Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-0323)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123165

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2015-0323)

Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.

Description: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.

Vulnerability Insight:
[1.2.8-16.0.1]
- Replace docs/et.png in tarball with blank image

[1.2.8-16]
- qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094)
- lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094)

[1.2.8-15]
- qemu: Add missing goto error in qemuRestoreCgroupState (rhbz#1161540)

[1.2.8-14]
- virNetworkDefUpdateIPDHCPHost: Don't crash when updating network (rhbz#1182486)
- Format CPU features even for host-model (rhbz#1182448)
- util: Add function virCgroupHasEmptyTasks (rhbz#1161540)
- util: Add virNumaGetHostNodeset (rhbz#1161540)
- qemu: Remove unnecessary qemuSetupCgroupPostInit function (rhbz#1161540)
- qemu: Save numad advice into qemuDomainObjPrivate (rhbz#1161540)
- qemu: Leave cpuset.mems in parent cgroup alone (rhbz#1161540)
- qemu: Fix hotplugging cpus with strict memory pinning (rhbz#1161540)
- util: Fix possible NULL dereference (rhbz#1161540)
- qemu_driver: fix setting vcpus for offline domain (rhbz#1161540)
- qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs (CVE-2014-8136)
- CVE-2015-0236: qemu: Check ACLs when dumping security info from save image (CVE-2015-0236)
- CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots (CVE-2015-0236)
- Check for domain liveness in qemuDomainObjExitMonitor (rhbz#1161024)
- Mark the domain as active in qemuhotplugtest (rhbz#1161024)
- Fix vmdef usage while in monitor in qemuDomainHotplugVcpus (rhbz#1161024)
- Fix vmdef usage while in monitor in BlockStat* APIs (rhbz#1161024)
- Fix vmdef usage while in monitor in qemu process (rhbz#1161024)
- Fix vmdef usage after domain crash in monitor on device detach (rhbz#1161024)
- Fix vmdef usage after domain crash in monitor on device attach (rhbz#1161024)

[1.2.8-13]
- conf: Fix memory leak when parsing invalid network XML (rhbz#1180136)
- qxl: change the default value for vgamem_mb to 16 MiB (rhbz#1181052)
- qemuxml2argvtest: Fix test after change of qxl vgamem_mb default (rhbz#1181052)
- conf: fix crash when hotplug a channel chr device with no target (rhbz#1181408)
- qemu: forbid second blockcommit during active commit (rhbz#1135339)
- qemu_monitor: introduce new function to get QOM path (rhbz#1180574)
- qemu_process: detect updated video ram size values from QEMU (rhbz#1180574)

[1.2.8-12]
- Fix hotplugging of block device-backed usb disks (rhbz#1175668)
- qemu: Create memory-backend-{ram, file} if needed (rhbz#1175397)
- conf: Don't format actual network definition in migratable XML (rhbz#1177194)

