ID de Prueba:	1.3.6.1.4.1.25623.1.0.122286
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2010-0998)
Resumen:	The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2010-0998 advisory. Vulnerability Insight: [kvm-83-164.0.1.el5_5.30] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch to replace RHEL with OEL - Added kvm-Introduce-oel-machine-type.patch so that OEL is a recognized VM [kvm-83-164.el5_5.30] - Revert the bz#661397 patches as they are not enough - kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397] - kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#661397] - Related: bz#661397 (reboot(RB_AUTOBOOT) fails if kvm instance is running) - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#656984] - Resolves: bz#656984 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-164.el5_5.29] - kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#661397] - kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#661397] - Resolves: bz#661397 (reboot(RB_AUTOBOOT) fails if kvm instance is running) [kvm-83-164.el5_5.28] - kvm-implement-dummy-PnP-support.patch [bz#659850] - kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#660239] - Resolves: bz#659850 (If VM boot seq. is set up as nc (PXE then disk) the VM is always stuck on trying to PXE boot) - Resolves: bz#660239 (clock drift when migrating a guest between mis-matched CPU clock speed) [kvm-83-164.el5_5.27] - kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#656984] - Resolves: bz#656984 (TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.) [kvm-83-164.el5_5.26] - Updated kversion to 2.6.18-194.26.1.el5 to match build root - kvm-kernel-KVM-x86-fix-information-leak-to-userland.patch [bz#649832] - Resolves: bz#649832 (CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory [5.5.z]) - CVE: CVE-2010-3881 Affected Software/OS: 'kvm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3881 1024912 http://securitytracker.com/id?1024912 42932 http://secunia.com/advisories/42932 44666 http://www.securityfocus.com/bid/44666 ADV-2010-3287 http://www.vupen.com/english/advisories/2010/3287 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 RHSA-2010:0998 http://rhn.redhat.com/errata/RHSA-2010-0998.html SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [kvm] 20101030 [patch v2] x86: kvm: x86: fix information leak to userland http://www.spinics.net/lists/kvm/msg44130.html [oss-security] 20101104 CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/04/10 [oss-security] 20101105 Re: CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/05/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 https://bugzilla.redhat.com/show_bug.cgi?id=649920
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.