 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0467 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0467) |
| Summary: | The remote host is missing an update for the 'qemu, usbredir' package(s) announced via the MGASA-2014-0467 advisory. |
| Description: | Summary: The remote host is missing an update for the 'qemu, usbredir' package(s) announced via the MGASA-2014-0467 advisory. Vulnerability Insight: The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-3689). It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2014-5263). James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest (CVE-2014-7815). Additionally, the qemu update in MGASA-2014-0426 did not have USB redirection support because Qemu 1.6.2 requires an updated libusbredirparser library. This update has been built against the updated usbredirparser library. Affected Software/OS: 'qemu, usbredir' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3689 114397 http://www.osvdb.org/114397 60923 http://secunia.com/advisories/60923 62143 http://secunia.com/advisories/62143 62144 http://secunia.com/advisories/62144 DSA-3066 http://www.debian.org/security/2014/dsa-3066 DSA-3067 http://www.debian.org/security/2014/dsa-3067 USN-2409-1 http://www.ubuntu.com/usn/USN-2409-1 [Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5263 https://bugzilla.redhat.com/show_bug.cgi?id=1126543 http://www.openwall.com/lists/oss-security/2014/08/04/1 http://www.openwall.com/lists/oss-security/2014/08/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 61484 http://secunia.com/advisories/61484 RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://support.citrix.com/article/CTX200892 https://bugzilla.redhat.com/show_bug.cgi?id=1157641 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |