Test ID:	1.3.6.1.4.1.25623.1.0.122168
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-0534)
Summary:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2011-0534 advisory. Vulnerability Insight: [qemu-kvm-0.12.1.2-2.160.el6] - kvm-virtio-blk-fail-unaligned-requests.patch [bz#698910] - kvm-Ignore-pci-unplug-requests-for-unpluggable-devices.patch [bz#699789] - Resolves: bz#698910 (CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests [rhel-6.1]) - Resolves: bz#699789 (CVE-2011-1751 acpi_piix4: missing hotplug check during device removal [rhel-6.1]) [qemu-kvm-0.12.1.2-2.159.el6] - kvm-acpi_piix4-Maintain-RHEL6.0-migration.patch [bz#694095] - Resolves: bz#694095 (Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version) [qemu-kvm-0.12.1.2-2.158.el6] - kvm-bz-691704-vhost-skip-VGA-memory-regions.patch [bz#691704] - kvm-ide-atapi-add-support-for-GET-EVENT-STATUS-NOTIFICAT.patch [bz#558256] - kvm-atapi-Allow-GET_EVENT_STATUS_NOTIFICATION-after-medi.patch [bz#558256] - kvm-atapi-Move-GET_EVENT_STATUS_NOTIFICATION-command-han.patch [bz#558256] - kvm-atapi-GESN-Use-structs-for-commonly-used-field-types.patch [bz#558256] - kvm-atapi-GESN-Standardise-event-response-handling-for-f.patch [bz#558256] - kvm-atapi-GESN-implement-media-subcommand.patch [bz#558256] - Resolves: bz#558256 (rhel6 disk not detected first time in install) - Resolves: bz#691704 (Failed to boot up windows guest with huge memory and cpu and vhost=on within 30 mins) [qemu-kvm-0.12.1.2-2.157.el6] - kvm-qemu-img-rebase-Fix-read-only-new-backing-file.patch [bz#693741] - kvm-floppy-save-and-restore-DIR-register.patch [bz#681777] - kvm-block-Do-not-cache-device-size-for-removable-media.patch [bz#687900] - kvm-cdrom-Allow-the-TEST_UNIT_READY-command-after-a-cdro.patch [bz#683877] - kvm-cdrom-Make-disc-change-event-visible-to-guests.patch [bz#683877] - Resolves: bz#681777 (floppy I/O error after live migration while floppy in use) - Resolves: bz#683877 (RHEL6 guests fail to update cdrom block size on media change) - Resolves: bz#687900 (qemu host cdrom support not properly updating guests on media changes at physical CD/DVD drives) - Resolves: bz#693741 (qemu-img re-base fail with read-only new backing file) [qemu-kvm-0.12.1.2-2.156.el6] - kvm-Revert-net-socket-allow-ipv6-for-net_socket_listen_i.patch [bz#680356] - kvm-Revert-Use-getaddrinfo-for-migration.patch [bz#680356] - Related: bz#680356 (Live migration failed in ipv6 environment) - Fixes bz#694196 (RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration) [qemu-kvm-0.12.1.2-2.155.el6] - kvm-configure-fix-out-of-tree-build-with-enable-spice.patch [bz#641833] - kvm-ccid-card-emulated-replace-DEFINE_PROP_ENUM-with-DEF.patch [bz#641833] - kvm-Revert-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833] - kvm-Revert-qdev-add-data-pointer-to-Property.patch [bz#641833] - kvm-Revert-qdev-add-print_options-callback.patch [bz#641833] - kvm-ccid-v18_upstream-v25-cleanup.patch [bz#641833] - kvm-libcacard-vscard_common.h-upstream-v18-v25-diff.patch [bz#641833] - ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1750 44132 http://secunia.com/advisories/44132 44393 http://secunia.com/advisories/44393 44658 http://secunia.com/advisories/44658 44660 http://secunia.com/advisories/44660 44900 http://secunia.com/advisories/44900 73756 http://www.osvdb.org/73756 DSA-2230 https://www.debian.org/security/2011/dsa-2230 FEDORA-2012-8604 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html RHSA-2011:0534 http://rhn.redhat.com/errata/RHSA-2011-0534.html SUSE-SU-2011:0533 https://hermes.opensuse.org/messages/8572547 USN-1145-1 https://www.ubuntu.com/usn/USN-1145-1/ [Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html [Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d kvm-virtioblk-priv-escalation(67062) https://exchange.xforce.ibmcloud.com/vulnerabilities/67062 openSUSE-SU-2011:0510 http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1751 44458 http://secunia.com/advisories/44458 44648 http://secunia.com/advisories/44648 47927 http://www.securityfocus.com/bid/47927 73395 http://www.osvdb.org/73395 [Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html [oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal http://www.openwall.com/lists/oss-security/2011/05/19/2 http://blog.nelhage.com/2011/08/breaking-out-of-kvm/ http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca https://bugzilla.redhat.com/show_bug.cgi?id=699773 https://github.com/nelhage/virtunoid
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.