English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.130022
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2015-0369)
Resumen:The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0369 advisory.
Descripción:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0369 advisory.

Vulnerability Insight:
Updated qemu packages fix security vulnerabilities:

Qemu emulator built with the RTL8139 emulation support is vulnerable to an
information leakage flaw. It could occur while processing network packets
under RTL8139 controller's C+ mode of operation. A guest user could use this
flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165).

Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in
the VNC display driver. A malicious guest could use this issue to cause a
denial of service, or possibly execute arbitrary code on the host as the user
running the QEMU process (CVE-2015-5225). - Mageia 5 only

Qemu emulator built with the e1000 NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing transmit descriptor data
when sending a network packet. A privileged user inside guest could use this
flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815).

Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is
vulnerable to a divide by zero issue. It could occur while executing an IDE
command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A
privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS (CVE-2015-6855).

Affected Software/OS:
'qemu' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5165
1033176
http://www.securitytracker.com/id/1033176
76153
http://www.securityfocus.com/bid/76153
DSA-3348
http://www.debian.org/security/2015/dsa-3348
DSA-3349
http://www.debian.org/security/2015/dsa-3349
FEDORA-2015-14361
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
FEDORA-2015-15944
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
FEDORA-2015-15946
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
RHSA-2015:1674
http://rhn.redhat.com/errata/RHSA-2015-1674.html
RHSA-2015:1683
http://rhn.redhat.com/errata/RHSA-2015-1683.html
RHSA-2015:1739
http://rhn.redhat.com/errata/RHSA-2015-1739.html
RHSA-2015:1740
http://rhn.redhat.com/errata/RHSA-2015-1740.html
RHSA-2015:1793
http://rhn.redhat.com/errata/RHSA-2015-1793.html
RHSA-2015:1833
http://rhn.redhat.com/errata/RHSA-2015-1833.html
SUSE-SU-2015:1421
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
SUSE-SU-2015:1643
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://support.citrix.com/article/CTX201717
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://xenbits.xen.org/xsa/advisory-140.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Common Vulnerability Exposure (CVE) ID: CVE-2015-5225
1033547
http://www.securitytracker.com/id/1033547
76506
http://www.securityfocus.com/bid/76506
FEDORA-2015-14783
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html
FEDORA-2015-15364
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html
FEDORA-2015-16368
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
GLSA-201602-01
https://security.gentoo.org/glsa/201602-01
RHSA-2015:1772
http://rhn.redhat.com/errata/RHSA-2015-1772.html
RHSA-2015:1837
http://rhn.redhat.com/errata/RHSA-2015-1837.html
[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue
http://www.openwall.com/lists/oss-security/2015/08/21/6
Common Vulnerability Exposure (CVE) ID: CVE-2015-6815
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
http://www.openwall.com/lists/oss-security/2015/09/04/4
http://www.openwall.com/lists/oss-security/2015/09/05/5
http://www.ubuntu.com/usn/USN-2745-1
https://bugzilla.redhat.com/show_bug.cgi?id=1260076
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
Common Vulnerability Exposure (CVE) ID: CVE-2015-6855
76691
http://www.securityfocus.com/bid/76691
DSA-3361
http://www.debian.org/security/2015/dsa-3361
DSA-3362
http://www.debian.org/security/2015/dsa-3362
FEDORA-2015-16369
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
FEDORA-2015-16370
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
FEDORA-2015-4896530727
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html
FEDORA-2015-8dc71ade88
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html
FEDORA-2015-d6ea74993a
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html
SUSE-SU-2015:1782
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
USN-2745-1
[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue
http://www.openwall.com/lists/oss-security/2015/09/10/1
[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue
http://www.openwall.com/lists/oss-security/2015/09/10/2
CopyrightCopyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.