Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.2679.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:2679-1)
Zusammenfassung:The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2018:2679-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2018:2679-1 advisory.

Vulnerability Insight:
This update for qemu fixes the following issues:

This security issue was fixed:
CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
have been exploited by sending a crafted QMP command (including
guest-file-read with a large count value) to the agent via the listening
socket causing DoS (bsc#1098735)

These non-security issues were fixed:
Allow kvm group access to /dev/sev (bsc#1102604).

Fix for the value used for reduced_phys_bits. Please update the
reduced_phys_bits value used on the commandline or in libvirt XML to the
value 1 (explicitly set now in QEMU code). (bsc#1103628)

Fix (again) the qemu guest agent udev rule file, which got unfixed in a
series of unfortunate events (bsc#1094898 and now bsc#1105279)

Affected Software/OS:
'qemu' package(s) on SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Basesystem 15

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-12617
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.