Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.1373
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1373)
Summary:	The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2019-1373 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2019-1373 advisory. Vulnerability Insight: An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario.(CVE-2018-10839) Affected Software/OS: 'qemu-kvm' package(s) on Huawei EulerOS Virtualization 2.5.4. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10839 DSA-4338 https://www.debian.org/security/2018/dsa-4338 RHSA-2019:2892 https://access.redhat.com/errata/RHSA-2019:2892 USN-3826-1 https://usn.ubuntu.com/3826-1/ [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20181008 Qemu: integer overflow issues https://www.openwall.com/lists/oss-security/2018/10/08/1 [qemu-devel] 20180926 [PULL 21/25] ne2000: fix possible out of bound access in ne2000_receive https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.