SynopsisThe remote Fedora host is missing a security update.
Description- Fix arm sd warnings with latest kernel (bz #1091548)
- Fix regression in CVE backport that affects openstack (thanks lbezdick)
- Fix guest startup crashes from autotest (bz #1081610)
- Block/image format validation CVE-2014-0142 - 2014-0148 (bz #1078201, bz #1086710, bz #1079140, bz #1086724, bz #1079240, bz #1086735, bz #1078885, bz #1086720, bz #1078232, bz #1086713, bz #1078848, bz #1086717, bz #1078212, bz #1086712)
- CVE-2014-0150: virtio-net: buffer overflow in virtio_net_handle_mac() function (bz #1086775, bz #1078846)
- CVE-2013-4544: vmxnet3: bounds checking buffer overrun (bz #1087513, bz #1087522)
- CVE-2014-2894: out of bounds buffer accesses, guest triggerable via IDE SMART (bz #1087981, bz #1087971)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected qemu package.
File Name: fedora_2014-5825.nasl
Supported Sensors: Frictionless Assessment Agent, Nessus Agent
Temporal Vector: E:ND/RL:OF/RC:C
CPE: p-cpe:/a:fedoraproject:fedora:qemu, cpe:/o:fedoraproject:fedora:20
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/1/2014
CVE: CVE-2013-4544, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150, CVE-2014-2894
BID: 66464, 66472, 66480, 66481, 66483, 66484, 66486, 66821, 66932, 66955