6.8 - GLSA-201412-01

Executive Summary

Summary
Title	QEMU: Multiple Vulnerabilities

Informations
Name	GLSA-201412-01	First vendor Publication	2014-12-08
Vendor	Gentoo	Last vendor Modification	2014-12-08
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in QEMU, the worst of which allows context dependent attackers to cause Denial of Service.

Background

QEMU is a generic and open source machine emulator and virtualizer.

Description

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service condition and a local user can obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All QEMU users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r1"

References

[ 1 ] CVE-2014-3471 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3471
[ 2 ] CVE-2014-3615 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3615
[ 3 ] CVE-2014-3640 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3640
[ 4 ] CVE-2014-5263 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5263
[ 5 ] CVE-2014-5388 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5388
[ 6 ] CVE-2014-7815 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201412-01.xml

CWE : Common Weakness Enumeration

%	Id	Name
17 %	CWE-476	NULL Pointer Dereference
17 %	CWE-416	Use After Free
17 %	CWE-200	Information Exposure
17 %	CWE-193	Off-by-one Error
17 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
17 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26768

Oval ID:	oval:org.mitre.oval:def:26768
Title:	USN-2342-1 -- qemu, qemu-kvm vulnerabilities
Description:	Several security issues were fixed in QEMU.
Family:	unix	Class:	patch
Reference(s):	USN-2342-1 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-3461 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3471	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	qemu qemu-kvm
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section qemu-system DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-aarch64 DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-arm DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-mips DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-misc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-ppc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-sparc DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND qemu-system-x86 DPKG is earlier than 0:2.0.0+dfsg-2ubuntu1.3 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND qemu-kvm DPKG is earlier than 0:1.0+noroms-0ubuntu14.17 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND qemu-kvm DPKG is earlier than 0:0.12.3+noroms-0ubuntu9.24

Definition Id: oval:org.mitre.oval:def:26922

Oval ID:	oval:org.mitre.oval:def:26922
Title:	DSA-3044-1 qemu-kvm - security update
Description:	Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family:	unix	Class:	patch
Reference(s):	DSA-3044-1 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	qemu-kvm
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu-kvm DPKG is earlier than 0:1.1.2+dfsg-6+deb7u4

Definition Id: oval:org.mitre.oval:def:27016

Oval ID:	oval:org.mitre.oval:def:27016
Title:	ELSA-2014-1669 -- qemu-kvm security and bug fix update (low)
Description:	[1.5.3-60.el7_0.10] - kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925] - kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925] - kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925] - kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925] - Resolves: bz#1122925 (Maintain relative path to backing file image during live merge (block-commit))
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1669 CVE-2014-3615	Version:	5
Platform(s):	Oracle Linux 7	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 7.x Packages match section qemu-kvm is earlier than 10:1.5.3-60.el7_0.10 AND libcacard is earlier than 10:1.5.3-60.el7_0.10 AND libcacard-devel is earlier than 10:1.5.3-60.el7_0.10 AND libcacard-tools is earlier than 10:1.5.3-60.el7_0.10 AND qemu-guest-agent is earlier than 10:1.5.3-60.el7_0.10 AND qemu-img is earlier than 10:1.5.3-60.el7_0.10 AND qemu-kvm-common is earlier than 10:1.5.3-60.el7_0.10 AND qemu-kvm-tools is earlier than 10:1.5.3-60.el7_0.10

Definition Id: oval:org.mitre.oval:def:27022

Oval ID:	oval:org.mitre.oval:def:27022
Title:	RHSA-2014:1669 -- qemu-kvm security and bug fix update (Low)
Description:	KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1669 CESA-2014:1669 CVE-2014-3615	Version:	5
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	qemu-kvm
Definition Synopsis:
Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages match section libcacard is earlier than 10:1.5.3-60.el7_0.10 AND libcacard-devel is earlier than 10:1.5.3-60.el7_0.10 AND libcacard-tools is earlier than 10:1.5.3-60.el7_0.10 AND qemu-guest-agent is earlier than 10:1.5.3-60.el7_0.10 AND qemu-img is earlier than 10:1.5.3-60.el7_0.10 AND qemu-kvm is earlier than 10:1.5.3-60.el7_0.10 AND qemu-kvm-common is earlier than 10:1.5.3-60.el7_0.10 AND qemu-kvm-tools is earlier than 10:1.5.3-60.el7_0.10 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND qemu-kvm-debuginfo is earlier than 10:1.5.3-60.el7_0.10

