Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0028)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122279

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2011-0028)

Resumen: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory.

Vulnerability Insight:
[kvm-83-224.0.1]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch

[kvm-83-224.el5]
- kvm-kernel-KVM-x86-zero-kvm_vcpu_events-interrupt.pad.patch [bz#665407]
- Resolves: bz#665407
(kvm_vcpu_events.interrupt.pad must be zeroed)
- CVE: CVE-2010-4525

[kvm-83-223.el5]
- Updated kversion to 2.6.18-237.el to match build root
- Reverting patches for bz#608709 as they are not complete
- kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709]
- kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#608709]
- bz#608709: reboot(RB_AUTOBOOT) fails if kvm instance is running
- Related: bz#661117

[kvm-83-222.el5]
- kvm-kernel-kvm-change-signed-int-to-unsigned-in-mmu_shrink.patch [bz#661117]
- Resolves: bz#661117
([RHEL5.6 CC] mmu_shrink patch)

[kvm-83-221.el5]
- Updated kversion to 2.6.18-236.el to match build root
- kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#608709]
- kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709]
- Resolves: bz#608709
(reboot(RB_AUTOBOOT) fails if kvm instance is running)

[kvm-83-220.el5]
- Updated kversion to 2.6.18-235.el to match build root
- kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#655990]
- Resolves: bz#655990
(clock drift when migrating a guest between mis-matched CPU clock speed)

[kvm-83-219.el5]
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-218.el5]
- kvm-vnc-fix-key-event-processing.patch [bz#643317]
- Resolves: bz#643317
('sendkey ctrl-alt-delete' don't work via VNC)

[kvm-83-217.el5]
- kvm-kernel-fix-null-pointer-dereference.patch [bz#570532]
- Resolves: bz#570532
(CVE-2010-0435 kvm: vmx null pointer dereference)
- CVE: CVE-2010-0435

[kvm-83-216.el5]
- Updated kversion to 2.6.18-233.el to match build root
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-215.el5]
- Reverts previous patch (it doesn't build)
- kvm-kernel-Revert-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659]
- Related: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-214.el5]
- kvm-kernel-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-213.el5]
- kvm-No-need-to-iterate-if-we-already-are-over-the-limit.patch [bz#513765 bz#589017]
- kvm-don-t-care-about-TLB-handling.patch [bz#513765 bz#589017]
- kvm-Fix-transferred-memory-calculation.patch [bz#513765 bz#589017]
- kvm-Maintaing-number-of-dirty-pages.patch [bz#513765 bz#589017]
- ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kvm' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4525
42890
http://secunia.com/advisories/42890
45676
http://www.securityfocus.com/bid/45676
70377
http://osvdb.org/70377
ADV-2011-0123
http://www.vupen.com/english/advisories/2011/0123
RHSA-2011:0007
http://www.redhat.com/support/errata/RHSA-2011-0007.html
RHSA-2011:0028
http://www.redhat.com/support/errata/RHSA-2011-0028.html
[oss-security] 20110105 CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/05/1
[oss-security] 20110105 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/05/9
[oss-security] 20110106 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/06/3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4525
kernel-kvmvcpueventsinterrupt-info-disc(64519)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64519

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122279
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2011-0028)
Resumen:	The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory. Vulnerability Insight: [kvm-83-224.0.1] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [kvm-83-224.el5] - kvm-kernel-KVM-x86-zero-kvm_vcpu_events-interrupt.pad.patch [bz#665407] - Resolves: bz#665407 (kvm_vcpu_events.interrupt.pad must be zeroed) - CVE: CVE-2010-4525 [kvm-83-223.el5] - Updated kversion to 2.6.18-237.el to match build root - Reverting patches for bz#608709 as they are not complete - kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709] - kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#608709] - bz#608709: reboot(RB_AUTOBOOT) fails if kvm instance is running - Related: bz#661117 [kvm-83-222.el5] - kvm-kernel-kvm-change-signed-int-to-unsigned-in-mmu_shrink.patch [bz#661117] - Resolves: bz#661117 ([RHEL5.6 CC] mmu_shrink patch) [kvm-83-221.el5] - Updated kversion to 2.6.18-236.el to match build root - kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#608709] - kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709] - Resolves: bz#608709 (reboot(RB_AUTOBOOT) fails if kvm instance is running) [kvm-83-220.el5] - Updated kversion to 2.6.18-235.el to match build root - kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#655990] - Resolves: bz#655990 (clock drift when migrating a guest between mis-matched CPU clock speed) [kvm-83-219.el5] - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#642659] - Resolves: bz#642659 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-218.el5] - kvm-vnc-fix-key-event-processing.patch [bz#643317] - Resolves: bz#643317 ('sendkey ctrl-alt-delete' don't work via VNC) [kvm-83-217.el5] - kvm-kernel-fix-null-pointer-dereference.patch [bz#570532] - Resolves: bz#570532 (CVE-2010-0435 kvm: vmx null pointer dereference) - CVE: CVE-2010-0435 [kvm-83-216.el5] - Updated kversion to 2.6.18-233.el to match build root - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#642659] - Resolves: bz#642659 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-215.el5] - Reverts previous patch (it doesn't build) - kvm-kernel-Revert-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659] - Related: bz#642659 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-214.el5] - kvm-kernel-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659] - Resolves: bz#642659 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-213.el5] - kvm-No-need-to-iterate-if-we-already-are-over-the-limit.patch [bz#513765 bz#589017] - kvm-don-t-care-about-TLB-handling.patch [bz#513765 bz#589017] - kvm-Fix-transferred-memory-calculation.patch [bz#513765 bz#589017] - kvm-Maintaing-number-of-dirty-pages.patch [bz#513765 bz#589017] - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kvm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4525 42890 http://secunia.com/advisories/42890 45676 http://www.securityfocus.com/bid/45676 70377 http://osvdb.org/70377 ADV-2011-0123 http://www.vupen.com/english/advisories/2011/0123 RHSA-2011:0007 http://www.redhat.com/support/errata/RHSA-2011-0007.html RHSA-2011:0028 http://www.redhat.com/support/errata/RHSA-2011-0028.html [oss-security] 20110105 CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak http://www.openwall.com/lists/oss-security/2011/01/05/1 [oss-security] 20110105 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak http://www.openwall.com/lists/oss-security/2011/01/05/9 [oss-security] 20110106 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak http://www.openwall.com/lists/oss-security/2011/01/06/3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4525 kernel-kvmvcpueventsinterrupt-info-disc(64519) https://exchange.xforce.ibmcloud.com/vulnerabilities/64519
Copyright	Copyright (C) 2015 Greenbone AG