ID de Prueba:	1.3.6.1.4.1.25623.1.0.121458
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201604-01
Resumen:	Gentoo Linux Local Security Checks GLSA 201604-01
Descripción:	Summary: Gentoo Linux Local Security Checks GLSA 201604-01 Vulnerability Insight: Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8613 79719 http://www.securityfocus.com/bid/79719 DSA-3471 http://www.debian.org/security/2016/dsa-3471 GLSA-201604-01 https://security.gentoo.org/glsa/201604-01 [oss-security] 20151221 Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info http://www.openwall.com/lists/oss-security/2015/12/22/1 [qemu-devel] 20151221 [Qemu-devel] [PATCH] scsi: initialise info object with appropriate size https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html https://bugzilla.redhat.com/show_bug.cgi?id=1284008 Common Vulnerability Exposure (CVE) ID: CVE-2015-8619 79668 http://www.securityfocus.com/bid/79668 [oss-security] 20151223 CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine http://www.openwall.com/lists/oss-security/2015/12/23/1 [qemu-devel] 20151217 [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1714 1034858 http://www.securitytracker.com/id/1034858 80250 http://www.securityfocus.com/bid/80250 DSA-3469 http://www.debian.org/security/2016/dsa-3469 DSA-3470 http://www.debian.org/security/2016/dsa-3470 RHSA-2016:0081 http://rhn.redhat.com/errata/RHSA-2016-0081.html RHSA-2016:0082 http://rhn.redhat.com/errata/RHSA-2016-0082.html RHSA-2016:0083 http://rhn.redhat.com/errata/RHSA-2016-0083.html RHSA-2016:0084 http://rhn.redhat.com/errata/RHSA-2016-0084.html RHSA-2016:0085 http://rhn.redhat.com/errata/RHSA-2016-0085.html RHSA-2016:0086 http://rhn.redhat.com/errata/RHSA-2016-0086.html RHSA-2016:0087 http://rhn.redhat.com/errata/RHSA-2016-0087.html RHSA-2016:0088 http://rhn.redhat.com/errata/RHSA-2016-0088.html [Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html [oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/11/7 [oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/12/10 [oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/12/11 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1922 81058 http://www.securityfocus.com/bid/81058 [oss-security] 20160116 CVE request Qemu: i386: null pointer dereference in vapic_write http://www.openwall.com/lists/oss-security/2016/01/16/1 [oss-security] 20160116 Re: CVE request Qemu: i386: null pointer dereference in vapic_write http://www.openwall.com/lists/oss-security/2016/01/16/6 [qemu-devel] 20160115 [PULL] i386: avoid null pointer dereference https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html https://bugzilla.redhat.com/show_bug.cgi?id=1283934 Common Vulnerability Exposure (CVE) ID: CVE-2016-1981 81549 http://www.securityfocus.com/bid/81549 RHSA-2016:2585 http://rhn.redhat.com/errata/RHSA-2016-2585.html [oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/19/10 [oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/22/1 [qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html https://bugzilla.redhat.com/show_bug.cgi?id=1298570 Common Vulnerability Exposure (CVE) ID: CVE-2016-2197 82235 http://www.securityfocus.com/bid/82235 [qemu-devel] 20160128 [PATCH v2] ide: ahci: add check before calling dma_memory_unmap https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html [qemu-devel] 20160129 CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines http://www.openwall.com/lists/oss-security/2016/01/29/2 [qemu-devel] 20160130 Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines http://www.openwall.com/lists/oss-security/2016/01/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=1302057 Common Vulnerability Exposure (CVE) ID: CVE-2016-2198 [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html [oss-security] 20160129 CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write http://www.openwall.com/lists/oss-security/2016/01/29/6 [oss-security] 20160130 Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write http://www.openwall.com/lists/oss-security/2016/01/30/2 [qemu-devel] 20160129 [PATCH] usb: ehci: add capability mmio write function https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html https://bugzilla.redhat.com/show_bug.cgi?id=1301643 Common Vulnerability Exposure (CVE) ID: CVE-2016-2392 83274 http://www.securityfocus.com/bid/83274 USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling http://www.openwall.com/lists/oss-security/2016/02/16/7 [qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html [qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 https://bugzilla.redhat.com/show_bug.cgi?id=1302299 Common Vulnerability Exposure (CVE) ID: CVE-2016-2538 83336 http://www.securityfocus.com/bid/83336 [oss-security] 20160222 CVE request Qemu: usb: integer overflow in remote NDIS control message handling http://www.openwall.com/lists/oss-security/2016/02/22/3 [qemu-devel] 20160216 [Qemu-devel] [PATCH 2/2] usb: check RNDIS buffer offsets & length https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e https://bugzilla.redhat.com/show_bug.cgi?id=1303120 Common Vulnerability Exposure (CVE) ID: CVE-2016-2858 84134 http://www.securityfocus.com/bid/84134 [oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption http://www.openwall.com/lists/oss-security/2016/03/04/1 [oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption http://www.openwall.com/lists/oss-security/2016/03/07/4 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 https://bugzilla.redhat.com/show_bug.cgi?id=1314676
Copyright	Copyright (C) 2016 Eero Volotinen

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.