Definition Id: oval:org.mitre.oval:def:27023

Oval ID:	oval:org.mitre.oval:def:27023
Title:	DSA-3045-1 qemu - security update
Description:	Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family:	unix	Class:	patch
Reference(s):	DSA-3045-1 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 CVE-2014-3615 CVE-2014-3640	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	qemu
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu DPKG is earlier than 0:1.1.2+dfsg-6a+deb7u4

Definition Id: oval:org.mitre.oval:def:27312

Oval ID:	oval:org.mitre.oval:def:27312
Title:	DSA-3067-1 -- qemu-kvm security update
Description:	Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
Family:	unix	Class:	patch
Reference(s):	DSA-3067-1 CVE-2014-3689 CVE-2014-7815	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	qemu-kvm
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu-kvm is earlier than 0:1.1.2+dfsg-6+deb7u5

Definition Id: oval:org.mitre.oval:def:28093

Oval ID:	oval:org.mitre.oval:def:28093
Title:	DSA-3066-1 -- qemu security update
Description:	Several vulnerabilities were discovered in qemu, a fast processor emulator.
Family:	unix	Class:	patch
Reference(s):	DSA-3066-1 CVE-2014-3689 CVE-2014-7815	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	qemu
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu is earlier than 0:1.1.2+dfsg-6a+deb7u5

Definition Id: oval:org.mitre.oval:def:28286

Oval ID:	oval:org.mitre.oval:def:28286
Title:	USN-2409-1 -- QEMU vulnerabilities
Description:	Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>)
Family:	unix	Class:	patch
Reference(s):	USN-2409-1 CVE-2014-3615 CVE-2014-3640 CVE-2014-3689 CVE-2014-5263 CVE-2014-5388 CVE-2014-7815	Version:	5
Platform(s):	Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	qemu qemu-kvm
Definition Synopsis:
Ubuntu 14.10 release section Ubuntu 14.10 is installed Packages match section qemu-system-misc is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-aarch64 is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-x86 is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-sparc is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-arm is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-ppc is earlier than 0:2.1+dfsg-4ubuntu6.1 AND qemu-system-mips is earlier than 0:2.1+dfsg-4ubuntu6.1 AND Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section qemu-system-misc is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-aarch64 is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-x86 is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-sparc is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-arm is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-ppc is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND qemu-system-mips is earlier than 0:2.0.0+dfsg-2ubuntu1.7 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND qemu-kvm is earlier than 0:1.0+noroms-0ubuntu14.19 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND qemu-kvm is earlier than 0:0.12.3+noroms-0ubuntu9.25

CPE : Common Platform Enumeration

Type	Description	Count
Application	Qemu cpe:2.3:a:qemu:qemu:2.1.3:::::::* cpe:2.3:a:qemu:qemu:2.1.2:r1:::::: cpe:2.3:a:qemu:qemu:2.1.2:::::::* cpe:2.3:a:qemu:qemu:2.1.1:::::::* cpe:2.3:a:qemu:qemu:2.1.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc5:::::: cpe:2.3:a:qemu:qemu:2.1.0:-:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.2:::::::* cpe:2.3:a:qemu:qemu:2.0.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.0.0:-:::::: cpe:2.3:a:qemu:qemu:1.7.1:::::::* cpe:2.3:a:qemu:qemu:1.6.2:::::::* cpe:2.3:a:qemu:qemu:1.6.1:::::::* cpe:2.3:a:qemu:qemu:1.6.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.6.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.3:::::::* cpe:2.3:a:qemu:qemu:1.5.2:::::::* cpe:2.3:a:qemu:qemu:1.5.1:::::::* cpe:2.3:a:qemu:qemu:1.5.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.5.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.4.2:::::::* cpe:2.3:a:qemu:qemu:1.4.1:::::::* cpe:2.3:a:qemu:qemu:1.4.0:-:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.1:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.3.0:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.2:::::::* cpe:2.3:a:qemu:qemu:1.2.1:::::::* cpe:2.3:a:qemu:qemu:1.2.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.2.0:-:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.1.2:::::::* cpe:2.3:a:qemu:qemu:1.1.1:::::::* cpe:2.3:a:qemu:qemu:1.1:rc4:::::: cpe:2.3:a:qemu:qemu:1.1:rc1:::::: cpe:2.3:a:qemu:qemu:1.1:rc2:::::: cpe:2.3:a:qemu:qemu:1.1:rc3:::::: cpe:2.3:a:qemu:qemu:1.1:-:::::: cpe:2.3:a:qemu:qemu:1.0.1:::::::* cpe:2.3:a:qemu:qemu:1.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.0:rc4:::::: cpe:2.3:a:qemu:qemu:1.0:-:::::: cpe:2.3:a:qemu:qemu:1:2.1+dfsg-12+deb8u6:::::::* cpe:2.3:a:qemu:qemu:1:2.8+dfsg-6+deb9u8:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8+deb10u2:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8~deb10u1:::::::* cpe:2.3:a:qemu:qemu:1:4.1-1:::::::* cpe:2.3:a:qemu:qemu:0.9.1-5:::::::* cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.15.2:::::::* cpe:2.3:a:qemu:qemu:0.15.1:::::::* cpe:2.3:a:qemu:qemu:0.15.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.15.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.15.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.1:::::::* cpe:2.3:a:qemu:qemu:0.14.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.13.0:-:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.12.5:::::::* cpe:2.3:a:qemu:qemu:0.12.4:::::::* cpe:2.3:a:qemu:qemu:0.12.3:::::::* cpe:2.3:a:qemu:qemu:0.12.2:::::::* cpe:2.3:a:qemu:qemu:0.12.1:::::::* cpe:2.3:a:qemu:qemu:0.12.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.12.0:-:::::: cpe:2.3:a:qemu:qemu:0.12.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc2:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc0:::::::* cpe:2.3:a:qemu:qemu:0.11.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.0:-:::::: cpe:2.3:a:qemu:qemu:0.10.6:::::::* cpe:2.3:a:qemu:qemu:0.10.5:::::::* cpe:2.3:a:qemu:qemu:0.10.4:::::::* cpe:2.3:a:qemu:qemu:0.10.3:::::::* cpe:2.3:a:qemu:qemu:0.10.2:::::::* cpe:2.3:a:qemu:qemu:0.10.1:::::::* cpe:2.3:a:qemu:qemu:0.10.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	134
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::	7
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.1:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*	5
Os	Redhat Enterprise Linux Hpc Node cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*	4
Os	Redhat Enterprise Linux Server Tus cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::	1
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:12:-::::::	1

