RHEL 7 : qemu-kvm-rhev (RHSA-2018:1104)

critical Nessus Plugin ID 109070

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1104 advisory.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.10.0).
(BZ#1470749)

Security Fix(es):

* Qemu: stack buffer overflow in NBD server triggered via long export name (CVE-2017-15118)

* Qemu: DoS via large option request (CVE-2017-15119)

* Qemu: vga: OOB read access during display update (CVE-2017-13672)

* Qemu: vga: reachable assert failure during display update (CVE-2017-13673)

* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)

* Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)

* Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)

* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683.
The CVE-2017-15118 and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3850ee21

https://access.redhat.com/errata/RHSA-2018:1104

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1139507

https://bugzilla.redhat.com/show_bug.cgi?id=1178472

https://bugzilla.redhat.com/show_bug.cgi?id=1212715

https://bugzilla.redhat.com/show_bug.cgi?id=1213786

https://bugzilla.redhat.com/show_bug.cgi?id=1285044

https://bugzilla.redhat.com/show_bug.cgi?id=1305398

https://bugzilla.redhat.com/show_bug.cgi?id=1320114

https://bugzilla.redhat.com/show_bug.cgi?id=1344299

https://bugzilla.redhat.com/show_bug.cgi?id=1372583

https://bugzilla.redhat.com/show_bug.cgi?id=1378241

https://bugzilla.redhat.com/show_bug.cgi?id=1390346

https://bugzilla.redhat.com/show_bug.cgi?id=1390348

https://bugzilla.redhat.com/show_bug.cgi?id=1398633

https://bugzilla.redhat.com/show_bug.cgi?id=1406803

https://bugzilla.redhat.com/show_bug.cgi?id=1414049

https://bugzilla.redhat.com/show_bug.cgi?id=1433670

https://bugzilla.redhat.com/show_bug.cgi?id=1434321

https://bugzilla.redhat.com/show_bug.cgi?id=1437113

https://bugzilla.redhat.com/show_bug.cgi?id=1441460

https://bugzilla.redhat.com/show_bug.cgi?id=1441684

https://bugzilla.redhat.com/show_bug.cgi?id=1441938

https://bugzilla.redhat.com/show_bug.cgi?id=1443877

https://bugzilla.redhat.com/show_bug.cgi?id=1445834

https://bugzilla.redhat.com/show_bug.cgi?id=1446565

https://bugzilla.redhat.com/show_bug.cgi?id=1447258

https://bugzilla.redhat.com/show_bug.cgi?id=1447413

https://bugzilla.redhat.com/show_bug.cgi?id=1448344

https://bugzilla.redhat.com/show_bug.cgi?id=1449067

https://bugzilla.redhat.com/show_bug.cgi?id=1449609

https://bugzilla.redhat.com/show_bug.cgi?id=1449991

https://bugzilla.redhat.com/show_bug.cgi?id=1451015

https://bugzilla.redhat.com/show_bug.cgi?id=1451189

https://bugzilla.redhat.com/show_bug.cgi?id=1451269

https://bugzilla.redhat.com/show_bug.cgi?id=1453167

https://bugzilla.redhat.com/show_bug.cgi?id=1454362

https://bugzilla.redhat.com/show_bug.cgi?id=1454367

https://bugzilla.redhat.com/show_bug.cgi?id=1455074

https://bugzilla.redhat.com/show_bug.cgi?id=1457662

https://bugzilla.redhat.com/show_bug.cgi?id=1459906

https://bugzilla.redhat.com/show_bug.cgi?id=1459945

https://bugzilla.redhat.com/show_bug.cgi?id=1460119

https://bugzilla.redhat.com/show_bug.cgi?id=1460595

https://bugzilla.redhat.com/show_bug.cgi?id=1460848

https://bugzilla.redhat.com/show_bug.cgi?id=1497740

https://bugzilla.redhat.com/show_bug.cgi?id=1498042

https://bugzilla.redhat.com/show_bug.cgi?id=1498496

https://bugzilla.redhat.com/show_bug.cgi?id=1498754

https://bugzilla.redhat.com/show_bug.cgi?id=1498817

https://bugzilla.redhat.com/show_bug.cgi?id=1498865

https://bugzilla.redhat.com/show_bug.cgi?id=1499011

https://bugzilla.redhat.com/show_bug.cgi?id=1499647

https://bugzilla.redhat.com/show_bug.cgi?id=1500181

https://bugzilla.redhat.com/show_bug.cgi?id=1500334

https://bugzilla.redhat.com/show_bug.cgi?id=1501240

https://bugzilla.redhat.com/show_bug.cgi?id=1501337

https://bugzilla.redhat.com/show_bug.cgi?id=1501468

https://bugzilla.redhat.com/show_bug.cgi?id=1502949

https://bugzilla.redhat.com/show_bug.cgi?id=1505654

https://bugzilla.redhat.com/show_bug.cgi?id=1505696

