 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843524 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3649-1) |
| Summary: | The remote host is missing an update for the 'qemu' package(s) announced via the USN-3649-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'qemu' package(s) announced via the USN-3649-1 advisory. Vulnerability Insight: Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845) Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2018-7550) Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858) Affected Software/OS: 'qemu' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-16845 BugTraq ID: 101923 http://www.securityfocus.com/bid/101923 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html https://usn.ubuntu.com/3575-1/ https://usn.ubuntu.com/3649-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7550 BugTraq ID: 103181 http://www.securityfocus.com/bid/103181 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html RedHat Security Advisories: RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1369 RedHat Security Advisories: RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2462 Common Vulnerability Exposure (CVE) ID: CVE-2018-7858 BugTraq ID: 103350 http://www.securityfocus.com/bid/103350 http://www.openwall.com/lists/oss-security/2018/03/09/1 https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html RedHat Security Advisories: RHSA-2018:1416 https://access.redhat.com/errata/RHSA-2018:1416 RedHat Security Advisories: RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2162 SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |