Test ID:	1.3.6.1.4.1.25623.1.0.703349
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3349-1)
Summary:	The remote host is missing an update for the Debian 'qemu-kvm' package(s) announced via the DSA-3349-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'qemu-kvm' package(s) announced via the DSA-3349-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash). For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u9. We recommend that you upgrade your qemu-kvm packages. Affected Software/OS: 'qemu-kvm' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 1033176 http://www.securitytracker.com/id/1033176 76153 http://www.securityfocus.com/bid/76153 DSA-3348 http://www.debian.org/security/2015/dsa-3348 DSA-3349 http://www.debian.org/security/2015/dsa-3349 FEDORA-2015-14361 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html FEDORA-2015-15944 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html FEDORA-2015-15946 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://support.citrix.com/article/CTX201717 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xenbits.xen.org/xsa/advisory-140.html https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Common Vulnerability Exposure (CVE) ID: CVE-2015-5745 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/08/06/3 http://www.openwall.com/lists/oss-security/2015/08/06/5 https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295 https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.