Test ID:	1.3.6.1.4.1.25623.1.1.12.2014.2439.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2439-1)
Summary:	The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2439-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2439-1 advisory. Vulnerability Insight: Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840) Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus VGA device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-8106) Affected Software/OS: 'qemu, qemu-kvm' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7840 RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html [qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840 http://thread.gmane.org/gmane.comp.emulators.qemu/306117 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 https://bugzilla.redhat.com/show_bug.cgi?id=1163075 qemu-cve20147840-code-exec(99194) https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 Common Vulnerability Exposure (CVE) ID: CVE-2014-8106 60364 http://secunia.com/advisories/60364 71477 http://www.securityfocus.com/bid/71477 DSA-3087 http://www.debian.org/security/2014/dsa-3087 DSA-3088 http://www.debian.org/security/2014/dsa-3088 FEDORA-2015-5482 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html RHSA-2015:0643 http://rhn.redhat.com/errata/RHSA-2015-0643.html RHSA-2015:0795 http://rhn.redhat.com/errata/RHSA-2015-0795.html RHSA-2015:0867 http://rhn.redhat.com/errata/RHSA-2015-0867.html RHSA-2015:0868 http://rhn.redhat.com/errata/RHSA-2015-0868.html RHSA-2015:0891 http://rhn.redhat.com/errata/RHSA-2015-0891.html [Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106) http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html [oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks http://www.openwall.com/lists/oss-security/2014/12/04/8 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0 http://support.citrix.com/article/CTX200892 qemu-cve20148106-sec-bypass(99126) https://exchange.xforce.ibmcloud.com/vulnerabilities/99126
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.