Scientific Linux Security Update : qemu-kvm on SL7.x x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- Quick Emulator(Qemu) built with the Block driver for
iSCSI images support (virtio-blk) is vulnerable to a
heap buffer overflow issue. It could occur while
processing iSCSI asynchronous I/O ioctl(2) calls. A user
inside guest could use this flaw to crash the Qemu
process resulting in DoS or potentially leverage it to
execute arbitrary code with privileges of the Qemu
process on the host. (CVE-2016-5126)

- Quick emulator(Qemu) built with the virtio framework is
vulnerable to an unbounded memory allocation issue. It
was found that a malicious guest user could submit more
requests than the virtqueue size permits. Processing a
request allocates a VirtQueueElement and therefore
causes unbounded memory allocation on the host
controlled by the guest. (CVE-2016-5403)

See also :

http://www.nessus.org/u?1a4a9699

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 92998 ()

Bugtraq ID:

CVE ID: CVE-2016-5126
CVE-2016-5403

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now