RHEL 8:virt: rhel 和 virt-devel: rhel (RHSA-2021: 3061)

medium Nessus 插件 ID 152445
全新!插件严重性现在使用 CVSS v3

计算的插件严重性默认已更新为使用 CVSS v3。没有 CVSS v3 分数的插件将回退到 CVSS v2 来计算严重性。可以在设置下拉列表中切换严重性显示首选项。

简介

远程 Red Hat 主机缺少一个或多个安全更新。

描述

远程 Redhat Enterprise Linux 8 主机上安装的程序包受到 RHSA-2021: 3061 公告中提及的多个漏洞影响。

- QEMU:msix:mmio 操作期间的 OOB 访问可能导致 DoS (CVE-2020-13754)

- QEMU:net:通过 eth_get_gso_type 造成断言失败 (CVE-2020-27617)

- qemu:通过中断 ID 字段的越界堆缓冲区访问 (CVE-2021-20221)

- QEMU:net:环回模式中存在无限循环,可导致堆栈溢出 (CVE-2021-3416)

- hivex:提供无效的节点密钥长度时会发生缓冲区溢出 (CVE-2021-3504)

请注意,Nessus 尚未测试此问题,而是只依靠应用程序自我报告的版本号来判断。

解决方案

更新受影响的程序包。

另见

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/617.html

https://cwe.mitre.org/data/definitions/835.html

https://cwe.mitre.org/data/definitions/787.html

https://access.redhat.com/security/cve/CVE-2021-20221

https://bugzilla.redhat.com/1924601

https://access.redhat.com/security/cve/CVE-2021-3504

https://bugzilla.redhat.com/1949687

https://access.redhat.com/security/cve/CVE-2020-13754

https://bugzilla.redhat.com/1842363

https://access.redhat.com/security/cve/CVE-2020-27617

https://access.redhat.com/security/cve/CVE-2021-3416

https://access.redhat.com/errata/RHSA-2021:3061

https://bugzilla.redhat.com/1891668

https://bugzilla.redhat.com/1932827

插件详情

严重性: Medium

ID: 152445

文件名: redhat-RHSA-2021-3061.nasl

版本: 1.3

类型: local

代理: unix

发布时间: 2021/8/11

最近更新时间: 2021/10/7

依存关系: ssh_get_info.nasl, redhat_repos.nasl

风险信息

CVSS 分数来源: CVE-2021-3504

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: Medium

基本分数: 5.8

时间分数: 4.3

矢量: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

时间矢量: CVSS2#E:U/RL:OF/RC:C

CVSS v3

风险因素: Medium

基本分数: 5.4

时间分数: 4.7

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-guest-agent:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-img:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-java:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-java-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-javadoc:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-tools-c:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-libguestfs-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:perl-sys-guestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ruby-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-client:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-lock-sanlock:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-config-network:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-interface:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-network:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-qemu:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-secret:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-kvm:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-docs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:hivex-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-hivex-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:perl-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:netcf:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:netcf-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:netcf-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-common:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-admin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-nss:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:slof:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-benchmarking:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-gfs2:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-gobject:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-gobject-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-inspect-icons:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-man-pages-ja:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-man-pages-uk:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-rescue:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-rsync:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-winsupport:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libguestfs-xfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libiscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libiscsi-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libiscsi-utils:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-dbus:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:lua-guestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-basic-plugins:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-example-plugins:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:perl-sys-virt:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:python3-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:python3-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:python3-libvirt:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-block-curl:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-block-gluster:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-block-iscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-block-rbd:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-block-ssh:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-core:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:qemu-kvm-tests:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ruby-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:seabios:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:seabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:seavgabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:sgabios:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:sgabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:supermin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:supermin-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:virt-dib:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:virt-v2v:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libnbd:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:libnbd-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-basic-filters:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-curl-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-gzip-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-linuxdisk-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-python-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-server:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-ssh-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-vddk-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdkit-xz-filter:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-libnbd:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:ocaml-libnbd-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:python3-libnbd:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:nbdfuse:*:*:*:*:*:*:*, cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*, cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*, cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*, cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*

必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

易利用性: No known exploits are available

补丁发布日期: 2021/8/10

漏洞发布日期: 2020/6/2

参考资料信息

CVE: CVE-2020-13754, CVE-2020-27617, CVE-2021-20221, CVE-2021-3416, CVE-2021-3504

CWE: 125, 787, 835, 617

IAVB: 2020-B-0041-S, 2020-B-0063-S

RHSA: 2021:3061