ID de Prueba:	1.3.6.1.4.1.25623.1.0.871451
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for qemu-kvm RHSA-2015:1793-01
Resumen:	The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 BugTraq ID: 76153 http://www.securityfocus.com/bid/76153 Debian Security Information: DSA-3348 (Google Search) http://www.debian.org/security/2015/dsa-3348 Debian Security Information: DSA-3349 (Google Search) http://www.debian.org/security/2015/dsa-3349 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RedHat Security Advisories: RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RedHat Security Advisories: RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RedHat Security Advisories: RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RedHat Security Advisories: RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RedHat Security Advisories: RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RedHat Security Advisories: RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html http://www.securitytracker.com/id/1033176 SuSE Security Announcement: SUSE-SU-2015:1421 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SuSE Security Announcement: SUSE-SU-2015:1643 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.