 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.812317 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for qemu-kvm RHSA-2017:3368-01 |
| Resumen: | The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167) * Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of service (DoS). (CVE-2017-15289) Red Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289. Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-14167 BugTraq ID: 100694 http://www.securityfocus.com/bid/100694 Debian Security Information: DSA-3991 (Google Search) http://www.debian.org/security/2017/dsa-3991 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/09/07/2 https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html RedHat Security Advisories: RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3368 RedHat Security Advisories: RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3369 RedHat Security Advisories: RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3466 RedHat Security Advisories: RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3470 RedHat Security Advisories: RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3471 RedHat Security Advisories: RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3472 RedHat Security Advisories: RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3473 RedHat Security Advisories: RHSA-2017:3474 https://access.redhat.com/errata/RHSA-2017:3474 https://usn.ubuntu.com/3575-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-15289 BugTraq ID: 101262 http://www.securityfocus.com/bid/101262 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 http://www.openwall.com/lists/oss-security/2017/10/12/16 https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html RedHat Security Advisories: RHSA-2018:0516 https://access.redhat.com/errata/RHSA-2018:0516 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |