ID de Prueba:	1.3.6.1.4.1.25623.1.0.882181
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for qemu-guest-agent CESA-2015:0998 centos6
Resumen:	Check the version of qemu-guest-agent
Descripción:	Summary: Check the version of qemu-guest-agent Vulnerability Insight: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Affected Software/OS: qemu-guest-agent on CentOS 6 Solution: Please install the updated packages. CVSS Score: 7.7 CVSS Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3456 BugTraq ID: 74640 http://www.securityfocus.com/bid/74640 Debian Security Information: DSA-3259 (Google Search) http://www.debian.org/security/2015/dsa-3259 Debian Security Information: DSA-3262 (Google Search) http://www.debian.org/security/2015/dsa-3262 Debian Security Information: DSA-3274 (Google Search) http://www.debian.org/security/2015/dsa-3274 https://www.exploit-db.com/exploits/37053/ http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html https://security.gentoo.org/glsa/201602-01 https://security.gentoo.org/glsa/201604-03 https://security.gentoo.org/glsa/201612-27 HPdes Security Advisory: HPSBMU03336 http://marc.info/?l=bugtraq&m=143229451215900&w=2 HPdes Security Advisory: HPSBMU03349 http://marc.info/?l=bugtraq&m=143387998230996&w=2 HPdes Security Advisory: SSRT102076 http://venom.crowdstrike.com/ RedHat Security Advisories: RHSA-2015:0998 http://rhn.redhat.com/errata/RHSA-2015-0998.html RedHat Security Advisories: RHSA-2015:0999 http://rhn.redhat.com/errata/RHSA-2015-0999.html RedHat Security Advisories: RHSA-2015:1000 http://rhn.redhat.com/errata/RHSA-2015-1000.html RedHat Security Advisories: RHSA-2015:1001 http://rhn.redhat.com/errata/RHSA-2015-1001.html RedHat Security Advisories: RHSA-2015:1002 http://rhn.redhat.com/errata/RHSA-2015-1002.html RedHat Security Advisories: RHSA-2015:1003 http://rhn.redhat.com/errata/RHSA-2015-1003.html RedHat Security Advisories: RHSA-2015:1004 http://rhn.redhat.com/errata/RHSA-2015-1004.html RedHat Security Advisories: RHSA-2015:1011 http://rhn.redhat.com/errata/RHSA-2015-1011.html http://www.securitytracker.com/id/1032306 http://www.securitytracker.com/id/1032311 http://www.securitytracker.com/id/1032917 SuSE Security Announcement: SUSE-SU-2015:0889 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html SuSE Security Announcement: SUSE-SU-2015:0896 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html SuSE Security Announcement: SUSE-SU-2015:0923 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html SuSE Security Announcement: SUSE-SU-2015:0927 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html SuSE Security Announcement: SUSE-SU-2015:0929 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html SuSE Security Announcement: openSUSE-SU-2015:0893 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:0894 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html SuSE Security Announcement: openSUSE-SU-2015:1400 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html http://www.ubuntu.com/usn/USN-2608-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.