Test ID:	1.3.6.1.4.1.25623.1.0.871694
Category:	Red Hat Local Security Checks
Title:	RedHat Update for qemu-kvm RHSA-2016:2585-02
Summary:	The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712) * An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance. (CVE-2016-1981) Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting CVE-2016-3712. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1981 81549 http://www.securityfocus.com/bid/81549 DSA-3469 http://www.debian.org/security/2016/dsa-3469 DSA-3470 http://www.debian.org/security/2016/dsa-3470 DSA-3471 http://www.debian.org/security/2016/dsa-3471 GLSA-201604-01 https://security.gentoo.org/glsa/201604-01 RHSA-2016:2585 http://rhn.redhat.com/errata/RHSA-2016-2585.html [oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/19/10 [oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/22/1 [qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html https://bugzilla.redhat.com/show_bug.cgi?id=1298570 Common Vulnerability Exposure (CVE) ID: CVE-2016-3712 1035794 http://www.securitytracker.com/id/1035794 90314 http://www.securityfocus.com/bid/90314 DSA-3573 http://www.debian.org/security/2016/dsa-3573 RHSA-2017:0621 http://rhn.redhat.com/errata/RHSA-2017-0621.html USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues http://www.openwall.com/lists/oss-security/2016/05/09/4 http://support.citrix.com/article/CTX212736 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://xenbits.xen.org/xsa/advisory-179.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.