 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.871748 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Update for qemu-kvm RHSA-2017:0083-01 |
| Summary: | The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue. Bug Fix(es): * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1393484) Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2857 84130 http://www.securityfocus.com/bid/84130 RHSA-2016:2670 http://rhn.redhat.com/errata/RHSA-2016-2670.html RHSA-2016:2671 http://rhn.redhat.com/errata/RHSA-2016-2671.html RHSA-2016:2704 http://rhn.redhat.com/errata/RHSA-2016-2704.html RHSA-2016:2705 http://rhn.redhat.com/errata/RHSA-2016-2705.html RHSA-2016:2706 http://rhn.redhat.com/errata/RHSA-2016-2706.html RHSA-2017:0083 http://rhn.redhat.com/errata/RHSA-2017-0083.html RHSA-2017:0309 http://rhn.redhat.com/errata/RHSA-2017-0309.html RHSA-2017:0334 http://rhn.redhat.com/errata/RHSA-2017-0334.html RHSA-2017:0344 http://rhn.redhat.com/errata/RHSA-2017-0344.html RHSA-2017:0350 http://rhn.redhat.com/errata/RHSA-2017-0350.html USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate http://www.openwall.com/lists/oss-security/2016/03/03/9 [oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate http://www.openwall.com/lists/oss-security/2016/03/07/3 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |