Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871828
Category:Red Hat Local Security Checks
Title:RedHat Update for qemu-kvm RHSA-2017:1430-01
Summary:The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'qemu-kvm'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Kernel-based Virtual Machine (KVM) is a full
virtualization solution for Linux on a variety of architectures. The qemu-kvm
package provides the user-space component for running virtual machines that use
KVM. Security Fix(es): * An out-of-bounds r/w access issue was found in QEMU's
Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while
copying VGA data via various bitblt functions. A privileged user inside a guest
could use this flaw to crash the QEMU process or, potentially, execute arbitrary
code on the host with privileges of the QEMU process. (CVE-2017-7980) * An
out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator
support. The vulnerability could occur while copying VGA data using bitblt
functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside
a guest could use this flaw to crash the QEMU process, resulting in denial of
service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc)
and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin
(PSIRT Huawei Inc) for reporting CVE-2017-7718. Bug Fix(es): * Previously, guest
virtual machines in some cases became unresponsive when the 'pty' back end of a
serial device performed an irregular I/O communication. This update improves the
handling of serial I/O on guests, which prevents the described problem from
occurring. (BZ#1452332)

Affected Software/OS:
qemu-kvm on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7718
BugTraq ID: 97957
http://www.securityfocus.com/bid/97957
https://security.gentoo.org/glsa/201706-03
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2017/04/19/4
RedHat Security Advisories: RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0980
RedHat Security Advisories: RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0981
RedHat Security Advisories: RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0982
RedHat Security Advisories: RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0983
RedHat Security Advisories: RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0984
RedHat Security Advisories: RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:0988
RedHat Security Advisories: RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1205
RedHat Security Advisories: RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1206
RedHat Security Advisories: RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1430
RedHat Security Advisories: RHSA-2017:1431
https://access.redhat.com/errata/RHSA-2017:1431
RedHat Security Advisories: RHSA-2017:1441
https://access.redhat.com/errata/RHSA-2017:1441
Common Vulnerability Exposure (CVE) ID: CVE-2017-7980
BugTraq ID: 102129
http://www.securityfocus.com/bid/102129
BugTraq ID: 97955
http://www.securityfocus.com/bid/97955
http://www.openwall.com/lists/oss-security/2017/04/21/1
http://ubuntu.com/usn/usn-3289-1
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.