Test ID:	1.3.6.1.4.1.25623.1.0.883114
Category:	CentOS Local Security Checks
Title:	CentOS Update for qemu-guest-agent CESA-2019:2892 centos6
Summary:	The remote host is missing an update for the 'qemu-guest-agent'; package(s) announced via the CESA-2019:2892 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-guest-agent' package(s) announced via the CESA-2019:2892 advisory. Vulnerability Insight: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'qemu-guest-agent' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10839 DSA-4338 https://www.debian.org/security/2018/dsa-4338 RHSA-2019:2892 https://access.redhat.com/errata/RHSA-2019:2892 USN-3826-1 https://usn.ubuntu.com/3826-1/ [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20181008 Qemu: integer overflow issues https://www.openwall.com/lists/oss-security/2018/10/08/1 [qemu-devel] 20180926 [PULL 21/25] ne2000: fix possible out of bound access in ne2000_receive https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839 Common Vulnerability Exposure (CVE) ID: CVE-2018-11806 BugTraq ID: 104400 http://www.securityfocus.com/bid/104400 Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/May/76 Debian Security Information: DSA-4454 (Google Search) https://www.debian.org/security/2019/dsa-4454 https://www.zerodayinitiative.com/advisories/ZDI-18-567/ https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html http://www.openwall.com/lists/oss-security/2018/06/07/1 https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html RedHat Security Advisories: RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2462 RedHat Security Advisories: RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2762 RedHat Security Advisories: RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2822 RedHat Security Advisories: RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2018:2887 RedHat Security Advisories: RHSA-2019:2892 Common Vulnerability Exposure (CVE) ID: CVE-2018-17962 Debian Security Information: DSA-4338 (Google Search) http://www.openwall.com/lists/oss-security/2018/10/08/1 https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html Common Vulnerability Exposure (CVE) ID: CVE-2019-6778 BugTraq ID: 106758 http://www.securityfocus.com/bid/106758 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ [Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html [oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() http://www.openwall.com/lists/oss-security/2019/01/24/5 RedHat Security Advisories: RHSA-2019:1883 https://access.redhat.com/errata/RHSA-2019:1883 RedHat Security Advisories: RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:1968 RedHat Security Advisories: RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2425 SuSE Security Announcement: SUSE-SA-2019:0254-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html SuSE Security Announcement: openSUSE-SU-2019:1226 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/3923-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-12155 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/ https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2 https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html RedHat Security Advisories: RHBA-2019:3723 https://access.redhat.com/errata/RHBA-2019:3723 RedHat Security Advisories: RHSA-2019:2607 https://access.redhat.com/errata/RHSA-2019:2607 RedHat Security Advisories: RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179 RedHat Security Advisories: RHSA-2019:3345 https://access.redhat.com/errata/RHSA-2019:3345 RedHat Security Advisories: RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742 RedHat Security Advisories: RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787 RedHat Security Advisories: RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344 SuSE Security Announcement: openSUSE-SU-2019:2041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html SuSE Security Announcement: openSUSE-SU-2019:2059 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html https://usn.ubuntu.com/4191-1/ https://usn.ubuntu.com/4191-2/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.