This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- An out-of-bounds r/w access issue was found in QEMU's
Cirrus CLGD 54xx VGA Emulator support. The vulnerability
could occur while copying VGA data via various bitblt
functions. A privileged user inside a guest could use
this flaw to crash the QEMU process or, potentially,
execute arbitrary code on the host with privileges of
the QEMU process. (CVE-2017-7980)
- An out-of-bounds access issue was found in QEMU's Cirrus
CLGD 54xx VGA Emulator support. The vulnerability could
occur while copying VGA data using bitblt functions (for
example, cirrus_bitblt_rop_fwd_transp_). A privileged
user inside a guest could use this flaw to crash the
QEMU process, resulting in denial of service.
Bug Fix(es) :
- Previously, guest virtual machines in some cases became
unresponsive when the 'pty' back end of a serial device
performed an irregular I/O communication. This update
improves the handling of serial I/O on guests, which
prevents the described problem from occurring.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.6