ID de Prueba:	1.3.6.1.4.1.25623.1.0.883113
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for kernel CESA-2019:2863 centos6
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the CESA-2019:2863 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the CESA-2019:2863 advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) Affected Software/OS: 'kernel' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14835 20190925 [SECURITY] [DSA 4531-1] linux security update https://seclists.org/bugtraq/2019/Sep/41 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) https://seclists.org/bugtraq/2019/Nov/11 DSA-4531 https://www.debian.org/security/2019/dsa-4531 FEDORA-2019-a570a92d5a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ FEDORA-2019-e3010166bd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:2824 RHSA-2019:2827 https://access.redhat.com/errata/RHSA-2019:2827 RHSA-2019:2828 https://access.redhat.com/errata/RHSA-2019:2828 RHSA-2019:2829 https://access.redhat.com/errata/RHSA-2019:2829 RHSA-2019:2830 https://access.redhat.com/errata/RHSA-2019:2830 RHSA-2019:2854 https://access.redhat.com/errata/RHSA-2019:2854 RHSA-2019:2862 https://access.redhat.com/errata/RHSA-2019:2862 RHSA-2019:2863 https://access.redhat.com/errata/RHSA-2019:2863 RHSA-2019:2864 https://access.redhat.com/errata/RHSA-2019:2864 RHSA-2019:2865 https://access.redhat.com/errata/RHSA-2019:2865 RHSA-2019:2866 https://access.redhat.com/errata/RHSA-2019:2866 RHSA-2019:2867 https://access.redhat.com/errata/RHSA-2019:2867 RHSA-2019:2869 https://access.redhat.com/errata/RHSA-2019:2869 RHSA-2019:2889 https://access.redhat.com/errata/RHSA-2019:2889 RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2899 RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2900 RHSA-2019:2901 https://access.redhat.com/errata/RHSA-2019:2901 RHSA-2019:2924 https://access.redhat.com/errata/RHSA-2019:2924 USN-4135-1 https://usn.ubuntu.com/4135-1/ USN-4135-2 https://usn.ubuntu.com/4135-2/ [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html [oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow http://www.openwall.com/lists/oss-security/2019/09/24/1 [oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow http://www.openwall.com/lists/oss-security/2019/10/03/1 [oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow http://www.openwall.com/lists/oss-security/2019/10/09/3 http://www.openwall.com/lists/oss-security/2019/10/09/7 http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 https://security.netapp.com/advisory/ntap-20191031-0005/ https://www.openwall.com/lists/oss-security/2019/09/17/1 openSUSE-SU-2019:2173 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html openSUSE-SU-2019:2181 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Copyright	Copyright (C) 2019 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.