Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CentOS Update for qemu-guest-agent CESA-2012:1234 centos6
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'qemu-guest-agent' package(s) announced via the referenced advisory.
Insight
Insight
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of KVM. Affected configurations were: * When guests were started from the command line ('/usr/libexec/qemu-kvm') without the '-nodefaults' option, and also without specifying a serial or parallel device, or a virtio-console device, that specifically does not use a virtual console (vc) back-end. (Note that Red Hat does not support invoking 'qemu-kvm' from the command line without '-nodefaults' on Red Hat Enterprise Linux 6.) * Guests that were managed via libvirt, such as when using Virtual Machine Manager (virt-manager), but that have a serial or parallel device, or a virtio-console device, that uses a virtual console back-end. By default, guests managed via libvirt will not use a virtual console back-end for such devices. Red Hat would like to thank the Xen project for reporting this issue. All users of qemu-kvm should upgrade to these updated packages, which resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Affected Software
Affected Software
qemu-guest-agent on CentOS 6
Solution
Solution
Please install the updated packages.