Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.882812
Categoría:CentOS Local Security Checks
Título:CentOS Update for qemu-img CESA-2017:3368 centos7
Resumen:Check the version of qemu-img
Descripción:Summary:
Check the version of qemu-img

Vulnerability Insight:
Kernel-based Virtual Machine (KVM) is a
full virtualization solution for Linux on a variety of architectures.
The qemu-kvm package provides the user-space component for running virtual
machines that use KVM.

Security Fix(es):

* Quick Emulator (QEMU), compiled with the PC System Emulator with
multiboot feature support, is vulnerable to an OOB r/w memory access issue.
The issue could occur due to an integer overflow while loading a kernel
image during a guest boot. A user or process could use this flaw to
potentially achieve arbitrary code execution on a host. (CVE-2017-14167)

* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator
support, is vulnerable to an OOB write access issue. The issue could occur
while writing to VGA memory via mode4and5 write functions. A privileged
user inside guest could use this flaw to crash the QEMU process resulting
in Denial of service (DoS). (CVE-2017-15289)

Red Hat would like to thank Thomas Garnier (Google.com) for reporting
CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.

Affected Software/OS:
qemu-img on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-14167
BugTraq ID: 100694
http://www.securityfocus.com/bid/100694
Debian Security Information: DSA-3991 (Google Search)
http://www.debian.org/security/2017/dsa-3991
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2017/09/07/2
https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html
RedHat Security Advisories: RHSA-2017:3368
https://access.redhat.com/errata/RHSA-2017:3368
RedHat Security Advisories: RHSA-2017:3369
https://access.redhat.com/errata/RHSA-2017:3369
RedHat Security Advisories: RHSA-2017:3466
https://access.redhat.com/errata/RHSA-2017:3466
RedHat Security Advisories: RHSA-2017:3470
https://access.redhat.com/errata/RHSA-2017:3470
RedHat Security Advisories: RHSA-2017:3471
https://access.redhat.com/errata/RHSA-2017:3471
RedHat Security Advisories: RHSA-2017:3472
https://access.redhat.com/errata/RHSA-2017:3472
RedHat Security Advisories: RHSA-2017:3473
https://access.redhat.com/errata/RHSA-2017:3473
RedHat Security Advisories: RHSA-2017:3474
https://access.redhat.com/errata/RHSA-2017:3474
https://usn.ubuntu.com/3575-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-15289
BugTraq ID: 101262
http://www.securityfocus.com/bid/101262
Debian Security Information: DSA-4213 (Google Search)
https://www.debian.org/security/2018/dsa-4213
http://www.openwall.com/lists/oss-security/2017/10/12/16
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
RedHat Security Advisories: RHSA-2018:0516
https://access.redhat.com/errata/RHSA-2018:0516
CopyrightCopyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.