Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0534)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122168

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2011-0534)

Zusammenfassung: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory.

Vulnerability Insight:
[qemu-kvm-0.12.1.2-2.160.el6]
- kvm-virtio-blk-fail-unaligned-requests.patch [bz#698910]
- kvm-Ignore-pci-unplug-requests-for-unpluggable-devices.patch [bz#699789]
- Resolves: bz#698910
(CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests [rhel-6.1])
- Resolves: bz#699789
(CVE-2011-1751 acpi_piix4: missing hotplug check during device removal [rhel-6.1])

[qemu-kvm-0.12.1.2-2.159.el6]
- kvm-acpi_piix4-Maintain-RHEL6.0-migration.patch [bz#694095]
- Resolves: bz#694095
(Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version)

[qemu-kvm-0.12.1.2-2.158.el6]
- kvm-bz-691704-vhost-skip-VGA-memory-regions.patch [bz#691704]
- kvm-ide-atapi-add-support-for-GET-EVENT-STATUS-NOTIFICAT.patch [bz#558256]
- kvm-atapi-Allow-GET_EVENT_STATUS_NOTIFICATION-after-medi.patch [bz#558256]
- kvm-atapi-Move-GET_EVENT_STATUS_NOTIFICATION-command-han.patch [bz#558256]
- kvm-atapi-GESN-Use-structs-for-commonly-used-field-types.patch [bz#558256]
- kvm-atapi-GESN-Standardise-event-response-handling-for-f.patch [bz#558256]
- kvm-atapi-GESN-implement-media-subcommand.patch [bz#558256]
- Resolves: bz#558256
(rhel6 disk not detected first time in install)
- Resolves: bz#691704
(Failed to boot up windows guest with huge memory and cpu and vhost=on within 30 mins)

[qemu-kvm-0.12.1.2-2.157.el6]
- kvm-qemu-img-rebase-Fix-read-only-new-backing-file.patch [bz#693741]
- kvm-floppy-save-and-restore-DIR-register.patch [bz#681777]
- kvm-block-Do-not-cache-device-size-for-removable-media.patch [bz#687900]
- kvm-cdrom-Allow-the-TEST_UNIT_READY-command-after-a-cdro.patch [bz#683877]
- kvm-cdrom-Make-disc-change-event-visible-to-guests.patch [bz#683877]
- Resolves: bz#681777
(floppy I/O error after live migration while floppy in use)
- Resolves: bz#683877
(RHEL6 guests fail to update cdrom block size on media change)
- Resolves: bz#687900
(qemu host cdrom support not properly updating guests on media changes at physical CD/DVD drives)
- Resolves: bz#693741
(qemu-img re-base fail with read-only new backing file)

[qemu-kvm-0.12.1.2-2.156.el6]
- kvm-Revert-net-socket-allow-ipv6-for-net_socket_listen_i.patch [bz#680356]
- kvm-Revert-Use-getaddrinfo-for-migration.patch [bz#680356]
- Related: bz#680356
(Live migration failed in ipv6 environment)
- Fixes bz#694196
(RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration)

[qemu-kvm-0.12.1.2-2.155.el6]
- kvm-configure-fix-out-of-tree-build-with-enable-spice.patch [bz#641833]
- kvm-ccid-card-emulated-replace-DEFINE_PROP_ENUM-with-DEF.patch [bz#641833]
- kvm-Revert-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833]
- kvm-Revert-qdev-add-data-pointer-to-Property.patch [bz#641833]
- kvm-Revert-qdev-add-print_options-callback.patch [bz#641833]
- kvm-ccid-v18_upstream-v25-cleanup.patch [bz#641833]
- kvm-libcacard-vscard_common.h-upstream-v18-v25-diff.patch [bz#641833]
- ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1750
44132
http://secunia.com/advisories/44132
44393
http://secunia.com/advisories/44393
44658
http://secunia.com/advisories/44658
44660
http://secunia.com/advisories/44660
44900
http://secunia.com/advisories/44900
73756
http://www.osvdb.org/73756
DSA-2230
https://www.debian.org/security/2011/dsa-2230
FEDORA-2012-8604
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
RHSA-2011:0534
http://rhn.redhat.com/errata/RHSA-2011-0534.html
SUSE-SU-2011:0533
https://hermes.opensuse.org/messages/8572547
USN-1145-1
https://www.ubuntu.com/usn/USN-1145-1/
[Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html
[Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d
kvm-virtioblk-priv-escalation(67062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67062
openSUSE-SU-2011:0510
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1751
44458
http://secunia.com/advisories/44458
44648
http://secunia.com/advisories/44648
47927
http://www.securityfocus.com/bid/47927
73395
http://www.osvdb.org/73395
[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices
http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html
[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal
http://www.openwall.com/lists/oss-security/2011/05/19/2
http://blog.nelhage.com/2011/08/breaking-out-of-kvm/
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca
https://bugzilla.redhat.com/show_bug.cgi?id=699773
https://github.com/nelhage/virtunoid