[1.2.8-11]
- virsh: vol-upload disallow negative offset (rhbz#1087104)
- storage: fix crash caused by no check return before set close (rhbz#1087104)
- qemu: Fix virsh freeze when blockcopy storage file is removed (rhbz#1139567)
- security: Manage SELinux labels on shared/readonly hostdev's (rhbz#1082521)
- nwfilter: fix crash when adding non-existing nwfilter (rhbz#1169409)
- conf: Fix ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-8136
61111
http://secunia.com/advisories/61111
MDVSA-2015:023
http://www.mandriva.com/security/advisories?name=MDVSA-2015:023
MDVSA-2015:070
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
RHSA-2015:0323
http://rhn.redhat.com/errata/RHSA-2015-0323.html
USN-2867-1
http://www.ubuntu.com/usn/USN-2867-1
http://advisories.mageia.org/MGASA-2015-0002.html
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d
openSUSE-SU-2015:0006
http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html
openSUSE-SU-2015:0008
http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0236
62766
http://secunia.com/advisories/62766
MDVSA-2015:035
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
http://advisories.mageia.org/MGASA-2015-0046.html
http://security.libvirt.org/2015/0001.html
openSUSE-SU-2015:0225
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123165
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-0323)
Summary:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory.
Description:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2015-0323 advisory. Vulnerability Insight: [1.2.8-16.0.1] - Replace docs/et.png in tarball with blank image [1.2.8-16] - qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094) - lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict' (rhbz#1186094) [1.2.8-15] - qemu: Add missing goto error in qemuRestoreCgroupState (rhbz#1161540) [1.2.8-14] - virNetworkDefUpdateIPDHCPHost: Don't crash when updating network (rhbz#1182486) - Format CPU features even for host-model (rhbz#1182448) - util: Add function virCgroupHasEmptyTasks (rhbz#1161540) - util: Add virNumaGetHostNodeset (rhbz#1161540) - qemu: Remove unnecessary qemuSetupCgroupPostInit function (rhbz#1161540) - qemu: Save numad advice into qemuDomainObjPrivate (rhbz#1161540) - qemu: Leave cpuset.mems in parent cgroup alone (rhbz#1161540) - qemu: Fix hotplugging cpus with strict memory pinning (rhbz#1161540) - util: Fix possible NULL dereference (rhbz#1161540) - qemu_driver: fix setting vcpus for offline domain (rhbz#1161540) - qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs (CVE-2014-8136) - CVE-2015-0236: qemu: Check ACLs when dumping security info from save image (CVE-2015-0236) - CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots (CVE-2015-0236) - Check for domain liveness in qemuDomainObjExitMonitor (rhbz#1161024) - Mark the domain as active in qemuhotplugtest (rhbz#1161024) - Fix vmdef usage while in monitor in qemuDomainHotplugVcpus (rhbz#1161024) - Fix vmdef usage while in monitor in BlockStat* APIs (rhbz#1161024) - Fix vmdef usage while in monitor in qemu process (rhbz#1161024) - Fix vmdef usage after domain crash in monitor on device detach (rhbz#1161024) - Fix vmdef usage after domain crash in monitor on device attach (rhbz#1161024) [1.2.8-13] - conf: Fix memory leak when parsing invalid network XML (rhbz#1180136) - qxl: change the default value for vgamem_mb to 16 MiB (rhbz#1181052) - qemuxml2argvtest: Fix test after change of qxl vgamem_mb default (rhbz#1181052) - conf: fix crash when hotplug a channel chr device with no target (rhbz#1181408) - qemu: forbid second blockcommit during active commit (rhbz#1135339) - qemu_monitor: introduce new function to get QOM path (rhbz#1180574) - qemu_process: detect updated video ram size values from QEMU (rhbz#1180574) [1.2.8-12] - Fix hotplugging of block device-backed usb disks (rhbz#1175668) - qemu: Create memory-backend-{ram, file} if needed (rhbz#1175397) - conf: Don't format actual network definition in migratable XML (rhbz#1177194) [1.2.8-11] - virsh: vol-upload disallow negative offset (rhbz#1087104) - storage: fix crash caused by no check return before set close (rhbz#1087104) - qemu: Fix virsh freeze when blockcopy storage file is removed (rhbz#1139567) - security: Manage SELinux labels on shared/readonly hostdev's (rhbz#1082521) - nwfilter: fix crash when adding non-existing nwfilter (rhbz#1169409) - conf: Fix ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libvirt' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8136 61111 http://secunia.com/advisories/61111 MDVSA-2015:023 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 MDVSA-2015:070 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 RHSA-2015:0323 http://rhn.redhat.com/errata/RHSA-2015-0323.html USN-2867-1 http://www.ubuntu.com/usn/USN-2867-1 http://advisories.mageia.org/MGASA-2015-0002.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d openSUSE-SU-2015:0006 http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html openSUSE-SU-2015:0008 http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0236 62766 http://secunia.com/advisories/62766 MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://advisories.mageia.org/MGASA-2015-0046.html http://security.libvirt.org/2015/0001.html openSUSE-SU-2015:0225 http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
Copyright	Copyright (C) 2015 Greenbone AG