This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Virtuozzo host is missing a security update.
An update for qemu-kvm is now available for Red Hat Enterprise Linux
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Kernel-based Virtual Machine (KVM) is a full virtualization solution
for Linux on a variety of architectures. The qemu-kvm packages provide
the user-space component for running virtual machines that use KVM.
Security Fix(es) :
* A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA
emulator's VNC display driver support; the issue could occur when a
VNC client attempted to update its display after a VGA operation is
performed by a guest. A privileged user/process inside a guest could
use this flaw to crash the QEMU process or, potentially, execute
arbitrary code on the host with privileges of the QEMU process.
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.
See also :
Update the affected qemu-img / qemu-kvm / qemu-kvm-common / etc package.
Risk factor :
Medium / CVSS Base Score : 5.4
CVSS Temporal Score : 4.6
Public Exploit Available : false