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122168
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2011-0534)
Zusammenfassung:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory. Vulnerability Insight: [qemu-kvm-0.12.1.2-2.160.el6] - kvm-virtio-blk-fail-unaligned-requests.patch [bz#698910] - kvm-Ignore-pci-unplug-requests-for-unpluggable-devices.patch [bz#699789] - Resolves: bz#698910 (CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests [rhel-6.1]) - Resolves: bz#699789 (CVE-2011-1751 acpi_piix4: missing hotplug check during device removal [rhel-6.1]) [qemu-kvm-0.12.1.2-2.159.el6] - kvm-acpi_piix4-Maintain-RHEL6.0-migration.patch [bz#694095] - Resolves: bz#694095 (Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version) [qemu-kvm-0.12.1.2-2.158.el6] - kvm-bz-691704-vhost-skip-VGA-memory-regions.patch [bz#691704] - kvm-ide-atapi-add-support-for-GET-EVENT-STATUS-NOTIFICAT.patch [bz#558256] - kvm-atapi-Allow-GET_EVENT_STATUS_NOTIFICATION-after-medi.patch [bz#558256] - kvm-atapi-Move-GET_EVENT_STATUS_NOTIFICATION-command-han.patch [bz#558256] - kvm-atapi-GESN-Use-structs-for-commonly-used-field-types.patch [bz#558256] - kvm-atapi-GESN-Standardise-event-response-handling-for-f.patch [bz#558256] - kvm-atapi-GESN-implement-media-subcommand.patch [bz#558256] - Resolves: bz#558256 (rhel6 disk not detected first time in install) - Resolves: bz#691704 (Failed to boot up windows guest with huge memory and cpu and vhost=on within 30 mins) [qemu-kvm-0.12.1.2-2.157.el6] - kvm-qemu-img-rebase-Fix-read-only-new-backing-file.patch [bz#693741] - kvm-floppy-save-and-restore-DIR-register.patch [bz#681777] - kvm-block-Do-not-cache-device-size-for-removable-media.patch [bz#687900] - kvm-cdrom-Allow-the-TEST_UNIT_READY-command-after-a-cdro.patch [bz#683877] - kvm-cdrom-Make-disc-change-event-visible-to-guests.patch [bz#683877] - Resolves: bz#681777 (floppy I/O error after live migration while floppy in use) - Resolves: bz#683877 (RHEL6 guests fail to update cdrom block size on media change) - Resolves: bz#687900 (qemu host cdrom support not properly updating guests on media changes at physical CD/DVD drives) - Resolves: bz#693741 (qemu-img re-base fail with read-only new backing file) [qemu-kvm-0.12.1.2-2.156.el6] - kvm-Revert-net-socket-allow-ipv6-for-net_socket_listen_i.patch [bz#680356] - kvm-Revert-Use-getaddrinfo-for-migration.patch [bz#680356] - Related: bz#680356 (Live migration failed in ipv6 environment) - Fixes bz#694196 (RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration) [qemu-kvm-0.12.1.2-2.155.el6] - kvm-configure-fix-out-of-tree-build-with-enable-spice.patch [bz#641833] - kvm-ccid-card-emulated-replace-DEFINE_PROP_ENUM-with-DEF.patch [bz#641833] - kvm-Revert-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833] - kvm-Revert-qdev-add-data-pointer-to-Property.patch [bz#641833] - kvm-Revert-qdev-add-print_options-callback.patch [bz#641833] - kvm-ccid-v18_upstream-v25-cleanup.patch [bz#641833] - kvm-libcacard-vscard_common.h-upstream-v18-v25-diff.patch [bz#641833] - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1750 44132 http://secunia.com/advisories/44132 44393 http://secunia.com/advisories/44393 44658 http://secunia.com/advisories/44658 44660 http://secunia.com/advisories/44660 44900 http://secunia.com/advisories/44900 73756 http://www.osvdb.org/73756 DSA-2230 https://www.debian.org/security/2011/dsa-2230 FEDORA-2012-8604 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html RHSA-2011:0534 http://rhn.redhat.com/errata/RHSA-2011-0534.html SUSE-SU-2011:0533 https://hermes.opensuse.org/messages/8572547 USN-1145-1 https://www.ubuntu.com/usn/USN-1145-1/ [Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html [Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d kvm-virtioblk-priv-escalation(67062) https://exchange.xforce.ibmcloud.com/vulnerabilities/67062 openSUSE-SU-2011:0510 http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1751 44458 http://secunia.com/advisories/44458 44648 http://secunia.com/advisories/44648 47927 http://www.securityfocus.com/bid/47927 73395 http://www.osvdb.org/73395 [Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html [oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal http://www.openwall.com/lists/oss-security/2011/05/19/2 http://blog.nelhage.com/2011/08/breaking-out-of-kvm/ http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca https://bugzilla.redhat.com/show_bug.cgi?id=699773 https://github.com/nelhage/virtunoid
Copyright	Copyright (C) 2015 Greenbone AG