Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0816.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0816-1)
Summary:The remote host is missing an update for the 'KVM' package(s) announced via the SUSE-SU-2014:0816-1 advisory.
Description:Summary:
The remote host is missing an update for the 'KVM' package(s) announced via the SUSE-SU-2014:0816-1 advisory.

Vulnerability Insight:
Several security issues in KVM have been fixed. Some issues could have resulted in arbitrary code execution or crash of the kvm host.

* virtio-net: buffer overflow in virtio_net_handle_mac() function
(CVE-2014-0150)
* Fixed out of bounds buffer accesses, guest triggerable via IDE SMART
(CVE-2014-2894)
*

Fixed various virtio-net buffer overflows
(CVE-2013-4148,CVE-2013-4149,CVE-2013-4150,CVE-2013-4151)

*

Fixed ahci buffer overrun (CVE-2013-4526)

* Fixed hpet buffer overrun (CVE-2013-4527)
* Fixed a PCIE-AER buffer overrun (CVE-2013-4529)
* Fixed a buffer overrun in pl022 (CVE-2013-4530)
* Fixed a vmstate buffer overflow (CVE-2013-4531)
* Fixed a pxa2xx buffer overrun (CVE-2013-4533)
* Fixed a openpic buffer overrun (CVE-2013-4534)
* Validate virtio num_sg mapping (CVE-2013-4535 / CVE-2013-4536)
* Fixed ssi-sd buffer overrun (CVE-2013-4537)
* Fixed ssd0323 buffer overrun (CVE-2013-4538)
* Fixed tsc210x buffer overrun (CVE-2013-4539)
* Fixed Zaurus buffer overrun (CVE-2013-4540)
* Some USB sanity checking added (CVE-2013-4541)
* Fixed virtio scsi buffer overrun (CVE-2013-4542)
* Fixed another virtio buffer overrun (CVE-2013-6399)
* Validate config_len on load in virtio (CVE-2014-0182)

Security Issue references:

* CVE-2014-0150
* CVE-2014-2894

Affected Software/OS:
'KVM' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4148
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
RedHat Security Advisories: RHSA-2014:0743
http://rhn.redhat.com/errata/RHSA-2014-0743.html
RedHat Security Advisories: RHSA-2014:0744
http://rhn.redhat.com/errata/RHSA-2014-0744.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4149
RedHat Security Advisories: RHSA-2014:0927
http://rhn.redhat.com/errata/RHSA-2014-0927.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4150
Common Vulnerability Exposure (CVE) ID: CVE-2013-4151
Common Vulnerability Exposure (CVE) ID: CVE-2013-4526
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4527
Common Vulnerability Exposure (CVE) ID: CVE-2013-4529
Common Vulnerability Exposure (CVE) ID: CVE-2013-4530
Common Vulnerability Exposure (CVE) ID: CVE-2013-4531
Common Vulnerability Exposure (CVE) ID: CVE-2013-4533
Common Vulnerability Exposure (CVE) ID: CVE-2013-4534
Common Vulnerability Exposure (CVE) ID: CVE-2013-4535
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
https://bugzilla.redhat.com/show_bug.cgi?id=1066401
Common Vulnerability Exposure (CVE) ID: CVE-2013-4536
Common Vulnerability Exposure (CVE) ID: CVE-2013-4537
Common Vulnerability Exposure (CVE) ID: CVE-2013-4538
Common Vulnerability Exposure (CVE) ID: CVE-2013-4539
Common Vulnerability Exposure (CVE) ID: CVE-2013-4540
SuSE Security Announcement: openSUSE-SU-2014:1279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:1281 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4541
Common Vulnerability Exposure (CVE) ID: CVE-2013-4542
Common Vulnerability Exposure (CVE) ID: CVE-2013-6399
Common Vulnerability Exposure (CVE) ID: CVE-2014-0150
Debian Security Information: DSA-2909 (Google Search)
http://www.debian.org/security/2014/dsa-2909
Debian Security Information: DSA-2910 (Google Search)
http://www.debian.org/security/2014/dsa-2910
http://article.gmane.org/gmane.comp.emulators.qemu/266768
http://thread.gmane.org/gmane.comp.emulators.qemu/266713
http://secunia.com/advisories/57878
http://secunia.com/advisories/58191
http://www.ubuntu.com/usn/USN-2182-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0182
Common Vulnerability Exposure (CVE) ID: CVE-2014-2894
BugTraq ID: 66932
http://www.securityfocus.com/bid/66932
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
http://www.openwall.com/lists/oss-security/2014/04/15/4
http://www.openwall.com/lists/oss-security/2014/04/18/5
RedHat Security Advisories: RHSA-2014:0704
http://rhn.redhat.com/errata/RHSA-2014-0704.html
http://secunia.com/advisories/57945
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.