2015/12/08/4
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3
https://github.com/seanbruno/qemu-bsd-user/commit/4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3
b56fe6bb-b1b1-11e5-9728-002590263bf5qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List (CBL). Each Command Block(CB) points to the next command in the list. An infinite loop unfolds if the link to the next CB points to the same block or there is a closed loop in the chain.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS.


Discovery 2015-10-16
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.50

qemu-sbruno
qemu-user-static
lt 2.5.50.g20160213

CVE-2015-8345
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/11/25/3
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
http://git.qemu.org/?p=qemu.git;a=commit;h=00837731d254908a841d69298a4f9f077babaf24
https://github.com/seanbruno/qemu-bsd-user/commit/00837731d254908a841d69298a4f9f077babaf24
42cbd1e8-b152-11e5-9728-002590263bf5qemu -- denial of service vulnerability in virtio-net support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Virtual Network Device(virtio-net) support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support big/mergeable receive buffers.

An attacker on the local network could use this flaw to disable guest's networking by sending a large number of jumbo frames to the guest, exhausting all receive buffers and thus leading to a DoS situation.


Discovery 2015-09-18
Entry 2016-01-02
qemu
qemu-devel
lt 2.4.1

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-7295
http://www.openwall.com/lists/oss-security/2015/09/18/5
http://git.qemu.org/?p=qemu.git;a=commit;h=696317f1895e836d53b670c7b77b7be93302ba08
https://github.com/seanbruno/qemu-bsd-user/commit/0cf33fb6b49a19de32859e2cdc6021334f448fb3
62ab8707-b1bc-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Human Monitor Interface support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size.

A user/process could use this flaw to crash the Qemu process instance resulting in DoS.


Discovery 2015-12-23
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20160213

CVE-2015-8619
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/22/8
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
http://git.qemu.org/?p=qemu.git;a=commit;h=64ffbe04eaafebf4045a3ace52a360c14959d196
https://github.com/seanbruno/qemu-bsd-user/commit/64ffbe04eaafebf4045a3ace52a360c14959d196
bbc97005-b14e-11e5-9728-002590263bf5qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.


Discovery 2015-09-09
Entry 2016-01-02
qemu
qemu-devel
lt 2.4.1

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-6855
http://www.openwall.com/lists/oss-security/2015/09/10/1
http://git.qemu.org/?p=qemu.git;a=commit;h=63d761388d6fea994ca498c6e7a210851a99ad93
https://github.com/seanbruno/qemu-bsd-user/commit/d9033e1d3aa666c5071580617a57bd853c5d794a
152acff3-b1bd-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Q35 chipset emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more(16 bytes) data is moved into allocated (8 bytes) memory area.

A privileged guest user could use this issue to corrupt the VM guest image, potentially leading to a DoS. This issue affects q35 machine types.


Discovery 2015-11-19
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.50

qemu-sbruno
qemu-user-static
lt 2.5.50.g20151224

CVE-2015-8666
http://www.openwall.com/lists/oss-security/2015/12/24/1
http://git.qemu.org/?p=qemu.git;a=commit;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
https://github.com/seanbruno/qemu-bsd-user/commit/d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
9ad8993e-b1ba-11e5-9728-002590263bf5qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to a memory leakage flaw. It occurs when a guest repeatedly tries to activate the vmxnet3 device.

A privileged guest user could use this flaw to leak host memory, resulting in DoS on the host.


Discovery 2015-12-15
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
lt 2.5.0

qemu-sbruno
qemu-user-static
lt 2.5.50.g20160213

CVE-2015-8567
CVE-2015-8568
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/15/4
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
http://git.qemu.org/?p=qemu.git;a=commit;h=aa4a3dce1c88ed51b616806b8214b7c8428b7470
https://github.com/seanbruno/qemu-bsd-user/commit/aa4a3dce1c88ed51b616806b8214b7c8428b7470