OracleVM 3.4:qemu-kvm (OVMSA-2016-0051)

high Nessus 插件 ID 91316
全新!漏洞优先级评级 (VPR)

Tenable 测算每个漏洞的动态 VPR。VPR 将漏洞信息与威胁情报和机器学习算法相结合,预测哪些漏洞最有可能在攻击中被利用。了解详细信息: VPR 的定义及其与 CVSS 的区别。

VPR 得分: 9.2

简介

远程 OracleVM 主机缺少安全更新。

描述

远程 OracleVM 系统缺少必要修补程序来解决关键安全更新:

- kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407]

- kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407]

- kvm-vga-use-constants-from-vga.h.patch [bz#1331407]

- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407]

- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.
patch [bz#1331407]

- kvm-vga-add-vbe_enabled-helper.patch [bz#1331407]

- kvm-vga-factor-out-vga-register-setup.patch [bz#1331407]

- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407]

- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac .patch

- 解决了:bz#1331407(EMBARGOED CVE-2016-3710 qemu-kvm:
qemu:vga 模块中不正确的堆积访问权限边界检查 [rhel-6.8.z])

- 恢复“非 Intel CPU 的 CPU 线程 >1 时发出警告”补丁

- kvm-qemu-ga-implement-win32-guest-set-user-password.patch [bz#1174181]

- kvm-util-add-base64-decoding-function.patch [bz#1174181]

- kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181]

- kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patch [bz#1174181]

- kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181]

- kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons .patch

- kvm-qga-fix-off-by-one-length-check.patch [bz#1174181]

- kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181]

- 解决了:bz#1174181(RFE:提供用于设置根帐户密码(Linux 客户机)的 QEMU 客户机代理命令)

- kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743]

- kvm-block-mirror-fix-full-sync-mode-when-target-does-not .patch [bz#971312]

- 解决了:bz#1290743(当在客户机引导期间重复 system_reset 20 次时,qemu-kvm 核心转储存)

- 解决了:bz#971312(区块:镜像到原始区块设备不会使未使用的区块归零)

- 2016 年 2 月 8 日星期一 Miroslav Rezanina < - 0.12.1.2-2.488.el6

- 修复了 qemu-ga 路径配置 [bz#1213233]

- 解决了:bz#1213233([virtagent]“fsfreeze-hook”脚本的默认路径“/etc/qemu/fsfreeze-hook”不存在)

- kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques .patch

- kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740]

- 解决了:bz#1249740(在 ENOSPC 完成迁移时 Dst VM 发生段错误)

- kvm-blockdev-Error-out-on-negative-throttling-option-val .patch

- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE .patch

- 解决了:bz#1294619(iops、bps 设置为负数时,客户机应该无法引导)

- 解决了:bz#1298046(CVE-2016-1714 qemu-kvm:Qemu:
nvram:处理固件配置时的 OOB r/w 访问权限 [rhel-6.8])

- kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233]

- kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743]

- 解决了:bz#1213233([virtagent]“fsfreeze-hook”脚本的默认路径“/etc/qemu/fsfreeze-hook”不存在)

- 解决了:bz#1290743(当在客户机引导期间重复 system_reset 20 次时,qemu-kvm 核心转储存)

- kvm-qga-flush-explicitly-when-needed.patch [bz#1210246]

- kvm-qga-add-guest-set-user-password-command.patch [bz#1174181]

- kvm-qcow2-Zero-initialise-first-cluster-for-new-images.patch [bz#1223216]

- kvm-Documentation-Warn-against-qemu-img-on-active-image.
patch [bz#1297424]

- kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I .patch

- kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442]

- kvm-qga-Fix-memory-allocation-pasto.patch []

- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work- .patch

- 解决了:bz#1174181(RFE:提供用于设置根/管理员帐户密码的 QEMU 客户机代理命令)

- 解决了:bz#1210246([virtagent] 如果在客户机代理刷新之前“读取”,则会丢失“写入”内容)

- 解决了:bz#1223216(后端是区块设备时,qemu-img 无法创建 qcow2 镜像)

- 解决了:bz#1250442(第 3.3 节“调用”中的 qemu-doc.html 标记错误)

- 解决了:bz#1268347(如果 fd 的打开方式为 O_WRONLY,则 posix_fallocate 的 NFS 仿真会因为文件描述符错误而失败)

- 解决了:bz#1292678(cmdline 在 amd 主机中设置 threads=2 时,Qemu 应报告错误)

- 解决了:bz#1297424(在手册页中添加关于正在活动 VM 上运行 qemu-img 的警告)

- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866]

- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in .patch

- 解决了:bz#1262866([RHEL6] 从主机到 Win2012r2 客户机的 ping 大小为 64000 时,程序包的丢失率为 100%)

- kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat .patch

- kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s .patch

- kvm-net-pcnet-add-check-to-validate-receive-data-size-CV .patch

- kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567]

- 解决了:bz#1219908(使用“virsh snapshot-create-as”命令写入快照的速度变慢,因为创建了更多快照)

- 解决了:bz#1265428(不迁移 MSR_TSC_AUX 的内容)

- 解决了:bz#1286567(CVE-2015-7512 qemu-kvm:Qemu:net:
pcnet:在非回环模式下的缓冲区溢出 [rhel-6.8])

- kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE- .patch

- 解决了:bz#1263275(CVE-2015-5279 qemu-kvm:qemu:ne2000_receive 函数中的堆溢出漏洞 [rhel-6.8])

- kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng .patch

- kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236]

- kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20 .patch

- kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015- .patch

- kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE .patch

- kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248763]

- kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248763]

- kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51 .patch

- kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248763]

- 解决了:bz#1213236([virtagent] 操作系统在 spapr-vscsi 磁盘上的客户机执行“guest-fstrim”失败)

- 解决了:bz#1230068(重新添加 virtio-rng-pci 设备时发生分段错误)

- 解决了:bz#1248763(CVE-2015-5165 qemu-kvm:Qemu:
rtl8139 未初始化的堆内存信息泄漏给客户机 [rhel-6.8])

解决方案

更新受影响的 qemu-img 程序包。

另见

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000467.html

插件详情

严重性: High

ID: 91316

文件名: oraclevm_OVMSA-2016-0051.nasl

版本: 2.7

类型: local

发布时间: 2016/5/25

最近更新时间: 2021/1/4

依存关系: ssh_get_info.nasl

风险信息

风险因素: High

VPR 得分: 9.2

CVSS v2.0

基本分数: 7.2

时间分数: 5.3

矢量: AV:L/AC:L/Au:N/C:C/I:C/A:C

时间矢量: E:U/RL:OF/RC:C

CVSS v3.0

基本分数: 9

时间分数: 7.8

矢量: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

时间矢量: E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:oracle:vm:qemu-img, cpe:/o:oracle:vm_server:3.4

必需的 KB 项: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

易利用性: No known exploits are available

补丁发布日期: 2016/5/24

漏洞发布日期: 2015/8/12

参考资料信息

CVE: CVE-2015-5165, CVE-2015-5279, CVE-2015-7512, CVE-2016-1714, CVE-2016-3710