 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.67164 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2010:0271 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2010:0271. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO (TCP segment offloading) implementation, a guest's virtio-net driver would transmit improper data to a certain QEMU-KVM process on the host, causing the guest to crash. A remote attacker could use this flaw to send specially-crafted data to a target guest system, causing that guest to crash. (CVE-2010-0741) Additionally, these updated packages include numerous bug fixes and enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5 Technical Notes for details: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs and adding the enhancements noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0271.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0741 1023798 http://securitytracker.com/id?1023798 ADV-2010-0760 http://www.vupen.com/english/advisories/2010/0760 RHSA-2010:0271 http://www.redhat.com/support/errata/RHSA-2010-0271.html RHSA-2010:0476 https://rhn.redhat.com/errata/RHSA-2010-0476.html [oss-security] 20100329 CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver http://openwall.com/lists/oss-security/2010/03/29/4 [qemu-devel] 20091029 Re: qemu-kvm-0.11 regression, crashes on older guests with virtio network http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02480.html [qemu-devel] 20091029 [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02495.html http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521 https://bugzilla.redhat.com/show_bug.cgi?id=577218 https://patchwork.kernel.org/patch/56479/ oval:org.mitre.oval:def:11143 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11143 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |