English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.851499
Categoría:SuSE Local Security Checks
Título:openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0194-1)
Resumen:The remote host is missing an update for the 'qemu'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the referenced advisory.

Vulnerability Insight:
qemu was updated to fix several issues.

These security issues were fixed:

- CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in
hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial
of service (memory consumption and QEMU process crash) via a large
number of Txattrcreate messages with the same fid number (bsc#1014256).

- CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed
local guest OS administrators to obtain sensitive host heap memory
information by reading xattribute values writing to them (bsc#1007454).

- CVE-2016-9381: Improper processing of shared rings allowing guest
administrators take over the qemu process, elevating their privilege to
that of the qemu process (bsc#1009109)

- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support
was vulnerable to an infinite loop issue while receiving packets in
'mcf_fec_receive'. A privileged user/process inside guest could have
used this issue to crash the Qemu process on the host leading to DoS
(bsc#1013285).

- CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to
an information leakage issue while processing the
'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could
have used this flaw to leak contents of the host memory (bsc#1013767).

- CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to
a memory leakage issue while updating the cursor data in
update_cursor_data_virgl. A guest user/process could have used this flaw
to leak host memory bytes, resulting in DoS for the host (bsc#1013764).

- CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a
memory leakage flaw when destroying the USB redirector in
'usbredir_handle_destroy'. A guest user/process could have used this
issue to leak host memory, resulting in DoS for a host (bsc#1014109).

- CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to
an information leakage issue while processing the
'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have
used this flaw to leak contents of the host memory (bsc#1014514).

- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory
leakage issue while processing packet data in 'ehci_init_transfer'. A
guest user/process could have used this issue to leak host memory,
resulting in DoS for the host (bsc#1014111).

- CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to
a memory leakage issue while destroying gpu resource object in
'virtio_gpu_resource_destroy'. A guest user/process co ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
qemu on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9102
BugTraq ID: 93962
http://www.securityfocus.com/bid/93962
https://security.gentoo.org/glsa/201611-11
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://www.openwall.com/lists/oss-security/2016/10/27/15
http://www.openwall.com/lists/oss-security/2016/10/30/6
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9103
BugTraq ID: 93955
http://www.securityfocus.com/bid/93955
http://www.openwall.com/lists/oss-security/2016/10/28/1
http://www.openwall.com/lists/oss-security/2016/10/30/7
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9381
BugTraq ID: 94476
http://www.securityfocus.com/bid/94476
https://security.gentoo.org/glsa/201612-56
http://www.securitytracker.com/id/1037344
Common Vulnerability Exposure (CVE) ID: CVE-2016-9776
BugTraq ID: 94638
http://www.securityfocus.com/bid/94638
https://security.gentoo.org/glsa/201701-49
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2016/12/02/3
http://www.openwall.com/lists/oss-security/2016/12/02/8
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9845
BugTraq ID: 94763
http://www.securityfocus.com/bid/94763
http://www.openwall.com/lists/oss-security/2016/12/05/15
http://www.openwall.com/lists/oss-security/2016/12/05/22
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9846
BugTraq ID: 94765
http://www.securityfocus.com/bid/94765
http://www.openwall.com/lists/oss-security/2016/12/05/18
http://www.openwall.com/lists/oss-security/2016/12/05/23
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9907
BugTraq ID: 94759
http://www.securityfocus.com/bid/94759
http://www.openwall.com/lists/oss-security/2016/12/08/3
RedHat Security Advisories: RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2392
RedHat Security Advisories: RHSA-2017:2408
https://access.redhat.com/errata/RHSA-2017:2408
Common Vulnerability Exposure (CVE) ID: CVE-2016-9908
BugTraq ID: 94761
http://www.securityfocus.com/bid/94761
http://www.openwall.com/lists/oss-security/2016/12/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2016-9911
BugTraq ID: 94762
http://www.securityfocus.com/bid/94762
http://www.openwall.com/lists/oss-security/2016/12/08/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-9912
BugTraq ID: 94760
http://www.securityfocus.com/bid/94760
http://www.openwall.com/lists/oss-security/2016/12/08/6
Common Vulnerability Exposure (CVE) ID: CVE-2016-9913
BugTraq ID: 94729
http://www.securityfocus.com/bid/94729
http://www.openwall.com/lists/oss-security/2016/12/06/11
http://www.openwall.com/lists/oss-security/2016/12/08/7
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9921
BugTraq ID: 94803
http://www.securityfocus.com/bid/94803
http://www.openwall.com/lists/oss-security/2016/12/09/1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9922
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.