Mandriva Linux Security Advisory : qemu (MDVSA-2014:249)

high Nessus Plugin ID 79994

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated qemu packages fix security vulnerabilities :

During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function.
A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-7840).

Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-8106).

Solution

Update the affected qemu and / or qemu-img packages.

See Also

http://advisories.mageia.org/MGASA-2014-0525.html

Plugin Details

Severity: High

ID: 79994

File Name: mandriva_MDVSA-2014-249.nasl

Version: 1.5

Type: local

Published: 12/15/2014

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:qemu, p-cpe:/a:mandriva:linux:qemu-img, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/14/2014

Reference Information

CVE: CVE-2014-7840, CVE-2014-8106

BID: 71477, 71658

MDVSA: 2014:249