Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852359
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1074-1)
Zusammenfassung:The remote host is missing an update for the 'qemu'; package(s) announced via the openSUSE-SU-2019:1074-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'qemu'
package(s) announced via the openSUSE-SU-2019:1074-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

Security vulnerabilities addressed:

- CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)

- CVE-2018-16872: Fixed a host security vulnerability related to handling
symlinks in usb-mtp (bsc#1119493)

- CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)

- CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs
interface is deliberately abused (bsc#1116717)

- CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory
operations (bsc#1114957)

- CVE-2017-13673: Fixed a reachable assert failure during during display
update (bsc#1056386)

- CVE-2017-13672: Fixed an out-of-bounds read access during display update
(bsc#1056334)

- CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga
display allowing for Denial-of-Service (bsc#1084604)

Other bug fixes and changes:

- Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL
buffer in qemu (bsc#1121600)

- Fix bad guest time after migration (bsc#1113231)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1074=1

Affected Software/OS:
'qemu' package(s) on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-7858
BugTraq ID: 103350
http://www.securityfocus.com/bid/103350
http://www.openwall.com/lists/oss-security/2018/03/09/1
https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
RedHat Security Advisories: RHSA-2018:1369
https://access.redhat.com/errata/RHSA-2018:1369
RedHat Security Advisories: RHSA-2018:1416
https://access.redhat.com/errata/RHSA-2018:1416
RedHat Security Advisories: RHSA-2018:2162
https://access.redhat.com/errata/RHSA-2018:2162
SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
https://usn.ubuntu.com/3649-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-6778
BugTraq ID: 106758
http://www.securityfocus.com/bid/106758
Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2019/May/76
Debian Security Information: DSA-4454 (Google Search)
https://www.debian.org/security/2019/dsa-4454
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
[Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
[oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()
http://www.openwall.com/lists/oss-security/2019/01/24/5
RedHat Security Advisories: RHSA-2019:1883
https://access.redhat.com/errata/RHSA-2019:1883
RedHat Security Advisories: RHSA-2019:1968
https://access.redhat.com/errata/RHSA-2019:1968
RedHat Security Advisories: RHSA-2019:2425
https://access.redhat.com/errata/RHSA-2019:2425
RedHat Security Advisories: RHSA-2019:2892
https://access.redhat.com/errata/RHSA-2019:2892
SuSE Security Announcement: SUSE-SA-2019:0254-1 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html
SuSE Security Announcement: openSUSE-SU-2019:1226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/3923-1/
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.