Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-1507)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123071

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-1507)

Resumen: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory.

Descripción: Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory.

Vulnerability Insight:
[1.5.3-86.el7_1.5]
- kvm-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch [bz#1243726]
- Resolves: bz#1243726
(CVE-2015-3214 qemu-kvm: qemu: i8254: out-of-bounds memory access in pit_ioport_read function [rhel-7.1.z])

[1.5.3-86.el7_1.4]
- kvm-ide-Check-array-bounds-before-writing-to-io_buffer-C.patch [bz#1243689]
- kvm-ide-atapi-Fix-START-STOP-UNIT-command-completion.patch [bz#1243689]
- kvm-ide-Clear-DRQ-after-handling-all-expected-accesses.patch [bz#1243689]
- Resolves: bz#1243689
(EMBARGOED CVE-2015-5154 qemu-kvm: qemu: ide: atapi: heap overflow during I/O buffer memory access [rhel-7.1.z])

[1.5.3-86.el7_1.3]
- kvm-atomics-add-explicit-compiler-fence-in-__atomic-memo.patch [bz#1233643]
- Resolves: bz#1233643
([abrt] qemu-kvm: bdrv_error_action(): qemu-kvm killed by SIGABRT)

Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3214
1032598
http://www.securitytracker.com/id/1032598
37990
https://www.exploit-db.com/exploits/37990/
75273
http://www.securityfocus.com/bid/75273
DSA-3348
http://www.debian.org/security/2015/dsa-3348
GLSA-201510-02
https://security.gentoo.org/glsa/201510-02
RHSA-2015:1507
http://rhn.redhat.com/errata/RHSA-2015-1507.html
RHSA-2015:1508
http://rhn.redhat.com/errata/RHSA-2015-1508.html
RHSA-2015:1512
http://rhn.redhat.com/errata/RHSA-2015-1512.html
[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function
http://www.openwall.com/lists/oss-security/2015/06/25/7
[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
https://bugzilla.redhat.com/show_bug.cgi?id=1229640
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924
https://support.lenovo.com/product_security/qemu
https://support.lenovo.com/us/en/product_security/qemu
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Common Vulnerability Exposure (CVE) ID: CVE-2015-5154
1033074
http://www.securitytracker.com/id/1033074
76048
http://www.securityfocus.com/bid/76048
FEDORA-2015-12657
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
FEDORA-2015-12679
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
FEDORA-2015-12714
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
GLSA-201604-03
https://security.gentoo.org/glsa/201604-03
SUSE-SU-2015:1299
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
SUSE-SU-2015:1302
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
SUSE-SU-2015:1409
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
SUSE-SU-2015:1421
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
SUSE-SU-2015:1426
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
SUSE-SU-2015:1455
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
SUSE-SU-2015:1643
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
SUSE-SU-2015:1782
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
http://support.citrix.com/article/CTX201593
http://xenbits.xen.org/xsa/advisory-138.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123071
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-1507)
Resumen:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory. Vulnerability Insight: [1.5.3-86.el7_1.5] - kvm-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch [bz#1243726] - Resolves: bz#1243726 (CVE-2015-3214 qemu-kvm: qemu: i8254: out-of-bounds memory access in pit_ioport_read function [rhel-7.1.z]) [1.5.3-86.el7_1.4] - kvm-ide-Check-array-bounds-before-writing-to-io_buffer-C.patch [bz#1243689] - kvm-ide-atapi-Fix-START-STOP-UNIT-command-completion.patch [bz#1243689] - kvm-ide-Clear-DRQ-after-handling-all-expected-accesses.patch [bz#1243689] - Resolves: bz#1243689 (EMBARGOED CVE-2015-5154 qemu-kvm: qemu: ide: atapi: heap overflow during I/O buffer memory access [rhel-7.1.z]) [1.5.3-86.el7_1.3] - kvm-atomics-add-explicit-compiler-fence-in-__atomic-memo.patch [bz#1233643] - Resolves: bz#1233643 ([abrt] qemu-kvm: bdrv_error_action(): qemu-kvm killed by SIGABRT) Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3214 1032598 http://www.securitytracker.com/id/1032598 37990 https://www.exploit-db.com/exploits/37990/ 75273 http://www.securityfocus.com/bid/75273 DSA-3348 http://www.debian.org/security/2015/dsa-3348 GLSA-201510-02 https://security.gentoo.org/glsa/201510-02 RHSA-2015:1507 http://rhn.redhat.com/errata/RHSA-2015-1507.html RHSA-2015:1508 http://rhn.redhat.com/errata/RHSA-2015-1508.html RHSA-2015:1512 http://rhn.redhat.com/errata/RHSA-2015-1512.html [oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function http://www.openwall.com/lists/oss-security/2015/06/25/7 [qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read() https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 https://bugzilla.redhat.com/show_bug.cgi?id=1229640 https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 https://support.lenovo.com/product_security/qemu https://support.lenovo.com/us/en/product_security/qemu https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Common Vulnerability Exposure (CVE) ID: CVE-2015-5154 1033074 http://www.securitytracker.com/id/1033074 76048 http://www.securityfocus.com/bid/76048 FEDORA-2015-12657 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html FEDORA-2015-12679 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html FEDORA-2015-12714 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 SUSE-SU-2015:1299 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html SUSE-SU-2015:1302 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html SUSE-SU-2015:1409 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1426 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html SUSE-SU-2015:1455 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://support.citrix.com/article/CTX201593 http://xenbits.xen.org/xsa/advisory-138.html
Copyright	Copyright (C) 2015 Greenbone AG