Oracle Linux 6 : qemu-kvm (ELSA-2019-2892)

High Nessus Plugin ID 129329

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2019:2892 :

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)

* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)

* QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839)

* QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)

* QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected qemu-kvm packages.

Oracle Linux 6 : qemu-kvm (ELSA-2019-2892)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information