 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882286 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for qemu-guest-agent CESA-2015:1833 centos6 |
| Summary: | Check the version of qemu-guest-agent |
| Description: | Summary: Check the version of qemu-guest-agent Vulnerability Insight: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Affected Software/OS: qemu-guest-agent on CentOS 6 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5165 1033176 http://www.securitytracker.com/id/1033176 76153 http://www.securityfocus.com/bid/76153 DSA-3348 http://www.debian.org/security/2015/dsa-3348 DSA-3349 http://www.debian.org/security/2015/dsa-3349 FEDORA-2015-14361 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html FEDORA-2015-15944 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html FEDORA-2015-15946 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html RHSA-2015:1674 http://rhn.redhat.com/errata/RHSA-2015-1674.html RHSA-2015:1683 http://rhn.redhat.com/errata/RHSA-2015-1683.html RHSA-2015:1739 http://rhn.redhat.com/errata/RHSA-2015-1739.html RHSA-2015:1740 http://rhn.redhat.com/errata/RHSA-2015-1740.html RHSA-2015:1793 http://rhn.redhat.com/errata/RHSA-2015-1793.html RHSA-2015:1833 http://rhn.redhat.com/errata/RHSA-2015-1833.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://support.citrix.com/article/CTX201717 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xenbits.xen.org/xsa/advisory-140.html https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |