English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.131096
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2015-0397)
Resumen:The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0397 advisory.
Descripción:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2015-0397 advisory.

Vulnerability Insight:
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the
NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash). (CVE-2015-5278)

Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in
the NE2000 NIC emulation. A privileged guest user could use this flaw to
mount a denial of service (QEMU process crash), or potentially to execute
arbitrary code on the host with the privileges of the hosting QEMU
process. (CVE-2015-5279)

A flaw has been discovered in the QEMU emulator built with Virtual Network
Device(virtio-net) support. If the guest's virtio-net driver did not
support big or mergeable receive buffers, an issue could occur while
receiving large packets over the tuntap/ macvtap interfaces. An attacker
on the local network could use this flaw to disable the guest's
networking, the user could send a large number of jumbo frames to the
guest, which could exhaust all receive buffers, and lead to a denial of
service. (CVE-2015-7295)

Affected Software/OS:
'qemu' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5278
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://www.openwall.com/lists/oss-security/2015/09/15/2
http://www.ubuntu.com/usn/USN-2745-1
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
Common Vulnerability Exposure (CVE) ID: CVE-2015-5279
1033569
http://www.securitytracker.com/id/1033569
76746
http://www.securityfocus.com/bid/76746
DSA-3361
http://www.debian.org/security/2015/dsa-3361
DSA-3362
http://www.debian.org/security/2015/dsa-3362
FEDORA-2015-16368
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
FEDORA-2015-16369
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
FEDORA-2015-16370
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
GLSA-201602-01
https://security.gentoo.org/glsa/201602-01
RHSA-2015:1896
http://rhn.redhat.com/errata/RHSA-2015-1896.html
RHSA-2015:1923
http://rhn.redhat.com/errata/RHSA-2015-1923.html
RHSA-2015:1924
http://rhn.redhat.com/errata/RHSA-2015-1924.html
RHSA-2015:1925
http://rhn.redhat.com/errata/RHSA-2015-1925.html
SUSE-SU-2015:1782
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
[Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
[oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers
http://www.openwall.com/lists/oss-security/2015/09/15/3
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7295
82672
http://www.securityfocus.com/bid/82672
DSA-3469
http://www.debian.org/security/2016/dsa-3469
DSA-3470
http://www.debian.org/security/2016/dsa-3470
DSA-3471
http://www.debian.org/security/2016/dsa-3471
FEDORA-2015-d5c1048b47
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html
FEDORA-2015-d8510319c0
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html
FEDORA-2015-fca1900745
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html
[oss-security] 20150918 CVE request Qemu: net: virtio-net possible remote DoS
http://www.openwall.com/lists/oss-security/2015/09/18/5
[oss-security] 20150918 Re: CVE request Qemu: net: virtio-net possible remote DoS
http://www.openwall.com/lists/oss-security/2015/09/18/9
CopyrightCopyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.