Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0149)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123962

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2012-0149)

Zusammenfassung: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.

Vulnerability Insight:
[kvm-83-249.0.1.el5]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch
- modify kversion to fix build failure

[kvm-83-249.el5]
- kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101]
- CVE: CVE-2011-4622
- Resolves: bz#770101
(CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8])

[kvm-83-248.el5]
- kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772080]
- CVE: CVE-2012-0029
- Resolves: bz#772080
(EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-5.8])

[kvm-83-247.el5]
- kvm-kernel-KVM-Remove-ability-to-assign-a-device-without-iommu-.patch [bz#770095]
- kvm-kernel-KVM-Device-assignment-permission-checks.patch [bz#770095]
- Resolves: bz#770095
(CVE-2011-4347 kernel: kvm: device assignment DoS [rhel-5.8])

[kvm-83-246.el5]
- kvm-Fix-SIGFPE-for-vnc-display-of-width-height-1.patch [bz#751482]
- Resolves: bz#751482
(Backport SIGFPE fix in qemu-kvm VNC to RHEL5.x)

[kvm-83-245.el5]
- kvm-Fix-external-module-compat.c-not-to-use-unsupported-.patch [bz#753860]
- Resolves: bz#753860
(Fix kvm userspace compilation on RHEL-5 to match the kernel changes)

[kvm-83-244.el5]
- kvm-do-not-change-RTC-stored-time-accidentally.patch [bz#703335]
- Resolves: bz#703335
(KVM guest clocks jump forward one hour on reboot)

[kvm-83-243.el5]
- kvm-e1000-multi-buffer-packet-support.patch [bz#703446]
- kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#703446]
- kvm-e1000-verify-we-have-buffers-upfront.patch [bz#703446]
- kvm-BZ725876-make-RTC-alarm-work.patch [bz#725876]
- kvm-BZ725876-fix-RTC-polling-mode.patch [bz#725876]
- Resolves: bz#703446
(Failed to ping guest after MTU is changed)
- Resolves: bz#725876
(RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.)

[kvm-83-242.el5]
- kvm-posix-aio-compat-fix-latency-issues.patch [bz#725629]
- Resolves: bz#725629
(RHEL5.5 KVM VMs freezing for a few seconds)

[kvm-83-241.el5]
- kvm-pci-assign-limit-number-of-assigned-devices-via-hotp.patch [bz#701616]
- kvm-pci-assign-Cleanup-file-descriptors.patch [bz#700281]
- Resolves: bz#700281
([Intel 5.8 Bug] Fail to attach/detach NIC more than 250 times)
- Resolves: bz#701616
(limitation on max number of assigned devices does not take effect if hot-plug pci devices)

[kvm-83-240.el5]
- Updated kversion to 2.6.18-275.el to match build root
- kvm-Fix-vga-segfaults-or-screen-corruption-with-large-me.patch [bz#704081]
- Resolves: bz#704081
(mouse responds very slowly with huge memory)

Affected Software/OS:
'kvm' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-4347
[oss-security] 20111124 Re: CVE request -- kernel: kvm: device assignment DoS
http://www.openwall.com/lists/oss-security/2011/11/24/7
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10
https://bugzilla.redhat.com/show_bug.cgi?id=756084
https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123962
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2012-0149)
Zusammenfassung:	The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory. Vulnerability Insight: [kvm-83-249.0.1.el5] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch - modify kversion to fix build failure [kvm-83-249.el5] - kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101] - CVE: CVE-2011-4622 - Resolves: bz#770101 (CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8]) [kvm-83-248.el5] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772080] - CVE: CVE-2012-0029 - Resolves: bz#772080 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-5.8]) [kvm-83-247.el5] - kvm-kernel-KVM-Remove-ability-to-assign-a-device-without-iommu-.patch [bz#770095] - kvm-kernel-KVM-Device-assignment-permission-checks.patch [bz#770095] - Resolves: bz#770095 (CVE-2011-4347 kernel: kvm: device assignment DoS [rhel-5.8]) [kvm-83-246.el5] - kvm-Fix-SIGFPE-for-vnc-display-of-width-height-1.patch [bz#751482] - Resolves: bz#751482 (Backport SIGFPE fix in qemu-kvm VNC to RHEL5.x) [kvm-83-245.el5] - kvm-Fix-external-module-compat.c-not-to-use-unsupported-.patch [bz#753860] - Resolves: bz#753860 (Fix kvm userspace compilation on RHEL-5 to match the kernel changes) [kvm-83-244.el5] - kvm-do-not-change-RTC-stored-time-accidentally.patch [bz#703335] - Resolves: bz#703335 (KVM guest clocks jump forward one hour on reboot) [kvm-83-243.el5] - kvm-e1000-multi-buffer-packet-support.patch [bz#703446] - kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#703446] - kvm-e1000-verify-we-have-buffers-upfront.patch [bz#703446] - kvm-BZ725876-make-RTC-alarm-work.patch [bz#725876] - kvm-BZ725876-fix-RTC-polling-mode.patch [bz#725876] - Resolves: bz#703446 (Failed to ping guest after MTU is changed) - Resolves: bz#725876 (RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.) [kvm-83-242.el5] - kvm-posix-aio-compat-fix-latency-issues.patch [bz#725629] - Resolves: bz#725629 (RHEL5.5 KVM VMs freezing for a few seconds) [kvm-83-241.el5] - kvm-pci-assign-limit-number-of-assigned-devices-via-hotp.patch [bz#701616] - kvm-pci-assign-Cleanup-file-descriptors.patch [bz#700281] - Resolves: bz#700281 ([Intel 5.8 Bug] Fail to attach/detach NIC more than 250 times) - Resolves: bz#701616 (limitation on max number of assigned devices does not take effect if hot-plug pci devices) [kvm-83-240.el5] - Updated kversion to 2.6.18-275.el to match build root - kvm-Fix-vga-segfaults-or-screen-corruption-with-large-me.patch [bz#704081] - Resolves: bz#704081 (mouse responds very slowly with huge memory) Affected Software/OS: 'kvm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4347 [oss-security] 20111124 Re: CVE request -- kernel: kvm: device assignment DoS http://www.openwall.com/lists/oss-security/2011/11/24/7 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10 https://bugzilla.redhat.com/show_bug.cgi?id=756084 https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4
Copyright	Copyright (C) 2015 Greenbone AG