Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-0323)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123165

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-0323)

Resumen: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.

Vulnerability Insight:
[1.2.8-16.0.1]
- Replace docs/et.png in tarball with blank image

[1.2.8-16]
- qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094)
- lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094)

[1.2.8-15]
- qemu: Add missing goto error in qemuRestoreCgroupState (rhbz#1161540)

[1.2.8-14]
- virNetworkDefUpdateIPDHCPHost: Don't crash when updating network (rhbz#1182486)
- Format CPU features even for host-model (rhbz#1182448)
- util: Add function virCgroupHasEmptyTasks (rhbz#1161540)
- util: Add virNumaGetHostNodeset (rhbz#1161540)
- qemu: Remove unnecessary qemuSetupCgroupPostInit function (rhbz#1161540)
- qemu: Save numad advice into qemuDomainObjPrivate (rhbz#1161540)
- qemu: Leave cpuset.mems in parent cgroup alone (rhbz#1161540)
- qemu: Fix hotplugging cpus with strict memory pinning (rhbz#1161540)
- util: Fix possible NULL dereference (rhbz#1161540)
- qemu_driver: fix setting vcpus for offline domain (rhbz#1161540)
- qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs (CVE-2014-8136)
- CVE-2015-0236: qemu: Check ACLs when dumping security info from save image (CVE-2015-0236)
- CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots (CVE-2015-0236)
- Check for domain liveness in qemuDomainObjExitMonitor (rhbz#1161024)
- Mark the domain as active in qemuhotplugtest (rhbz#1161024)
- Fix vmdef usage while in monitor in qemuDomainHotplugVcpus (rhbz#1161024)
- Fix vmdef usage while in monitor in BlockStat* APIs (rhbz#1161024)
- Fix vmdef usage while in monitor in qemu process (rhbz#1161024)
- Fix vmdef usage after domain crash in monitor on device detach (rhbz#1161024)
- Fix vmdef usage after domain crash in monitor on device attach (rhbz#1161024)

[1.2.8-13]
- conf: Fix memory leak when parsing invalid network XML (rhbz#1180136)
- qxl: change the default value for vgamem_mb to 16 MiB (rhbz#1181052)
- qemuxml2argvtest: Fix test after change of qxl vgamem_mb default (rhbz#1181052)
- conf: fix crash when hotplug a channel chr device with no target (rhbz#1181408)
- qemu: forbid second blockcommit during active commit (rhbz#1135339)
- qemu_monitor: introduce new function to get QOM path (rhbz#1180574)
- qemu_process: detect updated video ram size values from QEMU (rhbz#1180574)

[1.2.8-12]
- Fix hotplugging of block device-backed usb disks (rhbz#1175668)
- qemu: Create memory-backend-{ram, file} if needed (rhbz#1175397)
- conf: Don't format actual network definition in migratable XML (rhbz#1177194)

