Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.891694 |
Category: | Debian Local Security Checks |
Title: | Debian LTS: Security Advisory for qemu (DLA-1694-1) |
Summary: | , 902725, 921525;;Several vulnerabilities were found in QEMU, a fast processor emulator:;;CVE-2018-12617;;The qmp_guest_file_read function (qga/commands-posix.c) is affected;by an integer overflow and subsequent memory allocation failure. This;weakness might be leveraged by remote attackers to cause denial of;service (application crash).;;CVE-2018-16872;;The usb_mtp_get_object, usb_mtp_get_partial_object and;usb_mtp_object_readdir functions (hw/usb/dev-mtp.c) are affected by a;symlink attack. Remote attackers might leverage this vulnerability to;perform information disclosure.;;CVE-2019-6778;;The tcp_emu function (slirp/tcp_subr.c) is affected by a heap buffer;overflow caused by insufficient validation of available space in the;sc_rcv->sb_data buffer. Remote attackers might leverage this flaw to;cause denial of service, or any other unspecified impact. |
Description: | Summary: , 902725, 921525 Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-12617 The qmp_guest_file_read function (qga/commands-posix.c) is affected by an integer overflow and subsequent memory allocation failure. This weakness might be leveraged by remote attackers to cause denial of service (application crash). CVE-2018-16872 The usb_mtp_get_object, usb_mtp_get_partial_object and usb_mtp_object_readdir functions (hw/usb/dev-mtp.c) are affected by a symlink attack. Remote attackers might leverage this vulnerability to perform information disclosure. CVE-2019-6778 The tcp_emu function (slirp/tcp_subr.c) is affected by a heap buffer overflow caused by insufficient validation of available space in the sc_rcv->sb_data buffer. Remote attackers might leverage this flaw to cause denial of service, or any other unspecified impact. Affected Software/OS: qemu on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u10. We recommend that you upgrade your qemu packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-6778 BugTraq ID: 106758 http://www.securityfocus.com/bid/106758 Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/May/76 Debian Security Information: DSA-4454 (Google Search) https://www.debian.org/security/2019/dsa-4454 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ [Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html [oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() http://www.openwall.com/lists/oss-security/2019/01/24/5 RedHat Security Advisories: RHSA-2019:1883 https://access.redhat.com/errata/RHSA-2019:1883 RedHat Security Advisories: RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:1968 RedHat Security Advisories: RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2425 RedHat Security Advisories: RHSA-2019:2892 https://access.redhat.com/errata/RHSA-2019:2892 SuSE Security Announcement: SUSE-SA-2019:0254-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html SuSE Security Announcement: openSUSE-SU-2019:1226 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/3923-1/ |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |