Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.890842 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for qemu-kvm (DLA-842-1) |
Zusammenfassung: | Several vulnerabilities were discovered in qemu-kvm, a full;virtualization solution for Linux hosts on x86 hardware with x86 guests.;;CVE-2017-2615;;The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an;out-of-bounds access issue. It could occur while copying VGA data;via bitblt copy in backward mode.;;A privileged user inside guest could use this flaw to crash the;Qemu process resulting in DoS OR potentially execute arbitrary;code on the host with privileges of qemu-kvm process on the host.;;CVE-2017-2620;;The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an;out-of-bounds access issue. It could occur while copying VGA data;in cirrus_bitblt_cputovideo.;;A privileged user inside guest could use this flaw to crash the;Qemu process resulting in DoS OR potentially execute arbitrary;code on the host with privileges of qemu-kvm process on the host.;;CVE-2017-5898;;The CCID Card device emulator support is vulnerable to an integer;overflow flaw. It could occur while passing message via;command/responses packets to and from the host.;;A privileged user inside guest could use this flaw to crash the;qemu-kvm process on the host resulting in a DoS.;;This issue does not affect the qemu-kvm binaries in Debian but we;apply the patch to the sources to stay in sync with the qemu;package.;;CVE-2017-5973;;The USB xHCI controller emulator support in qemu-kvm is vulnerable;to an infinite loop issue. It could occur while processing control;transfer descriptors' sequence in xhci_kick_epctx.;;A privileged user inside guest could use this flaw to crash the;qemu-kvm process resulting in a DoS.;;This update also updates the fix CVE-2016-9921 since it was too strict;and broke certain guests. |
Beschreibung: | Summary: Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2017-2615 The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially execute arbitrary code on the host with privileges of qemu-kvm process on the host. CVE-2017-2620 The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially execute arbitrary code on the host with privileges of qemu-kvm process on the host. CVE-2017-5898 The CCID Card device emulator support is vulnerable to an integer overflow flaw. It could occur while passing message via command/responses packets to and from the host. A privileged user inside guest could use this flaw to crash the qemu-kvm process on the host resulting in a DoS. This issue does not affect the qemu-kvm binaries in Debian but we apply the patch to the sources to stay in sync with the qemu package. CVE-2017-5973 The USB xHCI controller emulator support in qemu-kvm is vulnerable to an infinite loop issue. It could occur while processing control transfer descriptors' sequence in xhci_kick_epctx. A privileged user inside guest could use this flaw to crash the qemu-kvm process resulting in a DoS. This update also updates the fix CVE-2016-9921 since it was too strict and broke certain guests. Affected Software/OS: qemu-kvm on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u20. We recommend that you upgrade your qemu-kvm packages. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9921 BugTraq ID: 94803 http://www.securityfocus.com/bid/94803 https://security.gentoo.org/glsa/201701-49 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2016/12/09/1 RedHat Security Advisories: RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392 RedHat Security Advisories: RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408 Common Vulnerability Exposure (CVE) ID: CVE-2017-2615 BugTraq ID: 95990 http://www.securityfocus.com/bid/95990 https://security.gentoo.org/glsa/201702-27 https://security.gentoo.org/glsa/201702-28 http://www.openwall.com/lists/oss-security/2017/02/01/6 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html RedHat Security Advisories: RHSA-2017:0309 http://rhn.redhat.com/errata/RHSA-2017-0309.html RedHat Security Advisories: RHSA-2017:0328 http://rhn.redhat.com/errata/RHSA-2017-0328.html RedHat Security Advisories: RHSA-2017:0329 http://rhn.redhat.com/errata/RHSA-2017-0329.html RedHat Security Advisories: RHSA-2017:0330 http://rhn.redhat.com/errata/RHSA-2017-0330.html RedHat Security Advisories: RHSA-2017:0331 http://rhn.redhat.com/errata/RHSA-2017-0331.html RedHat Security Advisories: RHSA-2017:0332 http://rhn.redhat.com/errata/RHSA-2017-0332.html RedHat Security Advisories: RHSA-2017:0333 http://rhn.redhat.com/errata/RHSA-2017-0333.html RedHat Security Advisories: RHSA-2017:0334 http://rhn.redhat.com/errata/RHSA-2017-0334.html RedHat Security Advisories: RHSA-2017:0344 http://rhn.redhat.com/errata/RHSA-2017-0344.html RedHat Security Advisories: RHSA-2017:0350 http://rhn.redhat.com/errata/RHSA-2017-0350.html RedHat Security Advisories: RHSA-2017:0396 http://rhn.redhat.com/errata/RHSA-2017-0396.html RedHat Security Advisories: RHSA-2017:0454 http://rhn.redhat.com/errata/RHSA-2017-0454.html http://www.securitytracker.com/id/1037804 Common Vulnerability Exposure (CVE) ID: CVE-2017-2620 BugTraq ID: 96378 http://www.securityfocus.com/bid/96378 https://security.gentoo.org/glsa/201703-07 https://security.gentoo.org/glsa/201704-01 https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html http://www.openwall.com/lists/oss-security/2017/02/21/1 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html RedHat Security Advisories: RHSA-2017:0351 http://rhn.redhat.com/errata/RHSA-2017-0351.html RedHat Security Advisories: RHSA-2017:0352 http://rhn.redhat.com/errata/RHSA-2017-0352.html http://www.securitytracker.com/id/1037870 Common Vulnerability Exposure (CVE) ID: CVE-2017-5898 BugTraq ID: 96112 http://www.securityfocus.com/bid/96112 http://www.openwall.com/lists/oss-security/2017/02/07/3 RedHat Security Advisories: RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:1856 SuSE Security Announcement: SUSE-SU-2017:0570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html SuSE Security Announcement: SUSE-SU-2017:0582 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html Common Vulnerability Exposure (CVE) ID: CVE-2017-5973 BugTraq ID: 96220 http://www.securityfocus.com/bid/96220 http://www.openwall.com/lists/oss-security/2017/02/13/11 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |