Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.4.2021.1240.1 |
Category: | SuSE Local Security Checks |
Title: | SUSE: Security Advisory (SUSE-SU-2021:1240-1) |
Summary: | The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1240-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2021:1240-1 advisory. Vulnerability Insight: This update for qemu fixes the following issues: Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Affected Software/OS: 'qemu' package(s) on HPE Helion Openstack 8, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3416 https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://www.openwall.com/lists/oss-security/2021/02/26/1 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |