ID de Prueba:	1.3.6.1.4.1.25623.1.0.871828
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for qemu-kvm RHSA-2017:1430-01
Resumen:	The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718. Bug Fix(es): * Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring. (BZ#1452332) Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7718 BugTraq ID: 97957 http://www.securityfocus.com/bid/97957 https://security.gentoo.org/glsa/201706-03 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/04/19/4 RedHat Security Advisories: RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0980 RedHat Security Advisories: RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0981 RedHat Security Advisories: RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0982 RedHat Security Advisories: RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0983 RedHat Security Advisories: RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0984 RedHat Security Advisories: RHSA-2017:0988 https://access.redhat.com/errata/RHSA-2017:0988 RedHat Security Advisories: RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205 RedHat Security Advisories: RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206 RedHat Security Advisories: RHSA-2017:1430 https://access.redhat.com/errata/RHSA-2017:1430 RedHat Security Advisories: RHSA-2017:1431 https://access.redhat.com/errata/RHSA-2017:1431 RedHat Security Advisories: RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441 Common Vulnerability Exposure (CVE) ID: CVE-2017-7980 BugTraq ID: 102129 http://www.securityfocus.com/bid/102129 BugTraq ID: 97955 http://www.securityfocus.com/bid/97955 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://ubuntu.com/usn/usn-3289-1
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.