qemu-kvm < 0.12.1.2-2.448 el6 Venom Vulnerability

high Log Correlation Engine Plugin ID 801940

Synopsis

The qemu-kvm server is vulnerable to the Venom remote code execution attack.

Description

The remote host is running a version of qemu-kvm which is vulnerable to an out-of-bounds memory access flaw, which can cause a crash or execution of arbitrary code on the host.

Solution

Upgrade to qemu-kvm (or qemu-kvm-rhev) 0.12.1.2-2.448.

See Also

https://rhn.redhat.com/errata/RHSA-2015-0998.html

https://rhn.redhat.com/errata/RHSA-2015-1001.html

Plugin Details

Severity: High

ID: 801940

Family: Generic

Nessus ID: 83418, 83425, 83428, 83458, 83438

Reference Information

CVE: CVE-2015-3456