Test ID:	1.3.6.1.4.1.25623.1.0.841795
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2182-1)
Summary:	The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2182-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2182-1 advisory. Vulnerability Insight: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-0150) Benoit Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-2894) Affected Software/OS: 'qemu, qemu-kvm' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.10, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4544 106013 http://www.osvdb.org/106013 58191 http://secunia.com/advisories/58191 USN-2182-1 http://ubuntu.com/usn/usn-2182-1 [qemu] 20140404 [PATCH V2 0/4] CVE-2013-4544 http://thread.gmane.org/gmane.comp.emulators.qemu/265562 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7 https://bugzilla.redhat.com/show_bug.cgi?id=1087513 Common Vulnerability Exposure (CVE) ID: CVE-2014-0150 57878 http://secunia.com/advisories/57878 DSA-2909 http://www.debian.org/security/2014/dsa-2909 DSA-2910 http://www.debian.org/security/2014/dsa-2910 http://www.ubuntu.com/usn/USN-2182-1 [Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun http://article.gmane.org/gmane.comp.emulators.qemu/266768 [Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun http://thread.gmane.org/gmane.comp.emulators.qemu/266713 https://bugzilla.redhat.com/show_bug.cgi?id=1078846 Common Vulnerability Exposure (CVE) ID: CVE-2014-2894 57945 http://secunia.com/advisories/57945 66932 http://www.securityfocus.com/bid/66932 RHSA-2014:0704 http://rhn.redhat.com/errata/RHSA-2014-0704.html RHSA-2014:0743 http://rhn.redhat.com/errata/RHSA-2014-0743.html RHSA-2014:0744 http://rhn.redhat.com/errata/RHSA-2014-0744.html [Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html [Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html [oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART http://www.openwall.com/lists/oss-security/2014/04/15/4 [oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART http://www.openwall.com/lists/oss-security/2014/04/18/5
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.