Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0276)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123692

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2013-0276)

Zusammenfassung: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0276 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0276 advisory.

Vulnerability Insight:
[libvirt-0.10.2-18.0.1.el6]
- Replace docs/et.png in tarball with blank image

[0.10.2-18]
- rpc: Fix crash on error paths of message dispatching (CVE-2013-0170)
- spec: Disable libssh2 support (rhbz#513363)

[0.10.2-17]
- storage: Fix lvcreate parameter for backingStore. (rhbz#896398)
- qemu: Don't return success if creation of snapshot save file fails (rhbz#896403)
- qemu: Reject attempts to create snapshots with names containing '/' (rhbz#896403)

[0.10.2-16]
- qemu_agent: Remove agent reference only when disposing it (rhbz#892079)
- Add RESUME event listener to qemu monitor. (rhbz#894085)

[0.10.2-15]
- snapshot: conf: Make virDomainSnapshotIsExternal more reusable (rhbz#889407)
- snapshot: qemu: Separate logic blocks with newlines (rhbz#889407)
- snapshot: qemu: Fix segfault and vanishing snapshots when redefining (rhbz#889407)
- snapshot: qemu: Allow redefinition of external snapshots (rhbz#889407)
- util: Prepare helpers for unpriv_sgio setting (rhbz#878578)
- qemu: Add a hash table for the shared disks (rhbz#878578)
- docs: Add docs and rng schema for new XML tag sgio (rhbz#878578)
- conf: Parse and format the new XML (rhbz#878578)
- qemu: Set unpriv_sgio when starting domain and attaching disk (rhbz#878578)
- qemu: Check if the shared disk's cdbfilter conflicts with others (rhbz#878578)
- qemu: Relax hard RSS limit (rhbz#891653)

[0.10.2-14]
- util: Add missing error log messages when failing to get netlink VFINFO (rhbz#889319)
- util: Fix functions that retrieve SRIOV VF info (rhbz#889319)
- util: Fix botched check for new netlink request filters (rhbz#889319)
- blockjob: Fix memleak that prevented block pivot (rhbz#888426)
- sanlock: Chown lease files as well (rhbz#820173)

[0.10.2-13]
- network: Prevent dnsmasq from listening on localhost (rhbz#886821)
- sanlock: Re-add lockspace unconditionally (rhbz#820173)
- Fix 'virsh create' example (rhbz#887187)
- docs: Fix some typos in examples (rhbz#887187)
- network: Don't require private addresses if dnsmasq uses SO_BINDTODEVICE (rhbz#882265)

[0.10.2-12]
- qemu: Eliminate bogus error log when changing netdev's bridge (rhbz#885838)
- remote: Avoid the thread race condition (rhbz#866524)
- storage: Error out earlier if the volume target path already exists (rhbz#832302)
- dnsmasq: Fix parsing of the version number (rhbz#885727)
- qemu: Restart CPUs with valid async job type when doing external snapshots (rhbz#885081)
- examples: Fix balloon event callback (rhbz#884650)
- util: Don't fail virGetGroupIDByName when group not found (rhbz#883832)
- util: Don't fail virGetUserIDByName when user not found (rhbz#883832)
- util: Rework error reporting in virGet(UserGroup)IDByName (rhbz#883832)
- util: Fix warning message in previous patch (rhbz#883832)

[0.10.2-11]
- Fix uninitialized variable in virLXCControllerSetupDevPTS (rhbz#880064)
- storage: Fix device detach regression with cgroup ACLs (rhbz#876828)
- storage: ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3411
54353
http://www.securityfocus.com/bid/54353
MDVSA-2013:072
http://www.mandriva.com/security/advisories?name=MDVSA-2013:072
RHSA-2013:0276
http://rhn.redhat.com/errata/RHSA-2013-0276.html
RHSA-2013:0277
http://rhn.redhat.com/errata/RHSA-2013-0277.html
RHSA-2013:0579
http://rhn.redhat.com/errata/RHSA-2013-0579.html
[oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created
http://www.openwall.com/lists/oss-security/2012/07/12/5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
https://bugzilla.redhat.com/show_bug.cgi?id=833033

