 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882732 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for qemu-img CESA-2017:1430 centos7 |
| Summary: | Check the version of qemu-img |
| Description: | Summary: Check the version of qemu-img Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718. Bug Fix(es): * Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring. (BZ#1452332) Affected Software/OS: qemu-img on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7718 BugTraq ID: 97957 http://www.securityfocus.com/bid/97957 https://security.gentoo.org/glsa/201706-03 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/04/19/4 RedHat Security Advisories: RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0980 RedHat Security Advisories: RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0981 RedHat Security Advisories: RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0982 RedHat Security Advisories: RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0983 RedHat Security Advisories: RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0984 RedHat Security Advisories: RHSA-2017:0988 https://access.redhat.com/errata/RHSA-2017:0988 RedHat Security Advisories: RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205 RedHat Security Advisories: RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206 RedHat Security Advisories: RHSA-2017:1430 https://access.redhat.com/errata/RHSA-2017:1430 RedHat Security Advisories: RHSA-2017:1431 https://access.redhat.com/errata/RHSA-2017:1431 RedHat Security Advisories: RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441 Common Vulnerability Exposure (CVE) ID: CVE-2017-7980 BugTraq ID: 102129 http://www.securityfocus.com/bid/102129 BugTraq ID: 97955 http://www.securityfocus.com/bid/97955 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://ubuntu.com/usn/usn-3289-1 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |