Attachment #157080 for bug #200311

View | Details | Raw Unified | Return to bug 200311
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="5444ce37-014a-11e5-8fda-002590263bf5">
    <topic>virtualbox-ose -- buffer overflow vulnerability in QEMU's virtual Floppy Disk Controller (FDC)</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>4.3.28</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html">
	  <p>This Security Alert addresses security issue CVE-2015-3456
	    ("VENOM"), a buffer overflow vulnerability in QEMU's virtual Floppy
	    Disk Controller (FDC). The vulnerable FDC code is included in
	    various virtualization platforms and is used in some Oracle products.
	    The vulnerability may be exploitable by an attacker who has access
	    to an account on the guest operating system with privilege to access
	    the FDC. The attacker may be able to send malicious code to the FDC
	    that is executed in the context of the hypervisor process on the host
	    operating system. This vulnerability is not remotely exploitable
	    without authentication, i.e., may not be exploited over a network
	    without the need for a username and password.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html</url>
      <cvename>CVE-2015-3456</cvename>
    </references>
    <dates>
      <discovery>2015-05-15</discovery>
      <entry>2015-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="7927165a-0126-11e5-9d98-080027ef73ec">
    <topic>dnsmasq -- remotely exploitable buffer overflow in release candidate</topic>
    <affects>

Return to bug 200311

Lines 57-62 Link Here

(-)security/vuxml/vuln.xml (+36 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="5444ce37-014a-11e5-8fda-002590263bf5">
		61	<topic>virtualbox-ose -- buffer overflow vulnerability in QEMU's virtual Floppy Disk Controller (FDC)</topic>
		62	<affects>
		63	<package>
		64	<name>virtualbox-ose</name>
		65	<range><lt>4.3.28</lt></range>
		66	</package>
		67	</affects>
		68	<description>
		69	<body xmlns="http://www.w3.org/1999/xhtml">
		70	<p>Oracle reports:</p>
		71	<blockquote cite="http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html">
		72	<p>This Security Alert addresses security issue CVE-2015-3456
		73	("VENOM"), a buffer overflow vulnerability in QEMU's virtual Floppy
		74	Disk Controller (FDC). The vulnerable FDC code is included in
		75	various virtualization platforms and is used in some Oracle products.
		76	The vulnerability may be exploitable by an attacker who has access
		77	to an account on the guest operating system with privilege to access
		78	the FDC. The attacker may be able to send malicious code to the FDC
		79	that is executed in the context of the hypervisor process on the host
		80	operating system. This vulnerability is not remotely exploitable
		81	without authentication, i.e., may not be exploited over a network
		82	without the need for a username and password.</p>
		83	</blockquote>
		84	</body>
		85	</description>
		86	<references>
		87	<url>http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html</url>
		88	<cvename>CVE-2015-3456</cvename>
		89	</references>
		90	<dates>
		91	<discovery>2015-05-15</discovery>
		92	<entry>2015-05-23</entry>
		93	</dates>
		94	</vuln>
		95
60	<vuln vid="7927165a-0126-11e5-9d98-080027ef73ec">	96	<vuln vid="7927165a-0126-11e5-9d98-080027ef73ec">
61	<topic>dnsmasq -- remotely exploitable buffer overflow in release candidate</topic>	97	<topic>dnsmasq -- remotely exploitable buffer overflow in release candidate</topic>
62	<affects>	98	<affects>