| Description: | Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0743 advisory.
Vulnerability Insight:
[0.12.1.2-2.415.el6_5.10]
- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095692]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095743]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_load-2.patch [bz#1095743]
- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095739]
- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095735]
- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095763 bz#1096124]
- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095763 bz#1096124]
- kvm-enable-PCI-multiple-segments-for-pass-through-device.patch [bz#1099941]
- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095675]
- kvm-virtio-validate-config_len-on-load.patch [bz#1095779]
- kvm-usb-fix-up-post-load-checks.patch [bz#1096825]
- kvm-CPU-hotplug-use-apic_id_for_cpu-round-2-RHEL-6-only.patch [bz#1100575]
- Resolves: bz#1095675
()
- Resolves: bz#1095692
()
- Resolves: bz#1095735
()
- Resolves: bz#1095739
()
- Resolves: bz#1095743
()
- Resolves: bz#1095763
()
- Resolves: bz#1095779
()
- Resolves: bz#1096124
()
- Resolves: bz#1096825
()
- Resolves: bz#1099941
()
- Resolves: bz#1100575
(Some vCPU topologies not accepted by libvirt)
[0.12.1.2-2.415.el6_5.9]
- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087978]
- Resolves: bz#1087978
(CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-6.5.z])
Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
