CentOS Local Security Checks : CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883198

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)

Resumen: The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2020:0775 advisory.

Descripción: Summary:
The remote host is missing an update for the 'qemu-guest-agent'
package(s) announced via the CESA-2020:0775 advisory.

Vulnerability Insight:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* QEMU: slirp: heap buffer overflow during packet reassembly
(CVE-2019-14378)

* QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
(CVE-2020-7039)

* QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'qemu-guest-agent' package(s) on CentOS 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-7039
Bugtraq: 20200203 [SECURITY] [DSA 4616-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2020/Feb/0
Debian Security Information: DSA-4616 (Google Search)
https://www.debian.org/security/2020/dsa-4616
https://security.gentoo.org/glsa/202005-02
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html
RedHat Security Advisories: RHSA-2020:0348
https://access.redhat.com/errata/RHSA-2020:0348
RedHat Security Advisories: RHSA-2020:0775
https://access.redhat.com/errata/RHSA-2020:0775
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/4283-1/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883198
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for qemu-guest-agent (CESA-2020:0775)
Resumen:	The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2020:0775 advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-guest-agent' package(s) announced via the CESA-2020:0775 advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'qemu-guest-agent' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-7039 Bugtraq: 20200203 [SECURITY] [DSA 4616-1] qemu security update (Google Search) https://seclists.org/bugtraq/2020/Feb/0 Debian Security Information: DSA-4616 (Google Search) https://www.debian.org/security/2020/dsa-4616 https://security.gentoo.org/glsa/202005-02 https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html RedHat Security Advisories: RHSA-2020:0348 https://access.redhat.com/errata/RHSA-2020:0348 RedHat Security Advisories: RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775 SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/4283-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH