CentOS Local Security Checks : CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883198

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)

Resumen: The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2020:0775 advisory.

Descripción: Summary:
The remote host is missing an update for the 'qemu-guest-agent'
package(s) announced via the CESA-2020:0775 advisory.

Vulnerability Insight:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: slirp: heap buffer overflow during packet reassembly
(CVE-2019-14378)

* QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
(CVE-2020-7039)

* QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'qemu-guest-agent' package(s) on CentOS 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-14378
Bugtraq: 20190825 [SECURITY] [DSA 4506-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/41
Bugtraq: 20190902 [SECURITY] [DSA 4512-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/3
Debian Security Information: DSA-4506 (Google Search)
https://www.debian.org/security/2019/dsa-4506
Debian Security Information: DSA-4512 (Google Search)
https://www.debian.org/security/2019/dsa-4512
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
https://news.ycombinator.com/item?id=20799010
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.openwall.com/lists/oss-security/2019/08/01/2
RedHat Security Advisories: RHSA-2019:3179
https://access.redhat.com/errata/RHSA-2019:3179
RedHat Security Advisories: RHSA-2019:3403
https://access.redhat.com/errata/RHSA-2019:3403
RedHat Security Advisories: RHSA-2019:3494
https://access.redhat.com/errata/RHSA-2019:3494
RedHat Security Advisories: RHSA-2019:3742
https://access.redhat.com/errata/RHSA-2019:3742
RedHat Security Advisories: RHSA-2019:3787
https://access.redhat.com/errata/RHSA-2019:3787
RedHat Security Advisories: RHSA-2019:3968
https://access.redhat.com/errata/RHSA-2019:3968
RedHat Security Advisories: RHSA-2019:4344
https://access.redhat.com/errata/RHSA-2019:4344
RedHat Security Advisories: RHSA-2020:0366
https://access.redhat.com/errata/RHSA-2020:0366
RedHat Security Advisories: RHSA-2020:0775
https://access.redhat.com/errata/RHSA-2020:0775
SuSE Security Announcement: openSUSE-SU-2019:2041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
SuSE Security Announcement: openSUSE-SU-2019:2059 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html
SuSE Security Announcement: openSUSE-SU-2019:2510 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
https://usn.ubuntu.com/4191-1/
https://usn.ubuntu.com/4191-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-15890
Bugtraq: 20200203 [SECURITY] [DSA 4616-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2020/Feb/0
Debian Security Information: DSA-4616 (Google Search)
https://www.debian.org/security/2020/dsa-4616
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
Common Vulnerability Exposure (CVE) ID: CVE-2020-7039
https://security.gentoo.org/glsa/202005-02
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html
RedHat Security Advisories: RHSA-2020:0348
https://access.redhat.com/errata/RHSA-2020:0348
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/4283-1/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883198
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)
Resumen:	The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2020:0775 advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-guest-agent' package(s) announced via the CESA-2020:0775 advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'qemu-guest-agent' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14378 Bugtraq: 20190825 [SECURITY] [DSA 4506-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Aug/41 Bugtraq: 20190902 [SECURITY] [DSA 4512-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/Sep/3 Debian Security Information: DSA-4506 (Google Search) https://www.debian.org/security/2019/dsa-4506 Debian Security Information: DSA-4512 (Google Search) https://www.debian.org/security/2019/dsa-4512 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/ http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/ https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 https://news.ycombinator.com/item?id=20799010 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html http://www.openwall.com/lists/oss-security/2019/08/01/2 RedHat Security Advisories: RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179 RedHat Security Advisories: RHSA-2019:3403 https://access.redhat.com/errata/RHSA-2019:3403 RedHat Security Advisories: RHSA-2019:3494 https://access.redhat.com/errata/RHSA-2019:3494 RedHat Security Advisories: RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742 RedHat Security Advisories: RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787 RedHat Security Advisories: RHSA-2019:3968 https://access.redhat.com/errata/RHSA-2019:3968 RedHat Security Advisories: RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344 RedHat Security Advisories: RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 RedHat Security Advisories: RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775 SuSE Security Announcement: openSUSE-SU-2019:2041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html SuSE Security Announcement: openSUSE-SU-2019:2059 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2019:2510 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html https://usn.ubuntu.com/4191-1/ https://usn.ubuntu.com/4191-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-15890 Bugtraq: 20200203 [SECURITY] [DSA 4616-1] qemu security update (Google Search) https://seclists.org/bugtraq/2020/Feb/0 Debian Security Information: DSA-4616 (Google Search) https://www.debian.org/security/2020/dsa-4616 https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 Common Vulnerability Exposure (CVE) ID: CVE-2020-7039 https://security.gentoo.org/glsa/202005-02 https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html RedHat Security Advisories: RHSA-2020:0348 https://access.redhat.com/errata/RHSA-2020:0348 SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/4283-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH