Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.703573
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 3573-1 (qemu - security update)
Zusammenfassung:Several vulnerabilities were discovered;in qemu, a fast processor emulator.;;CVE-2016-3710;Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds;read and write flaw in the QEMU VGA module. A privileged guest user;could use this flaw to execute arbitrary code on the host with the;privileges of the hosting QEMU process.;;CVE-2016-3712;Zuozhi Fzz of Alibaba Inc discovered potential integer overflow;or out-of-bounds read access issues in the QEMU VGA module. A;privileged guest user could use this flaw to mount a denial of;service (QEMU process crash).
Beschreibung:Summary:
Several vulnerabilities were discovered
in qemu, a fast processor emulator.

CVE-2016-3710
Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds
read and write flaw in the QEMU VGA module. A privileged guest user
could use this flaw to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2016-3712
Zuozhi Fzz of Alibaba Inc discovered potential integer overflow
or out-of-bounds read access issues in the QEMU VGA module. A
privileged guest user could use this flaw to mount a denial of
service (QEMU process crash).

Affected Software/OS:
qemu on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 1:2.1+dfsg-12+deb8u6.

We recommend that you upgrade your qemu packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-3710
BugTraq ID: 90316
http://www.securityfocus.com/bid/90316
Debian Security Information: DSA-3573 (Google Search)
http://www.debian.org/security/2016/dsa-3573
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
http://www.openwall.com/lists/oss-security/2016/05/09/3
RedHat Security Advisories: RHSA-2016:0724
http://rhn.redhat.com/errata/RHSA-2016-0724.html
RedHat Security Advisories: RHSA-2016:0725
http://rhn.redhat.com/errata/RHSA-2016-0725.html
RedHat Security Advisories: RHSA-2016:0997
http://rhn.redhat.com/errata/RHSA-2016-0997.html
RedHat Security Advisories: RHSA-2016:0999
http://rhn.redhat.com/errata/RHSA-2016-0999.html
RedHat Security Advisories: RHSA-2016:1000
http://rhn.redhat.com/errata/RHSA-2016-1000.html
RedHat Security Advisories: RHSA-2016:1001
http://rhn.redhat.com/errata/RHSA-2016-1001.html
RedHat Security Advisories: RHSA-2016:1002
http://rhn.redhat.com/errata/RHSA-2016-1002.html
RedHat Security Advisories: RHSA-2016:1019
http://rhn.redhat.com/errata/RHSA-2016-1019.html
RedHat Security Advisories: RHSA-2016:1224
https://access.redhat.com/errata/RHSA-2016:1224
RedHat Security Advisories: RHSA-2016:1943
http://rhn.redhat.com/errata/RHSA-2016-1943.html
http://www.securitytracker.com/id/1035794
http://www.ubuntu.com/usn/USN-2974-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-3712
BugTraq ID: 90314
http://www.securityfocus.com/bid/90314
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html
http://www.openwall.com/lists/oss-security/2016/05/09/4
RedHat Security Advisories: RHSA-2016:2585
http://rhn.redhat.com/errata/RHSA-2016-2585.html
RedHat Security Advisories: RHSA-2017:0621
http://rhn.redhat.com/errata/RHSA-2017-0621.html
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.