 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0467 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0467) |
| Resumen: | The remote host is missing an update for the 'qemu, usbredir' package(s) announced via the MGASA-2014-0467 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'qemu, usbredir' package(s) announced via the MGASA-2014-0467 advisory. Vulnerability Insight: The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-3689). It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2014-5263). James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest (CVE-2014-7815). Additionally, the qemu update in MGASA-2014-0426 did not have USB redirection support because Qemu 1.6.2 requires an updated libusbredirparser library. This update has been built against the updated usbredirparser library. Affected Software/OS: 'qemu, usbredir' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3689 114397 http://www.osvdb.org/114397 60923 http://secunia.com/advisories/60923 62143 http://secunia.com/advisories/62143 62144 http://secunia.com/advisories/62144 DSA-3066 http://www.debian.org/security/2014/dsa-3066 DSA-3067 http://www.debian.org/security/2014/dsa-3067 USN-2409-1 http://www.ubuntu.com/usn/USN-2409-1 [Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5263 https://bugzilla.redhat.com/show_bug.cgi?id=1126543 http://www.openwall.com/lists/oss-security/2014/08/04/1 http://www.openwall.com/lists/oss-security/2014/08/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 61484 http://secunia.com/advisories/61484 RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://support.citrix.com/article/CTX200892 https://bugzilla.redhat.com/show_bug.cgi?id=1157641 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |