Update for qemu-guest-agent CESA-2017:0309 centos6. Check version of qemu-guest-agent. Fixes out-of-bounds access issue and out-of-bounds read-access flaw
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | OracleVM 3.4 : qemu-kvm (OVMSA-2017-0043) | 27 Feb 201700:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 : qemu-kvm (ELSA-2017-0309) | 24 Feb 201700:00 | – | nessus |
Tenable Nessus | RHEL 6 : qemu-kvm-rhev (RHSA-2017:0344) | 2 Mar 201700:00 | – | nessus |
Tenable Nessus | RHEL 6 : qemu-kvm (RHSA-2017:0309) | 24 Feb 201700:00 | – | nessus |
Tenable Nessus | Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-0309) | 13 Jul 201700:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170223) | 24 Feb 201700:00 | – | nessus |
Tenable Nessus | CentOS 6 : qemu-kvm (CESA-2017:0309) | 27 Feb 201700:00 | – | nessus |
Tenable Nessus | RHEL 7 : qemu-kvm-rhev (RHSA-2017:0350) | 2 Mar 201700:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170117) | 18 Jan 201700:00 | – | nessus |
Tenable Nessus | RHEL 7 : qemu-kvm (RHSA-2017:0083) | 18 Jan 201700:00 | – | nessus |
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882666");
script_version("2023-07-12T05:05:04+0000");
script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
script_tag(name:"creation_date", value:"2017-03-02 12:09:23 +0530 (Thu, 02 Mar 2017)");
script_cve_id("CVE-2016-2857", "CVE-2017-2615");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-09-07 10:29:00 +0000 (Fri, 07 Sep 2018)");
script_tag(name:"qod_type", value:"package");
script_name("CentOS Update for qemu-guest-agent CESA-2017:0309 centos6");
script_tag(name:"summary", value:"Check the version of qemu-guest-agent");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Kernel-based Virtual Machine (KVM) is a
full virtualization solution for Linux on a variety of architectures.
The qemu-kvm packages provide the user-space component for running virtual
machines that use KVM.
Security Fix(es):
* Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator
support is vulnerable to an out-of-bounds access issue. It could occur
while copying VGA data via bitblt copy in backward mode. A privileged user
inside a guest could use this flaw to crash the Qemu process resulting in
DoS or potentially execute arbitrary code on the host with privileges of
Qemu process on the host. (CVE-2017-2615)
* An out-of-bounds read-access flaw was found in the QEMU emulator built
with IP checksum routines. The flaw could occur when computing a TCP/UDP
packet's checksum, because a QEMU function used the packet's payload length
without checking against the data buffer's size. A user inside a guest
could use this flaw to crash the QEMU process (denial of service).
(CVE-2016-2857)
Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn
Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for
reporting CVE-2016-2857.
This update also fixes the following bug:
* Previously, rebooting a guest virtual machine more than 128 times in a
short period of time caused the guest to shut down instead of rebooting,
because the virtqueue was not cleaned properly. This update ensures that
the virtqueue is cleaned more reliably, which prevents the described
problem from occurring. (BZ#1408389)
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.");
script_tag(name:"affected", value:"qemu-guest-agent on CentOS 6");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"CESA", value:"2017:0309");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2017-February/022287.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"qemu-guest-agent", rpm:"qemu-guest-agent~0.12.1.2~2.491.el6_8.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~0.12.1.2~2.491.el6_8.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~0.12.1.2~2.491.el6_8.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-kvm-tools", rpm:"qemu-kvm-tools~0.12.1.2~2.491.el6_8.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo