Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.851580
Categoría:SuSE Local Security Checks
Título:openSUSE: Security Advisory for qemu (openSUSE-SU-2017:1872-1)
Resumen:The remote host is missing an update for the 'qemu'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for qemu fixes several issues.

These security issues were fixed:

- CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users
to cause a denial of service (infinite loop) by leveraging an incorrect
return value (bsc#1042159).

- CVE-2017-8379: Memory leak in the keyboard input event handlers support
allowed local guest OS privileged users to cause a denial of service
(host memory consumption) by rapidly generating large keyboard events
(bsc#1037334).

- CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers
to cause a denial of service (memory consumption) by repeatedly starting
and stopping audio capture (bsc#1037242).

- CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File
System(9pfs) support, was vulnerable to an improper access control
issue. It could occur while accessing virtfs metadata files in
mapped-file security mode. A guest user could have used this flaw to
escalate their privileges inside guest (bsc#1039495).

- CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in
hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial
of service (file descriptor or memory consumption) via vectors related
to an already in-use fid (bsc#1032075).

- CVE-2017-8086: A memory leak in the v9fs_list_xattr function in
hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a
denial of service (memory consumption) via vectors involving the
orig_value variable (bsc#1035950).

- CVE-2017-5973: A infinite loop while doing control transfer in
xhci_kick_epctx allowed privileged user inside the guest to crash the
host process resulting in DoS (bsc#1025109)

- CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in
hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial
of service (infinite loop and QEMU process crash) via vectors involving
the transfer mode register during multi block transfer (bsc#1025311).

- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c
allowed local guest OS users to cause a denial of service (infinite
loop) via vectors involving the number of link endpoint list descriptors
(bsc#1028184)

- CVE-2016-9603: A privileged user within the guest VM could have caused a
heap overflow in the device model process, potentially escalating their
privileges to that of the device model process (bsc#1028656)

- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors related to copy ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
qemu on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9602
BugTraq ID: 95461
http://www.securityfocus.com/bid/95461
https://security.gentoo.org/glsa/201704-01
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2017/01/17/12
https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
http://www.securitytracker.com/id/1037604
Common Vulnerability Exposure (CVE) ID: CVE-2016-9603
BugTraq ID: 96893
http://www.securityfocus.com/bid/96893
https://security.gentoo.org/glsa/201706-03
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
RedHat Security Advisories: RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0980
RedHat Security Advisories: RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0981
RedHat Security Advisories: RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0982
RedHat Security Advisories: RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0983
RedHat Security Advisories: RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0984
RedHat Security Advisories: RHSA-2017:0985
https://access.redhat.com/errata/RHSA-2017:0985
RedHat Security Advisories: RHSA-2017:0987
https://access.redhat.com/errata/RHSA-2017:0987
RedHat Security Advisories: RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:0988
RedHat Security Advisories: RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1205
RedHat Security Advisories: RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1206
RedHat Security Advisories: RHSA-2017:1441
https://access.redhat.com/errata/RHSA-2017:1441
http://www.securitytracker.com/id/1038023
Common Vulnerability Exposure (CVE) ID: CVE-2017-5579
BugTraq ID: 95780
http://www.securityfocus.com/bid/95780
https://security.gentoo.org/glsa/201702-28
http://www.openwall.com/lists/oss-security/2017/01/24/8
http://www.openwall.com/lists/oss-security/2017/01/25/3
RedHat Security Advisories: RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2392
RedHat Security Advisories: RHSA-2017:2408
https://access.redhat.com/errata/RHSA-2017:2408
Common Vulnerability Exposure (CVE) ID: CVE-2017-5973
BugTraq ID: 96220
http://www.securityfocus.com/bid/96220
http://www.openwall.com/lists/oss-security/2017/02/13/11
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5987
BugTraq ID: 96263
http://www.securityfocus.com/bid/96263
http://www.openwall.com/lists/oss-security/2017/02/14/8
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6505
BugTraq ID: 96611
http://www.securityfocus.com/bid/96611
http://www.openwall.com/lists/oss-security/2017/03/06/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-7377
BugTraq ID: 97319
http://www.securityfocus.com/bid/97319
http://www.openwall.com/lists/oss-security/2017/04/03/2
https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7471
BugTraq ID: 97970
http://www.securityfocus.com/bid/97970
http://www.openwall.com/lists/oss-security/2017/04/19/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-7493
BugTraq ID: 98574
http://www.securityfocus.com/bid/98574
http://seclists.org/oss-sec/2017/q2/278
https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7718
BugTraq ID: 97957
http://www.securityfocus.com/bid/97957
http://www.openwall.com/lists/oss-security/2017/04/19/4
RedHat Security Advisories: RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1430
RedHat Security Advisories: RHSA-2017:1431
https://access.redhat.com/errata/RHSA-2017:1431
Common Vulnerability Exposure (CVE) ID: CVE-2017-7980
BugTraq ID: 102129
http://www.securityfocus.com/bid/102129
BugTraq ID: 97955
http://www.securityfocus.com/bid/97955
http://www.openwall.com/lists/oss-security/2017/04/21/1
http://ubuntu.com/usn/usn-3289-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-8086
BugTraq ID: 98012
http://www.securityfocus.com/bid/98012
http://www.openwall.com/lists/oss-security/2017/04/25/5
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8112
BugTraq ID: 98015
http://www.securityfocus.com/bid/98015
http://www.openwall.com/lists/oss-security/2017/04/26/5
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8309
BugTraq ID: 98302
http://www.securityfocus.com/bid/98302
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8379
BugTraq ID: 98277
http://www.securityfocus.com/bid/98277
http://www.openwall.com/lists/oss-security/2017/05/03/2
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8380
BugTraq ID: 98303
http://www.securityfocus.com/bid/98303
Common Vulnerability Exposure (CVE) ID: CVE-2017-9330
BugTraq ID: 98779
http://www.securityfocus.com/bid/98779
Debian Security Information: DSA-3920 (Google Search)
http://www.debian.org/security/2017/dsa-3920
http://www.openwall.com/lists/oss-security/2017/06/01/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-9373
BugTraq ID: 98921
http://www.securityfocus.com/bid/98921
http://www.openwall.com/lists/oss-security/2017/06/05/1
Common Vulnerability Exposure (CVE) ID: CVE-2017-9374
BugTraq ID: 98905
http://www.securityfocus.com/bid/98905
http://www.openwall.com/lists/oss-security/2017/06/06/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-9375
BugTraq ID: 98915
http://www.securityfocus.com/bid/98915
Debian Security Information: DSA-3991 (Google Search)
http://www.debian.org/security/2017/dsa-3991
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.openwall.com/lists/oss-security/2017/06/05/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-9503
BugTraq ID: 99010
http://www.securityfocus.com/bid/99010
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
http://www.openwall.com/lists/oss-security/2017/06/08/1
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.