 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.882712 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for qemu-guest-agent CESA-2017:1206 centos6 |
| Zusammenfassung: | Check the version of qemu-guest-agent |
| Beschreibung: | Summary: Check the version of qemu-guest-agent Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603) * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds memory access issue was found in QEMU's VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory see the references. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Affected Software/OS: qemu-guest-agent on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9603 BugTraq ID: 96893 http://www.securityfocus.com/bid/96893 https://security.gentoo.org/glsa/201706-03 https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html RedHat Security Advisories: RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0980 RedHat Security Advisories: RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0981 RedHat Security Advisories: RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0982 RedHat Security Advisories: RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0983 RedHat Security Advisories: RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0984 RedHat Security Advisories: RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0985 RedHat Security Advisories: RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0987 RedHat Security Advisories: RHSA-2017:0988 https://access.redhat.com/errata/RHSA-2017:0988 RedHat Security Advisories: RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205 RedHat Security Advisories: RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206 RedHat Security Advisories: RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441 http://www.securitytracker.com/id/1038023 Common Vulnerability Exposure (CVE) ID: CVE-2017-2633 BugTraq ID: 96417 http://www.securityfocus.com/bid/96417 http://www.openwall.com/lists/oss-security/2017/02/23/1 RedHat Security Advisories: RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:1856 Common Vulnerability Exposure (CVE) ID: CVE-2017-7718 BugTraq ID: 97957 http://www.securityfocus.com/bid/97957 http://www.openwall.com/lists/oss-security/2017/04/19/4 RedHat Security Advisories: RHSA-2017:1430 https://access.redhat.com/errata/RHSA-2017:1430 RedHat Security Advisories: RHSA-2017:1431 https://access.redhat.com/errata/RHSA-2017:1431 Common Vulnerability Exposure (CVE) ID: CVE-2017-7980 BugTraq ID: 102129 http://www.securityfocus.com/bid/102129 BugTraq ID: 97955 http://www.securityfocus.com/bid/97955 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://ubuntu.com/usn/usn-3289-1 |
| Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |