Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2014.1278.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2014:1278-1)
Zusammenfassung:The remote host is missing an update for the 'kvm' package(s) announced via the SUSE-SU-2014:1278-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the SUSE-SU-2014:1278-1 advisory.

Vulnerability Insight:
kvm has been updated to fix issues in the embedded qemu:

*

CVE-2014-0223: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges
of the QEMU process.

*

CVE-2014-3461: A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process.

*

CVE-2014-0222: An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges
of the QEMU process.

Non-security bugs fixed:

* Fix exceeding IRQ routes that could have caused freezes of guests.
(bnc#876842)
* Fix CPUID emulation bugs that may have broken Windows guests with
newer -cpu types (bnc#886535)

Security Issues:

* CVE-2014-0222
* CVE-2014-0223
* CVE-2014-3461

Affected Software/OS:
'kvm' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0222
BugTraq ID: 67357
http://www.securityfocus.com/bid/67357
Debian Security Information: DSA-3044 (Google Search)
http://www.debian.org/security/2014/dsa-3044
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
SuSE Security Announcement: SUSE-SU-2015:0929 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
SuSE Security Announcement: openSUSE-SU-2015:1965 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0223
BugTraq ID: 67391
http://www.securityfocus.com/bid/67391
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3461
http://article.gmane.org/gmane.comp.emulators.qemu/272092
RedHat Security Advisories: RHSA-2014:0743
http://rhn.redhat.com/errata/RHSA-2014-0743.html
RedHat Security Advisories: RHSA-2014:0744
http://rhn.redhat.com/errata/RHSA-2014-0744.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.