Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2010-0998)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122286

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2010-0998)

Zusammenfassung: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory.

Vulnerability Insight:
[kvm-83-164.0.1.el5_5.30]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch to replace RHEL with OEL
- Added kvm-Introduce-oel-machine-type.patch so that OEL is a recognized VM

[kvm-83-164.el5_5.30]
- Revert the bz#661397 patches as they are not enough
- kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397]
- kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#661397]
- Related: bz#661397
(reboot(RB_AUTOBOOT) fails if kvm instance is running)
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#656984]
- Resolves: bz#656984
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-164.el5_5.29]
- kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#661397]
- kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397]
- Resolves: bz#661397
(reboot(RB_AUTOBOOT) fails if kvm instance is running)

[kvm-83-164.el5_5.28]
- kvm-implement-dummy-PnP-support.patch [bz#659850]
- kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#660239]
- Resolves: bz#659850
(If VM boot seq. is set up as nc (PXE then disk) the VM is always stuck on trying to PXE boot)
- Resolves: bz#660239
(clock drift when migrating a guest between mis-matched CPU clock speed)

[kvm-83-164.el5_5.27]
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#656984]
- Resolves: bz#656984
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-164.el5_5.26]
- Updated kversion to 2.6.18-194.26.1.el5 to match build root
- kvm-kernel-KVM-x86-fix-information-leak-to-userland.patch [bz#649832]
- Resolves: bz#649832
(CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory [5.5.z])
- CVE: CVE-2010-3881

Affected Software/OS:
'kvm' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3881
1024912
http://securitytracker.com/id?1024912
42932
http://secunia.com/advisories/42932
44666
http://www.securityfocus.com/bid/44666
ADV-2010-3287
http://www.vupen.com/english/advisories/2010/3287
ADV-2011-0124
http://www.vupen.com/english/advisories/2011/0124
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
RHSA-2010:0998
http://rhn.redhat.com/errata/RHSA-2010-0998.html
SUSE-SA:2011:004
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[kvm] 20101030 [patch v2] x86: kvm: x86: fix information leak to userland
http://www.spinics.net/lists/kvm/msg44130.html
[oss-security] 20101104 CVE request: kernel: kvm kernel stack leakage
http://openwall.com/lists/oss-security/2010/11/04/10
[oss-security] 20101105 Re: CVE request: kernel: kvm kernel stack leakage
http://openwall.com/lists/oss-security/2010/11/05/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838
http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
https://bugzilla.redhat.com/show_bug.cgi?id=649920

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122286
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2010-0998)
Zusammenfassung:	The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory. Vulnerability Insight: [kvm-83-164.0.1.el5_5.30] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch to replace RHEL with OEL - Added kvm-Introduce-oel-machine-type.patch so that OEL is a recognized VM [kvm-83-164.el5_5.30] - Revert the bz#661397 patches as they are not enough - kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397] - kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#661397] - Related: bz#661397 (reboot(RB_AUTOBOOT) fails if kvm instance is running) - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#656984] - Resolves: bz#656984 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-164.el5_5.29] - kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#661397] - kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397] - Resolves: bz#661397 (reboot(RB_AUTOBOOT) fails if kvm instance is running) [kvm-83-164.el5_5.28] - kvm-implement-dummy-PnP-support.patch [bz#659850] - kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#660239] - Resolves: bz#659850 (If VM boot seq. is set up as nc (PXE then disk) the VM is always stuck on trying to PXE boot) - Resolves: bz#660239 (clock drift when migrating a guest between mis-matched CPU clock speed) [kvm-83-164.el5_5.27] - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#656984] - Resolves: bz#656984 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-164.el5_5.26] - Updated kversion to 2.6.18-194.26.1.el5 to match build root - kvm-kernel-KVM-x86-fix-information-leak-to-userland.patch [bz#649832] - Resolves: bz#649832 (CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory [5.5.z]) - CVE: CVE-2010-3881 Affected Software/OS: 'kvm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3881 1024912 http://securitytracker.com/id?1024912 42932 http://secunia.com/advisories/42932 44666 http://www.securityfocus.com/bid/44666 ADV-2010-3287 http://www.vupen.com/english/advisories/2010/3287 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 RHSA-2010:0998 http://rhn.redhat.com/errata/RHSA-2010-0998.html SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [kvm] 20101030 [patch v2] x86: kvm: x86: fix information leak to userland http://www.spinics.net/lists/kvm/msg44130.html [oss-security] 20101104 CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/04/10 [oss-security] 20101105 Re: CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/05/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 https://bugzilla.redhat.com/show_bug.cgi?id=649920
Copyright	Copyright (C) 2015 Greenbone AG