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123692
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-0276)
Zusammenfassung:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0276 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0276 advisory. Vulnerability Insight: [libvirt-0.10.2-18.0.1.el6] - Replace docs/et.png in tarball with blank image [0.10.2-18] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170) - spec: Disable libssh2 support (rhbz#513363) [0.10.2-17] - storage: Fix lvcreate parameter for backingStore. (rhbz#896398) - qemu: Don't return success if creation of snapshot save file fails (rhbz#896403) - qemu: Reject attempts to create snapshots with names containing '/' (rhbz#896403) [0.10.2-16] - qemu_agent: Remove agent reference only when disposing it (rhbz#892079) - Add RESUME event listener to qemu monitor. (rhbz#894085) [0.10.2-15] - snapshot: conf: Make virDomainSnapshotIsExternal more reusable (rhbz#889407) - snapshot: qemu: Separate logic blocks with newlines (rhbz#889407) - snapshot: qemu: Fix segfault and vanishing snapshots when redefining (rhbz#889407) - snapshot: qemu: Allow redefinition of external snapshots (rhbz#889407) - util: Prepare helpers for unpriv_sgio setting (rhbz#878578) - qemu: Add a hash table for the shared disks (rhbz#878578) - docs: Add docs and rng schema for new XML tag sgio (rhbz#878578) - conf: Parse and format the new XML (rhbz#878578) - qemu: Set unpriv_sgio when starting domain and attaching disk (rhbz#878578) - qemu: Check if the shared disk's cdbfilter conflicts with others (rhbz#878578) - qemu: Relax hard RSS limit (rhbz#891653) [0.10.2-14] - util: Add missing error log messages when failing to get netlink VFINFO (rhbz#889319) - util: Fix functions that retrieve SRIOV VF info (rhbz#889319) - util: Fix botched check for new netlink request filters (rhbz#889319) - blockjob: Fix memleak that prevented block pivot (rhbz#888426) - sanlock: Chown lease files as well (rhbz#820173) [0.10.2-13] - network: Prevent dnsmasq from listening on localhost (rhbz#886821) - sanlock: Re-add lockspace unconditionally (rhbz#820173) - Fix 'virsh create' example (rhbz#887187) - docs: Fix some typos in examples (rhbz#887187) - network: Don't require private addresses if dnsmasq uses SO_BINDTODEVICE (rhbz#882265) [0.10.2-12] - qemu: Eliminate bogus error log when changing netdev's bridge (rhbz#885838) - remote: Avoid the thread race condition (rhbz#866524) - storage: Error out earlier if the volume target path already exists (rhbz#832302) - dnsmasq: Fix parsing of the version number (rhbz#885727) - qemu: Restart CPUs with valid async job type when doing external snapshots (rhbz#885081) - examples: Fix balloon event callback (rhbz#884650) - util: Don't fail virGetGroupIDByName when group not found (rhbz#883832) - util: Don't fail virGetUserIDByName when user not found (rhbz#883832) - util: Rework error reporting in virGet(UserGroup)IDByName (rhbz#883832) - util: Fix warning message in previous patch (rhbz#883832) [0.10.2-11] - Fix uninitialized variable in virLXCControllerSetupDevPTS (rhbz#880064) - storage: Fix device detach regression with cgroup ACLs (rhbz#876828) - storage: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libvirt' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3411 54353 http://www.securityfocus.com/bid/54353 MDVSA-2013:072 http://www.mandriva.com/security/advisories?name=MDVSA-2013:072 RHSA-2013:0276 http://rhn.redhat.com/errata/RHSA-2013-0276.html RHSA-2013:0277 http://rhn.redhat.com/errata/RHSA-2013-0277.html RHSA-2013:0579 http://rhn.redhat.com/errata/RHSA-2013-0579.html [oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created http://www.openwall.com/lists/oss-security/2012/07/12/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147 http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0 http://www.thekelleys.org.uk/dnsmasq/CHANGELOG https://bugzilla.redhat.com/show_bug.cgi?id=833033
Copyright	Copyright (C) 2015 Greenbone AG