Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0050)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122009

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2012-0050)

Zusammenfassung: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2012-0050 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2012-0050 advisory.

Vulnerability Insight:
[qemu-kvm-0.12.1.2-2.209.el6_2.4]
- kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081]
- Resolves: bz#772081
(EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z])

[qemu-kvm-0.12.1.2-2.209.el6_2.3]
- kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721]
- kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721]
- CVE: CVE-2011-4127
- Resolves: bz#767721
(qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z])

[qemu-kvm-0.12.1.2-2.209.el6_2.2]
- kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375]
- CVE: CVE-2011-4127
- Resolves: bz#767721
(EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3])
- Resolves: bz#767906
(qemu-kvm should be built with full relro and PIE support)

Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0029
47740
http://secunia.com/advisories/47740
47741
http://secunia.com/advisories/47741
47992
http://secunia.com/advisories/47992
48318
http://secunia.com/advisories/48318
50913
http://secunia.com/advisories/50913
51642
http://www.securityfocus.com/bid/51642
FEDORA-2012-8604
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
RHSA-2012:0050
http://www.redhat.com/support/errata/RHSA-2012-0050.html
RHSA-2012:0370
http://rhn.redhat.com/errata/RHSA-2012-0370.html
SUSE-SU-2012:1320
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
USN-1339-1
http://www.ubuntu.com/usn/USN-1339-1
http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0
https://bugzilla.redhat.com/show_bug.cgi?id=772075
openSUSE-SU-2012:0207
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
qemu-processtxdesc-bo(72656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72656

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122009
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2012-0050)
Zusammenfassung:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2012-0050 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2012-0050 advisory. Vulnerability Insight: [qemu-kvm-0.12.1.2-2.209.el6_2.4] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081] - Resolves: bz#772081 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.3] - kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721] - CVE: CVE-2011-4127 - Resolves: bz#767721 (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.2] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375] - CVE: CVE-2011-4127 - Resolves: bz#767721 (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3]) - Resolves: bz#767906 (qemu-kvm should be built with full relro and PIE support) Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0029 47740 http://secunia.com/advisories/47740 47741 http://secunia.com/advisories/47741 47992 http://secunia.com/advisories/47992 48318 http://secunia.com/advisories/48318 50913 http://secunia.com/advisories/50913 51642 http://www.securityfocus.com/bid/51642 FEDORA-2012-8604 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html RHSA-2012:0050 http://www.redhat.com/support/errata/RHSA-2012-0050.html RHSA-2012:0370 http://rhn.redhat.com/errata/RHSA-2012-0370.html SUSE-SU-2012:1320 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html USN-1339-1 http://www.ubuntu.com/usn/USN-1339-1 http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0 https://bugzilla.redhat.com/show_bug.cgi?id=772075 openSUSE-SU-2012:0207 http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html qemu-processtxdesc-bo(72656) https://exchange.xforce.ibmcloud.com/vulnerabilities/72656
Copyright	Copyright (C) 2015 Greenbone AG