Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-1272)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123571

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2013-1272)

Zusammenfassung: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-1272 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-1272 advisory.

Vulnerability Insight:
[0.10.2-18.0.1.el6_4.14]
- Replace docs/et.png in tarball with blank image

[0.10.2-18.el6_4.14]
- spec: Update requirements to pick up rebuilt polkit (CVE-2013-4311)

[0.10.2-18.el6_4.13]
- spec: Fix messed up dependency on polkit (CVE-2013-4311)

[0.10.2-18.el6_4.12]
- Introduce APIs for splitting/joining strings (rhbz#1006265)
- Rename virKillProcess to virProcessKill (rhbz#1006265)
- Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (rhbz#1006265)
- Rename virCommandTranslateStatus to virProcessTranslateStatus (rhbz#1006265)
- Move virProcessKill into virprocess.{h, c} (rhbz#1006265)
- Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (rhbz#1006265)
- Include process start time when doing polkit checks (rhbz#1006265)
- Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)

[0.10.2-18.el6_4.11]
- Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)

[0.10.2-18.el6_4.10]
- qemu: Avoid leaking uri in qemuMigrationPrepareDirect (rhbz#984578)
- qemu: Fix double free in qemuMigrationPrepareDirect (rhbz#984578)
[when parsing a single device (rhbz#1003934)]
- Plug leak in virCgroupMoveTask (rhbz#984556)
- Fix invalid read in virCgroupGetValueStr (rhbz#984561)

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4296
60895
http://secunia.com/advisories/60895
DSA-2764
http://www.debian.org/security/2013/dsa-2764
GLSA-201412-04
http://security.gentoo.org/glsa/glsa-201412-04.xml
RHSA-2013:1272
http://rhn.redhat.com/errata/RHSA-2013-1272.html
RHSA-2013:1460
http://rhn.redhat.com/errata/RHSA-2013-1460.html
USN-1954-1
http://www.ubuntu.com/usn/USN-1954-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0
http://wiki.libvirt.org/page/Maintenance_Releases
https://bugzilla.redhat.com/show_bug.cgi?id=1006173
openSUSE-SU-2013:1549
http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html
openSUSE-SU-2013:1550
http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4311
[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races
http://www.openwall.com/lists/oss-security/2013/09/18/6

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123571
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-1272)
Zusammenfassung:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-1272 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-1272 advisory. Vulnerability Insight: [0.10.2-18.0.1.el6_4.14] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.14] - spec: Update requirements to pick up rebuilt polkit (CVE-2013-4311) [0.10.2-18.el6_4.13] - spec: Fix messed up dependency on polkit (CVE-2013-4311) [0.10.2-18.el6_4.12] - Introduce APIs for splitting/joining strings (rhbz#1006265) - Rename virKillProcess to virProcessKill (rhbz#1006265) - Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (rhbz#1006265) - Rename virCommandTranslateStatus to virProcessTranslateStatus (rhbz#1006265) - Move virProcessKill into virprocess.{h, c} (rhbz#1006265) - Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (rhbz#1006265) - Include process start time when doing polkit checks (rhbz#1006265) - Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) [0.10.2-18.el6_4.11] - Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) [0.10.2-18.el6_4.10] - qemu: Avoid leaking uri in qemuMigrationPrepareDirect (rhbz#984578) - qemu: Fix double free in qemuMigrationPrepareDirect (rhbz#984578) [when parsing a single device (rhbz#1003934)] - Plug leak in virCgroupMoveTask (rhbz#984556) - Fix invalid read in virCgroupGetValueStr (rhbz#984561) Affected Software/OS: 'libvirt' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4296 60895 http://secunia.com/advisories/60895 DSA-2764 http://www.debian.org/security/2013/dsa-2764 GLSA-201412-04 http://security.gentoo.org/glsa/glsa-201412-04.xml RHSA-2013:1272 http://rhn.redhat.com/errata/RHSA-2013-1272.html RHSA-2013:1460 http://rhn.redhat.com/errata/RHSA-2013-1460.html USN-1954-1 http://www.ubuntu.com/usn/USN-1954-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0 http://wiki.libvirt.org/page/Maintenance_Releases https://bugzilla.redhat.com/show_bug.cgi?id=1006173 openSUSE-SU-2013:1549 http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html openSUSE-SU-2013:1550 http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4311 [oss-security] 20130918 Re: Fwd: [vs-plain] polkit races http://www.openwall.com/lists/oss-security/2013/09/18/6
Copyright	Copyright (C) 2015 Greenbone AG