SuSE Local Security Checks : openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2513-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.851620

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2513-1)

Resumen: The remote host is missing an update for the 'qemu'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

Security issues fixed:

* CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)

* CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb
redirection support (bsc#1047674)

* CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)

* CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)

The following non-security issues were fixed:

- Postrequire acl for setfacl

- Prerequire shadow for groupadd

- The recent security fix for CVE-2017-11334 adversely affects Xen.
Include two additional patches to make sure Xen is going to be OK.

- Pre-add group kvm for qemu-tools (bsc#1011144)

- Fixed a few more inaccuracies in the support docs.

- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12
SP3. Apply a few additional clarifications in the support docs.
(bsc#1050268)

- Adjust to libvdeplug-devel package naming changes.

- Fix migration with xhci (bsc#1048296)

- Increase VNC delay to fix missing keyboard input events (bsc#1031692)

- Remove build dependency package iasl used for seabios

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Affected Software/OS:
qemu on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10664
Common Vulnerability Exposure (CVE) ID: CVE-2017-10806
Common Vulnerability Exposure (CVE) ID: CVE-2017-11334
Common Vulnerability Exposure (CVE) ID: CVE-2017-11434

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.851620
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2513-1)
Resumen:	The remote host is missing an update for the 'qemu'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu' package(s) announced via the referenced advisory. Vulnerability Insight: This update for qemu fixes the following issues: Security issues fixed: * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636) * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674) * CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902) * CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381) The following non-security issues were fixed: - Postrequire acl for setfacl - Prerequire shadow for groupadd - The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. - Pre-add group kvm for qemu-tools (bsc#1011144) - Fixed a few more inaccuracies in the support docs. - Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes. - Fix migration with xhci (bsc#1048296) - Increase VNC delay to fix missing keyboard input events (bsc#1031692) - Remove build dependency package iasl used for seabios This update was imported from the SUSE:SLE-12-SP3:Update update project. Affected Software/OS: qemu on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10664 Common Vulnerability Exposure (CVE) ID: CVE-2017-10806 Common Vulnerability Exposure (CVE) ID: CVE-2017-11334 Common Vulnerability Exposure (CVE) ID: CVE-2017-11434
Copyright	Copyright (C) 2017 Greenbone Networks GmbH