[1.2.8-11]
- virsh: vol-upload disallow negative offset (rhbz#1087104)
- storage: fix crash caused by no check return before set close (rhbz#1087104)
- qemu: Fix virsh freeze when blockcopy storage file is removed (rhbz#1139567)
- security: Manage SELinux labels on shared/readonly hostdev's (rhbz#1082521)
- nwfilter: fix crash when adding non-existing nwfilter (rhbz#1169409)
- conf: Fix ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8136
61111
http://secunia.com/advisories/61111
MDVSA-2015:023
http://www.mandriva.com/security/advisories?name=MDVSA-2015:023
MDVSA-2015:070
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
RHSA-2015:0323
http://rhn.redhat.com/errata/RHSA-2015-0323.html
USN-2867-1
http://www.ubuntu.com/usn/USN-2867-1
http://advisories.mageia.org/MGASA-2015-0002.html
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d
openSUSE-SU-2015:0006
http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html
openSUSE-SU-2015:0008
http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0236
62766
http://secunia.com/advisories/62766
MDVSA-2015:035
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
http://advisories.mageia.org/MGASA-2015-0046.html
http://security.libvirt.org/2015/0001.html
openSUSE-SU-2015:0225
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123165
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0323)
Resumen:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory. Vulnerability Insight: [1.2.8-16.0.1] - Replace docs/et.png in tarball with blank image [1.2.8-16] - qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094) - lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094) [1.2.8-15] - qemu: Add missing goto error in qemuRestoreCgroupState (rhbz#1161540) [1.2.8-14] - virNetworkDefUpdateIPDHCPHost: Don't crash when updating network (rhbz#1182486) - Format CPU features even for host-model (rhbz#1182448) - util: Add function virCgroupHasEmptyTasks (rhbz#1161540) - util: Add virNumaGetHostNodeset (rhbz#1161540) - qemu: Remove unnecessary qemuSetupCgroupPostInit function (rhbz#1161540) - qemu: Save numad advice into qemuDomainObjPrivate (rhbz#1161540) - qemu: Leave cpuset.mems in parent cgroup alone (rhbz#1161540) - qemu: Fix hotplugging cpus with strict memory pinning (rhbz#1161540) - util: Fix possible NULL dereference (rhbz#1161540) - qemu_driver: fix setting vcpus for offline domain (rhbz#1161540) - qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs (CVE-2014-8136) - CVE-2015-0236: qemu: Check ACLs when dumping security info from save image (CVE-2015-0236) - CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots (CVE-2015-0236) - Check for domain liveness in qemuDomainObjExitMonitor (rhbz#1161024) - Mark the domain as active in qemuhotplugtest (rhbz#1161024) - Fix vmdef usage while in monitor in qemuDomainHotplugVcpus (rhbz#1161024) - Fix vmdef usage while in monitor in BlockStat* APIs (rhbz#1161024) - Fix vmdef usage while in monitor in qemu process (rhbz#1161024) - Fix vmdef usage after domain crash in monitor on device detach (rhbz#1161024) - Fix vmdef usage after domain crash in monitor on device attach (rhbz#1161024) [1.2.8-13] - conf: Fix memory leak when parsing invalid network XML (rhbz#1180136) - qxl: change the default value for vgamem_mb to 16 MiB (rhbz#1181052) - qemuxml2argvtest: Fix test after change of qxl vgamem_mb default (rhbz#1181052) - conf: fix crash when hotplug a channel chr device with no target (rhbz#1181408) - qemu: forbid second blockcommit during active commit (rhbz#1135339) - qemu_monitor: introduce new function to get QOM path (rhbz#1180574) - qemu_process: detect updated video ram size values from QEMU (rhbz#1180574) [1.2.8-12] - Fix hotplugging of block device-backed usb disks (rhbz#1175668) - qemu: Create memory-backend-{ram, file} if needed (rhbz#1175397) - conf: Don't format actual network definition in migratable XML (rhbz#1177194) [1.2.8-11] - virsh: vol-upload disallow negative offset (rhbz#1087104) - storage: fix crash caused by no check return before set close (rhbz#1087104) - qemu: Fix virsh freeze when blockcopy storage file is removed (rhbz#1139567) - security: Manage SELinux labels on shared/readonly hostdev's (rhbz#1082521) - nwfilter: fix crash when adding non-existing nwfilter (rhbz#1169409) - conf: Fix ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libvirt' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8136 61111 http://secunia.com/advisories/61111 MDVSA-2015:023 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 MDVSA-2015:070 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 RHSA-2015:0323 http://rhn.redhat.com/errata/RHSA-2015-0323.html USN-2867-1 http://www.ubuntu.com/usn/USN-2867-1 http://advisories.mageia.org/MGASA-2015-0002.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d openSUSE-SU-2015:0006 http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html openSUSE-SU-2015:0008 http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0236 62766 http://secunia.com/advisories/62766 MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://advisories.mageia.org/MGASA-2015-0046.html http://security.libvirt.org/2015/0001.html openSUSE-SU-2015:0225 http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
Copyright	Copyright (C) 2015 Greenbone AG