Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2017.1223
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1223)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1223 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1223 advisory. Vulnerability Insight: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633) An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898) An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020) Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664) Affected Software/OS: 'qemu-kvm' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4020 BugTraq ID: 86067 http://www.securityfocus.com/bid/86067 https://security.gentoo.org/glsa/201609-01 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html RedHat Security Advisories: RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:1856 RedHat Security Advisories: RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392 RedHat Security Advisories: RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408 http://www.ubuntu.com/usn/USN-2974-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-2633 BugTraq ID: 96417 http://www.securityfocus.com/bid/96417 http://www.openwall.com/lists/oss-security/2017/02/23/1 RedHat Security Advisories: RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205 RedHat Security Advisories: RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206 RedHat Security Advisories: RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441 Common Vulnerability Exposure (CVE) ID: CVE-2017-5898 BugTraq ID: 96112 http://www.securityfocus.com/bid/96112 https://security.gentoo.org/glsa/201702-28 http://www.openwall.com/lists/oss-security/2017/02/07/3 SuSE Security Announcement: SUSE-SU-2017:0570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html SuSE Security Announcement: SUSE-SU-2017:0582 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.