Plugins Database As of 12-09-2019

CentOS Update for qemu-guest-agent CESA-2019:2892 centos6

CentOS Local Security Checks
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.883114

CVSS Base Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'qemu-guest-agent' Linux Distribution Package(s) announced via the CESA-2019:2892 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm Linux Distribution Packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Versions:
'qemu-guest-agent' Linux Distribution Package(s) on CentOS 6.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Search
Severity
High
CVSS Score
7.2
Published
2019-10-01 02:00:49
Modified
2019-10-01 10:38:58
CVE
CVE-2018-10839
CVE-2018-11806
CVE-2018-17962
CVE-2019-6778
CVE-2019-12155

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.