Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0149)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123962

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-0149)

Resumen: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.

Vulnerability Insight:
[kvm-83-249.0.1.el5]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch
- modify kversion to fix build failure

[kvm-83-249.el5]
- kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101]
- CVE: CVE-2011-4622
- Resolves: bz#770101
(CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8])

[kvm-83-248.el5]
- kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772080]
- CVE: CVE-2012-0029
- Resolves: bz#772080
(EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-5.8])

[kvm-83-247.el5]
- kvm-kernel-KVM-Remove-ability-to-assign-a-device-without-iommu-.patch [bz#770095]
- kvm-kernel-KVM-Device-assignment-permission-checks.patch [bz#770095]
- Resolves: bz#770095
(CVE-2011-4347 kernel: kvm: device assignment DoS [rhel-5.8])

[kvm-83-246.el5]
- kvm-Fix-SIGFPE-for-vnc-display-of-width-height-1.patch [bz#751482]
- Resolves: bz#751482
(Backport SIGFPE fix in qemu-kvm VNC to RHEL5.x)

[kvm-83-245.el5]
- kvm-Fix-external-module-compat.c-not-to-use-unsupported-.patch [bz#753860]
- Resolves: bz#753860
(Fix kvm userspace compilation on RHEL-5 to match the kernel changes)

[kvm-83-244.el5]
- kvm-do-not-change-RTC-stored-time-accidentally.patch [bz#703335]
- Resolves: bz#703335
(KVM guest clocks jump forward one hour on reboot)

[kvm-83-243.el5]
- kvm-e1000-multi-buffer-packet-support.patch [bz#703446]
- kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#703446]
- kvm-e1000-verify-we-have-buffers-upfront.patch [bz#703446]
- kvm-BZ725876-make-RTC-alarm-work.patch [bz#725876]
- kvm-BZ725876-fix-RTC-polling-mode.patch [bz#725876]
- Resolves: bz#703446
(Failed to ping guest after MTU is changed)
- Resolves: bz#725876
(RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.)

[kvm-83-242.el5]
- kvm-posix-aio-compat-fix-latency-issues.patch [bz#725629]
- Resolves: bz#725629
(RHEL5.5 KVM VMs freezing for a few seconds)

[kvm-83-241.el5]
- kvm-pci-assign-limit-number-of-assigned-devices-via-hotp.patch [bz#701616]
- kvm-pci-assign-Cleanup-file-descriptors.patch [bz#700281]
- Resolves: bz#700281
([Intel 5.8 Bug] Fail to attach/detach NIC more than 250 times)
- Resolves: bz#701616
(limitation on max number of assigned devices does not take effect if hot-plug pci devices)

[kvm-83-240.el5]
- Updated kversion to 2.6.18-275.el to match build root
- kvm-Fix-vga-segfaults-or-screen-corruption-with-large-me.patch [bz#704081]
- Resolves: bz#704081
(mouse responds very slowly with huge memory)

Affected Software/OS:
'kvm' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4347
[oss-security] 20111124 Re: CVE request -- kernel: kvm: device assignment DoS
http://www.openwall.com/lists/oss-security/2011/11/24/7
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10
https://bugzilla.redhat.com/show_bug.cgi?id=756084
https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123962
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-0149)
Resumen:	The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2012-0149 advisory. Vulnerability Insight: [kvm-83-249.0.1.el5] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch - modify kversion to fix build failure [kvm-83-249.el5] - kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101] - CVE: CVE-2011-4622 - Resolves: bz#770101 (CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8]) [kvm-83-248.el5] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772080] - CVE: CVE-2012-0029 - Resolves: bz#772080 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-5.8]) [kvm-83-247.el5] - kvm-kernel-KVM-Remove-ability-to-assign-a-device-without-iommu-.patch [bz#770095] - kvm-kernel-KVM-Device-assignment-permission-checks.patch [bz#770095] - Resolves: bz#770095 (CVE-2011-4347 kernel: kvm: device assignment DoS [rhel-5.8]) [kvm-83-246.el5] - kvm-Fix-SIGFPE-for-vnc-display-of-width-height-1.patch [bz#751482] - Resolves: bz#751482 (Backport SIGFPE fix in qemu-kvm VNC to RHEL5.x) [kvm-83-245.el5] - kvm-Fix-external-module-compat.c-not-to-use-unsupported-.patch [bz#753860] - Resolves: bz#753860 (Fix kvm userspace compilation on RHEL-5 to match the kernel changes) [kvm-83-244.el5] - kvm-do-not-change-RTC-stored-time-accidentally.patch [bz#703335] - Resolves: bz#703335 (KVM guest clocks jump forward one hour on reboot) [kvm-83-243.el5] - kvm-e1000-multi-buffer-packet-support.patch [bz#703446] - kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#703446] - kvm-e1000-verify-we-have-buffers-upfront.patch [bz#703446] - kvm-BZ725876-make-RTC-alarm-work.patch [bz#725876] - kvm-BZ725876-fix-RTC-polling-mode.patch [bz#725876] - Resolves: bz#703446 (Failed to ping guest after MTU is changed) - Resolves: bz#725876 (RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.) [kvm-83-242.el5] - kvm-posix-aio-compat-fix-latency-issues.patch [bz#725629] - Resolves: bz#725629 (RHEL5.5 KVM VMs freezing for a few seconds) [kvm-83-241.el5] - kvm-pci-assign-limit-number-of-assigned-devices-via-hotp.patch [bz#701616] - kvm-pci-assign-Cleanup-file-descriptors.patch [bz#700281] - Resolves: bz#700281 ([Intel 5.8 Bug] Fail to attach/detach NIC more than 250 times) - Resolves: bz#701616 (limitation on max number of assigned devices does not take effect if hot-plug pci devices) [kvm-83-240.el5] - Updated kversion to 2.6.18-275.el to match build root - kvm-Fix-vga-segfaults-or-screen-corruption-with-large-me.patch [bz#704081] - Resolves: bz#704081 (mouse responds very slowly with huge memory) Affected Software/OS: 'kvm' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4347 [oss-security] 20111124 Re: CVE request -- kernel: kvm: device assignment DoS http://www.openwall.com/lists/oss-security/2011/11/24/7 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10 https://bugzilla.redhat.com/show_bug.cgi?id=756084 https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4
Copyright	Copyright (C) 2015 Greenbone AG