ID de Prueba:	1.3.6.1.4.1.25623.1.0.883177
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for qemu-img (CESA-2020:0366)
Resumen:	The remote host is missing an update for the 'qemu-img'; package(s) announced via the CESA-2020:0366 advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-img' package(s) announced via the CESA-2020:0366 advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606) Enhancement(s): * [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rp ... Description truncated. Please see the references for more information. Affected Software/OS: 'qemu-img' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11135 Bugtraq: 20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01) (Google Search) https://seclists.org/bugtraq/2019/Nov/26 Bugtraq: 20191216 [SECURITY] [DSA 4565-2] intel-microcode security update (Google Search) https://seclists.org/bugtraq/2019/Dec/28 Bugtraq: 20200114 [SECURITY] [DSA 4602-1] xen security update (Google Search) https://seclists.org/bugtraq/2020/Jan/21 https://kc.mcafee.com/corporate/index?page=content&id=SB10306 https://support.f5.com/csp/article/K02912734?utm_source=f5support&utm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us Debian Security Information: DSA-4602 (Google Search) https://www.debian.org/security/2020/dsa-4602 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/ https://security.gentoo.org/glsa/202003-56 http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html https://www.oracle.com/security-alerts/cpujan2021.html https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12/11/1 RedHat Security Advisories: RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3936 RedHat Security Advisories: RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0026 RedHat Security Advisories: RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0028 RedHat Security Advisories: RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 RedHat Security Advisories: RHSA-2020:0279 https://access.redhat.com/errata/RHSA-2020:0279 RedHat Security Advisories: RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 RedHat Security Advisories: RHSA-2020:0555 https://access.redhat.com/errata/RHSA-2020:0555 RedHat Security Advisories: RHSA-2020:0666 https://access.redhat.com/errata/RHSA-2020:0666 RedHat Security Advisories: RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730 SuSE Security Announcement: openSUSE-SU-2019:2527 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html SuSE Security Announcement: openSUSE-SU-2019:2528 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html SuSE Security Announcement: openSUSE-SU-2019:2710 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://usn.ubuntu.com/4186-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-14378 Bugtraq: 20190825 [SECURITY] [DSA 4506-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Aug/41 Bugtraq: 20190902 [SECURITY] [DSA 4512-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Sep/3 Debian Security Information: DSA-4506 (Google Search) https://www.debian.org/security/2019/dsa-4506 Debian Security Information: DSA-4512 (Google Search) https://www.debian.org/security/2019/dsa-4512 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/ http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/ https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 https://news.ycombinator.com/item?id=20799010 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html http://www.openwall.com/lists/oss-security/2019/08/01/2 RedHat Security Advisories: RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179 RedHat Security Advisories: RHSA-2019:3403 https://access.redhat.com/errata/RHSA-2019:3403 RedHat Security Advisories: RHSA-2019:3494 https://access.redhat.com/errata/RHSA-2019:3494 RedHat Security Advisories: RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742 RedHat Security Advisories: RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787 RedHat Security Advisories: RHSA-2019:3968 https://access.redhat.com/errata/RHSA-2019:3968 RedHat Security Advisories: RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344 RedHat Security Advisories: RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775 SuSE Security Announcement: openSUSE-SU-2019:2041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html SuSE Security Announcement: openSUSE-SU-2019:2059 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2019:2510 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html https://usn.ubuntu.com/4191-1/ https://usn.ubuntu.com/4191-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.