Test ID:	1.3.6.1.4.1.25623.1.0.123071
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-1507)
Summary:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2015-1507 advisory. Vulnerability Insight: [1.5.3-86.el7_1.5] - kvm-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch [bz#1243726] - Resolves: bz#1243726 (CVE-2015-3214 qemu-kvm: qemu: i8254: out-of-bounds memory access in pit_ioport_read function [rhel-7.1.z]) [1.5.3-86.el7_1.4] - kvm-ide-Check-array-bounds-before-writing-to-io_buffer-C.patch [bz#1243689] - kvm-ide-atapi-Fix-START-STOP-UNIT-command-completion.patch [bz#1243689] - kvm-ide-Clear-DRQ-after-handling-all-expected-accesses.patch [bz#1243689] - Resolves: bz#1243689 (EMBARGOED CVE-2015-5154 qemu-kvm: qemu: ide: atapi: heap overflow during I/O buffer memory access [rhel-7.1.z]) [1.5.3-86.el7_1.3] - kvm-atomics-add-explicit-compiler-fence-in-__atomic-memo.patch [bz#1233643] - Resolves: bz#1233643 ([abrt] qemu-kvm: bdrv_error_action(): qemu-kvm killed by SIGABRT) Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3214 1032598 http://www.securitytracker.com/id/1032598 37990 https://www.exploit-db.com/exploits/37990/ 75273 http://www.securityfocus.com/bid/75273 DSA-3348 http://www.debian.org/security/2015/dsa-3348 GLSA-201510-02 https://security.gentoo.org/glsa/201510-02 RHSA-2015:1507 http://rhn.redhat.com/errata/RHSA-2015-1507.html RHSA-2015:1508 http://rhn.redhat.com/errata/RHSA-2015-1508.html RHSA-2015:1512 http://rhn.redhat.com/errata/RHSA-2015-1512.html [oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function http://www.openwall.com/lists/oss-security/2015/06/25/7 [qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read() https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 https://bugzilla.redhat.com/show_bug.cgi?id=1229640 https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 https://support.lenovo.com/product_security/qemu https://support.lenovo.com/us/en/product_security/qemu https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Common Vulnerability Exposure (CVE) ID: CVE-2015-5154 1033074 http://www.securitytracker.com/id/1033074 76048 http://www.securityfocus.com/bid/76048 FEDORA-2015-12657 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html FEDORA-2015-12679 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html FEDORA-2015-12714 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 SUSE-SU-2015:1299 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html SUSE-SU-2015:1302 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html SUSE-SU-2015:1409 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html SUSE-SU-2015:1421 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html SUSE-SU-2015:1426 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html SUSE-SU-2015:1455 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html SUSE-SU-2015:1643 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://support.citrix.com/article/CTX201593 http://xenbits.xen.org/xsa/advisory-138.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.