OracleVM 3.4 : qemu-kvm (OVMSA-2017-0047)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- kvm-cirrus-fix-patterncopy-checks.patch [bz#1420486
bz#1420488]

-
kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil
.patch

-
kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput
.patch

- Resolves: bz#1420486 (EMBARGOED CVE-2017-2620 qemu-kvm:
Qemu: display: cirrus: potential arbitrary code
execution via cirrus_bitblt_cputovideo [rhel-6.8.z])

- Resolves: bz#1420488 (EMBARGOED CVE-2017-2620
qemu-kvm-rhev: Qemu: display: cirrus: potential
arbitrary code execution via cirrus_bitblt_cputovideo
[rhel-6.8.z])

See also :

http://www.nessus.org/u?1b39d0a6

Solution :

Update the affected qemu-img package.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 97486 ()

Bugtraq ID:

CVE ID: CVE-2017-2620

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now