CentOS Update for qemu-guest-agent CESA-2019:2892 centos6

Technical Details

Severity Level:

High Severity

CVSS Score:

7.2

CVSS Base Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'qemu-guest-agent' Linux Distribution Package(s) announced via the CESA-2019:2892 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm Linux Distribution Packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Versions:
'qemu-guest-agent' Linux Distribution Package(s) on CentOS 6.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Family:

CentOS Local Security Checks

Creation Time:

2019-10-01 02:00:49

Modification Time:

2019-10-01 10:38:58

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2018-10839
CVE-2018-11806
CVE-2018-17962
CVE-2019-6778
CVE-2019-12155

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.