Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CentOS Update for qemu-img CESA-2017:3368 centos7
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check the version of qemu-img
Insight
Insight
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167) * Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of service (DoS). (CVE-2017-15289) Red Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.
Affected Software
Affected Software
qemu-img on CentOS 7
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Please Install the Updated Packages.