Test ID:	1.3.6.1.4.1.25623.1.0.882812
Category:	CentOS Local Security Checks
Title:	CentOS Update for qemu-img CESA-2017:3368 centos7
Summary:	Check the version of qemu-img
Description:	Summary: Check the version of qemu-img Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167) * Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of service (DoS). (CVE-2017-15289) Red Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289. Affected Software/OS: qemu-img on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14167 BugTraq ID: 100694 http://www.securityfocus.com/bid/100694 Debian Security Information: DSA-3991 (Google Search) http://www.debian.org/security/2017/dsa-3991 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/09/07/2 https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html RedHat Security Advisories: RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3368 RedHat Security Advisories: RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3369 RedHat Security Advisories: RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3466 RedHat Security Advisories: RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3470 RedHat Security Advisories: RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3471 RedHat Security Advisories: RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3472 RedHat Security Advisories: RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3473 RedHat Security Advisories: RHSA-2017:3474 https://access.redhat.com/errata/RHSA-2017:3474 https://usn.ubuntu.com/3575-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-15289 BugTraq ID: 101262 http://www.securityfocus.com/bid/101262 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 http://www.openwall.com/lists/oss-security/2017/10/12/16 https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html RedHat Security Advisories: RHSA-2018:0516 https://access.redhat.com/errata/RHSA-2018:0516
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.