Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-0704)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123362

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2014-0704)

Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0704 advisory.

Description: Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0704 advisory.

Vulnerability Insight:
[1.5.3-60.el7_0.2]
- kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094820]
- Resolves: bz#1094820
(Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.)

[1.5.3-60.el7_0.1]
- kvm-iscsi-fix-indentation.patch [bz#1090978]
- kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1090978]
- kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1090978]
- kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1090978]
- kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1090978]
- kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1090978]
- kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1090978]
- kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1090978]
- kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1090978]
- kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [1091322]
- kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1090981]
- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1093612]
- Resolves: bz#1091322
(fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host)
- Resolves: bz#1090981
(Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device)
- Resolves: bz#1090978
(qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400))
- Resolves: bz#1093612
(CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.0.z])

Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2894
57945
http://secunia.com/advisories/57945
58191
http://secunia.com/advisories/58191
66932
http://www.securityfocus.com/bid/66932
RHSA-2014:0704
http://rhn.redhat.com/errata/RHSA-2014-0704.html
RHSA-2014:0743
http://rhn.redhat.com/errata/RHSA-2014-0743.html
RHSA-2014:0744
http://rhn.redhat.com/errata/RHSA-2014-0744.html
USN-2182-1
http://www.ubuntu.com/usn/USN-2182-1
[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART
http://www.openwall.com/lists/oss-security/2014/04/15/4
[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART
http://www.openwall.com/lists/oss-security/2014/04/18/5

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123362
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-0704)
Summary:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0704 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0704 advisory. Vulnerability Insight: [1.5.3-60.el7_0.2] - kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094820] - Resolves: bz#1094820 (Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.) [1.5.3-60.el7_0.1] - kvm-iscsi-fix-indentation.patch [bz#1090978] - kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1090978] - kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1090978] - kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1090978] - kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1090978] - kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1090978] - kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1090978] - kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1090978] - kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1090978] - kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [1091322] - kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1090981] - kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1093612] - Resolves: bz#1091322 (fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host) - Resolves: bz#1090981 (Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device) - Resolves: bz#1090978 (qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400)) - Resolves: bz#1093612 (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.0.z]) Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2894 57945 http://secunia.com/advisories/57945 58191 http://secunia.com/advisories/58191 66932 http://www.securityfocus.com/bid/66932 RHSA-2014:0704 http://rhn.redhat.com/errata/RHSA-2014-0704.html RHSA-2014:0743 http://rhn.redhat.com/errata/RHSA-2014-0743.html RHSA-2014:0744 http://rhn.redhat.com/errata/RHSA-2014-0744.html USN-2182-1 http://www.ubuntu.com/usn/USN-2182-1 [Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html [Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html [oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART http://www.openwall.com/lists/oss-security/2014/04/15/4 [oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART http://www.openwall.com/lists/oss-security/2014/04/18/5
Copyright	Copyright (C) 2015 Greenbone AG