https://bugzilla.redhat.com/show_bug.cgi?id=1505701

https://bugzilla.redhat.com/show_bug.cgi?id=1506151

https://bugzilla.redhat.com/show_bug.cgi?id=1506531

https://bugzilla.redhat.com/show_bug.cgi?id=1506882

https://bugzilla.redhat.com/show_bug.cgi?id=1507693

https://bugzilla.redhat.com/show_bug.cgi?id=1508271

https://bugzilla.redhat.com/show_bug.cgi?id=1508799

https://bugzilla.redhat.com/show_bug.cgi?id=1508886

https://bugzilla.redhat.com/show_bug.cgi?id=1510809

https://bugzilla.redhat.com/show_bug.cgi?id=1511312

https://bugzilla.redhat.com/show_bug.cgi?id=1513870

https://bugzilla.redhat.com/show_bug.cgi?id=1515173

https://bugzilla.redhat.com/show_bug.cgi?id=1515393

https://bugzilla.redhat.com/show_bug.cgi?id=1515604

https://bugzilla.redhat.com/show_bug.cgi?id=1516922

https://bugzilla.redhat.com/show_bug.cgi?id=1516925

https://bugzilla.redhat.com/show_bug.cgi?id=1517144

https://bugzilla.redhat.com/show_bug.cgi?id=1518482

https://bugzilla.redhat.com/show_bug.cgi?id=1518649

https://bugzilla.redhat.com/show_bug.cgi?id=1519721

https://bugzilla.redhat.com/show_bug.cgi?id=1520294

https://bugzilla.redhat.com/show_bug.cgi?id=1520824

https://bugzilla.redhat.com/show_bug.cgi?id=1523414

https://bugzilla.redhat.com/show_bug.cgi?id=1525195

https://bugzilla.redhat.com/show_bug.cgi?id=1525324

https://bugzilla.redhat.com/show_bug.cgi?id=1525868

https://bugzilla.redhat.com/show_bug.cgi?id=1526212

https://bugzilla.redhat.com/show_bug.cgi?id=1526423

https://bugzilla.redhat.com/show_bug.cgi?id=1528173

https://bugzilla.redhat.com/show_bug.cgi?id=1529053

https://bugzilla.redhat.com/show_bug.cgi?id=1529243

https://bugzilla.redhat.com/show_bug.cgi?id=1529676

https://bugzilla.redhat.com/show_bug.cgi?id=1530356

https://bugzilla.redhat.com/show_bug.cgi?id=1534491

https://bugzilla.redhat.com/show_bug.cgi?id=1535752

https://bugzilla.redhat.com/show_bug.cgi?id=1535992

https://bugzilla.redhat.com/show_bug.cgi?id=1538494

https://bugzilla.redhat.com/show_bug.cgi?id=1538953

https://bugzilla.redhat.com/show_bug.cgi?id=1540003

https://bugzilla.redhat.com/show_bug.cgi?id=1540182

https://bugzilla.redhat.com/show_bug.cgi?id=1542045

https://bugzilla.redhat.com/show_bug.cgi?id=1462145

https://bugzilla.redhat.com/show_bug.cgi?id=1463172

https://bugzilla.redhat.com/show_bug.cgi?id=1464908

https://bugzilla.redhat.com/show_bug.cgi?id=1465799

https://bugzilla.redhat.com/show_bug.cgi?id=1468260

https://bugzilla.redhat.com/show_bug.cgi?id=1470634

https://bugzilla.redhat.com/show_bug.cgi?id=1472756

https://bugzilla.redhat.com/show_bug.cgi?id=1474464

https://bugzilla.redhat.com/show_bug.cgi?id=1475634

https://bugzilla.redhat.com/show_bug.cgi?id=1476121

https://bugzilla.redhat.com/show_bug.cgi?id=1481593

https://bugzilla.redhat.com/show_bug.cgi?id=1482478

https://bugzilla.redhat.com/show_bug.cgi?id=1486400

https://bugzilla.redhat.com/show_bug.cgi?id=1486560

https://bugzilla.redhat.com/show_bug.cgi?id=1486588

https://bugzilla.redhat.com/show_bug.cgi?id=1489670

https://bugzilla.redhat.com/show_bug.cgi?id=1489800

https://bugzilla.redhat.com/show_bug.cgi?id=1491909

https://bugzilla.redhat.com/show_bug.cgi?id=1492178

https://bugzilla.redhat.com/show_bug.cgi?id=1492295

https://bugzilla.redhat.com/show_bug.cgi?id=1495090

https://bugzilla.redhat.com/show_bug.cgi?id=1495456

https://bugzilla.redhat.com/show_bug.cgi?id=1496879

https://bugzilla.redhat.com/show_bug.cgi?id=1497120

https://bugzilla.redhat.com/show_bug.cgi?id=1497137

Plugin Details

Severity: Critical

ID: 109070

File Name: redhat-RHSA-2018-1104.nasl

Version: 1.11

Type: local

Agent: unix

Published: 4/17/2018

Updated: 11/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-15118

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev, p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2018

Vulnerability Publication Date: 8/29/2017

Reference Information

CVE: CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2018-5683

CWE: 121, 125, 400, 416, 617, 770

RHSA: 2018:1104