 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.70881 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-1165-1 (qemu-kvm) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to qemu-kvm announced via advisory USN-1165-1. Details: Nelson Elhage discoverd that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. (CVE-2011-2212) Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. (CVE-2011-2512) When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: qemu-kvm 0.14.0+noroms-0ubuntu4.3 Ubuntu 10.10: qemu-kvm 0.12.5+noroms-0ubuntu7.8 qemu-kvm-extras 0.12.5+noroms-0ubuntu7.8 qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.8 Ubuntu 10.04 LTS: qemu-kvm 0.12.3+noroms-0ubuntu9.12 qemu-kvm-extras 0.12.3+noroms-0ubuntu9.12 qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.12 http://www.securityspace.com/smysecure/catid.html?in=USN-1165-1 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-2212 45158 http://secunia.com/advisories/45158 45170 http://secunia.com/advisories/45170 45187 http://secunia.com/advisories/45187 45188 http://secunia.com/advisories/45188 45301 http://secunia.com/advisories/45301 45354 http://secunia.com/advisories/45354 74751 http://www.osvdb.org/74751 DSA-2282 https://www.debian.org/security/2011/dsa-2282 RHSA-2011:0919 http://rhn.redhat.com/errata/RHSA-2011-0919.html SUSE-SU-2011:0806 https://hermes.opensuse.org/messages/9605323 USN-1165-1 http://ubuntu.com/usn/usn-1165-1 https://bugzilla.redhat.com/show_bug.cgi?id=713589 openSUSE-SU-2011:0803 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2512 44458 http://secunia.com/advisories/44458 44648 http://secunia.com/advisories/44648 DSA-2270 https://www.debian.org/security/2011/dsa-2270 [oss-security] 20110628 CVE request: qemu-kvm: OOB memory access caused by negative vq notifies http://www.openwall.com/lists/oss-security/2011/06/28/13 [oss-security] 20110629 Re: CVE request: qemu-kvm: OOB memory access caused by negative vq notifies http://www.openwall.com/lists/oss-security/2011/06/29/15 http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=7157e2e23e89adcd436caeab31fdd6b47eded377 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |