How to Patch and Protect Linux Server against the VENOM Vulnerability # CVE-2015-3456 A very serious security problem has been found in the virtual floppy drive QEMU's code used by many computer virtualization platforms including Xen, KVM, VirtualBox, and the native QEMU client. It is called VENOM vulnerability. How can I fix VENOM vulnerability and protect my Linux server against the attack? How do I verify that my server has been fixed against the VENOM vulnerability? This is tagged as high severity security bug and it was announced on 13th May 2015. The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase. Since the VENOM vulnerability exists in the hypervisor’s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, etc.). What is the VENOM security bug (CVE-2015-3456)? An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (F...
Comments
Post a Comment