English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.122279
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2011-0028)
Summary:The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory.
Description:Summary:
The remote host is missing an update for the 'kvm' package(s) announced via the ELSA-2011-0028 advisory.

Vulnerability Insight:
[kvm-83-224.0.1]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch

[kvm-83-224.el5]
- kvm-kernel-KVM-x86-zero-kvm_vcpu_events-interrupt.pad.patch [bz#665407]
- Resolves: bz#665407
(kvm_vcpu_events.interrupt.pad must be zeroed)
- CVE: CVE-2010-4525

[kvm-83-223.el5]
- Updated kversion to 2.6.18-237.el to match build root
- Reverting patches for bz#608709 as they are not complete
- kvm-kernel-Revert-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709]
- kvm-kernel-Revert-KVM-Don-t-spin-on-virt-instruction-faults-dur.patch [bz#608709]
- bz#608709: reboot(RB_AUTOBOOT) fails if kvm instance is running
- Related: bz#661117

[kvm-83-222.el5]
- kvm-kernel-kvm-change-signed-int-to-unsigned-in-mmu_shrink.patch [bz#661117]
- Resolves: bz#661117
([RHEL5.6 CC] mmu_shrink patch)

[kvm-83-221.el5]
- Updated kversion to 2.6.18-236.el to match build root
- kvm-kernel-KVM-Don-t-spin-on-virt-instruction-faults-during-reb.patch [bz#608709]
- kvm-kernel-KVM-VMX-Return-0-from-a-failed-VMREAD.patch [bz#608709]
- Resolves: bz#608709
(reboot(RB_AUTOBOOT) fails if kvm instance is running)

[kvm-83-220.el5]
- Updated kversion to 2.6.18-235.el to match build root
- kvm-load-registers-after-restoring-pvclock-msrs.patch [bz#655990]
- Resolves: bz#655990
(clock drift when migrating a guest between mis-matched CPU clock speed)

[kvm-83-219.el5]
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems-additional-f.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-218.el5]
- kvm-vnc-fix-key-event-processing.patch [bz#643317]
- Resolves: bz#643317
('sendkey ctrl-alt-delete' don't work via VNC)

[kvm-83-217.el5]
- kvm-kernel-fix-null-pointer-dereference.patch [bz#570532]
- Resolves: bz#570532
(CVE-2010-0435 kvm: vmx null pointer dereference)
- CVE: CVE-2010-0435

[kvm-83-216.el5]
- Updated kversion to 2.6.18-233.el to match build root
- kvm-kernel-KVM-fix-AMD-initial-TSC-offset-problems.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-215.el5]
- Reverts previous patch (it doesn't build)
- kvm-kernel-Revert-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659]
- Related: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-214.el5]
- kvm-kernel-KVM-fix-AMD-initial-TSC-bugs.patch [bz#642659]
- Resolves: bz#642659
(TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module.)

[kvm-83-213.el5]
- kvm-No-need-to-iterate-if-we-already-are-over-the-limit.patch [bz#513765 bz#589017]
- kvm-don-t-care-about-TLB-handling.patch [bz#513765 bz#589017]
- kvm-Fix-transferred-memory-calculation.patch [bz#513765 bz#589017]
- kvm-Maintaing-number-of-dirty-pages.patch [bz#513765 bz#589017]
- ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kvm' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4525
42890
http://secunia.com/advisories/42890
45676
http://www.securityfocus.com/bid/45676
70377
http://osvdb.org/70377
ADV-2011-0123
http://www.vupen.com/english/advisories/2011/0123
RHSA-2011:0007
http://www.redhat.com/support/errata/RHSA-2011-0007.html
RHSA-2011:0028
http://www.redhat.com/support/errata/RHSA-2011-0028.html
[oss-security] 20110105 CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/05/1
[oss-security] 20110105 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/05/9
[oss-security] 20110106 Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
http://www.openwall.com/lists/oss-security/2011/01/06/3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4525
kernel-kvmvcpueventsinterrupt-info-disc(64519)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64519
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.