Snort® IPS/IDS

Date	Description
2015-10-01	QEMU VNC set-pixel-format memory corruption attempt RuleID : 35851 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2016-11-14	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2781-1.nasl - Type : ACT_GATHER_INFO
2016-11-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2725-1.nasl - Type : ACT_GATHER_INFO
2016-10-26	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2628-1.nasl - Type : ACT_GATHER_INFO
2016-10-26	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2533-1.nasl - Type : ACT_GATHER_INFO
2016-10-26	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2528-1.nasl - Type : ACT_GATHER_INFO
2016-10-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1170.nasl - Type : ACT_GATHER_INFO
2016-10-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1169.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1785-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1698-1.nasl - Type : ACT_GATHER_INFO
2016-07-28	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0089.nasl - Type : ACT_GATHER_INFO
2016-06-22	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1560-1.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO
2016-05-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-04-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO
2016-04-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-01	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-25	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2015-10-21	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1782-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0744-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0613-1.nasl - Type : ACT_GATHER_INFO
2015-04-30	Name : The remote host is missing a vendor-supplied security patch. File : citrix_xenserver_CTX200892.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO
2015-03-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-03-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0624.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kvm-libvirt-201412-150124.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kvm-libvirt-201412-150123.nasl - Type : ACT_GATHER_INFO
2014-12-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-01.nasl - Type : ACT_GATHER_INFO
2014-11-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO
2014-11-14	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2409-1.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing a security update. File : fedora_2014-14033.nasl - Type : ACT_GATHER_INFO
2014-11-10	Name : The remote Fedora host is missing a security update. File : fedora_2014-13993.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1670.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3067.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3066.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1669.nasl - Type : ACT_GATHER_INFO
2014-10-09	Name : The remote Fedora host is missing a security update. File : fedora_2014-11641.nasl - Type : ACT_GATHER_INFO
2014-10-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3045.nasl - Type : ACT_GATHER_INFO
2014-10-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3044.nasl - Type : ACT_GATHER_INFO
2014-09-29	Name : The remote Fedora host is missing a security update. File : fedora_2014-11588.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote Fedora host is missing a security update. File : fedora_2014-10761.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2342-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-01-12 21:24:43	Multiple Updates
2014-12-10 13:27:02	Multiple Updates
2014-12-09 00:25:39	First insertion

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	8
CPE ID(s)	161
Snort® Rule(s)	1
Nessus® Exploit(s)	49

	Related
6.8	CVE-2014-5263
5.5	CVE-2014-3471
5	CVE-2014-7815
4.6	CVE-2014-5388
2.1	CVE-2014-3640
2.1	CVE-2014-3615
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

6.8 - GLSA-201412-01

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU