Test ID:	1.3.6.1.4.1.25623.1.0.123423
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-0420)
Summary:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0420 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2014-0420 advisory. Vulnerability Insight: [0.12.1.2-2.415.el6_5.8] - kvm-virtio-net-fix-guest-triggerable-buffer-overrun.patch [bz#1078605 bz#1078849] - kvm-qcow2-Check-backing_file_offset-CVE-2014-0144.patch [bz#1079452 bz#1079453] - kvm-qcow2-Check-refcount-table-size-CVE-2014-0144.patch [bz#1079452 bz#1079453] - kvm-qcow2-Validate-refcount-table-offset.patch [bz#1079518 bz#1086678] - kvm-qcow2-Validate-snapshot-table-offset-size-CVE-2014-0.patch [bz#1079452 bz#1079453] - kvm-qcow2-Validate-active-L1-table-offset-and-size-CVE-2.patch [bz#1079452 bz#1079453] - kvm-qcow2-Fix-backing-file-name-length-check.patch [bz#1079518 bz#1086678] - kvm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_refc.patch [bz#1079337 bz#1079338] - kvm-qcow2-Avoid-integer-overflow-in-get_refcount-CVE-201.patch [bz#1079318 bz#1079319] - kvm-qcow2-Check-new-refcount-table-size-on-growth.patch [bz#1079518 bz#1086678] - kvm-qcow2-Fix-types-in-qcow2_alloc_clusters-and-alloc_cl.patch [bz#1079518 bz#1086678] - kvm-qcow2-Protect-against-some-integer-overflows-in-bdrv.patch [bz#1079518 bz#1086678] - kvm-qcow2-Catch-some-L1-table-index-overflows.patch [bz#1079518 bz#1086678] - kvm-qcow2-Fix-new-L1-table-size-check-CVE-2014-0143.patch [bz#1079318 bz#1079319] - kvm-qcow2-Fix-NULL-dereference-in-qcow2_open-error-path-.patch [bz#1079330 bz#1079331] - kvm-qcow2-Limit-snapshot-table-size.patch [bz#1079518 bz#1086678] - kvm-block-cloop-validate-block_size-header-field-CVE-201.patch [bz#1079452 bz#1079453] - kvm-block-cloop-prevent-offsets_size-integer-overflow-CV.patch [bz#1079318 bz#1079319] - kvm-block-cloop-refuse-images-with-huge-offsets-arrays-C.patch [bz#1079452 bz#1079453] - kvm-block-cloop-Fix-coding-style.patch [bz#1079518 bz#1086678] - kvm-cloop-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678] - kvm-block-cloop-refuse-images-with-bogus-offsets-CVE-201.patch [bz#1079452 bz#1079453] - kvm-block-cloop-Use-g_free-instead-of-free.patch [bz#1079518 bz#1086678] - kvm-block-cloop-fix-offsets-size-off-by-one.patch [bz#1079518 bz#1086678] - kvm-bochs-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678] - kvm-bochs-Unify-header-structs-and-make-them-QEMU_PACKED.patch [bz#1079518 bz#1086678] - kvm-bochs-Use-unsigned-variables-for-offsets-and-sizes-C.patch [bz#1079337 bz#1079338] - kvm-bochs-Check-catalog_size-header-field-CVE-2014-0143.patch [bz#1079318 bz#1079319] - kvm-bochs-Check-extent_size-header-field-CVE-2014-0142.patch [bz#1079313 bz#1079314] - kvm-bochs-Fix-bitmap-offset-calculation.patch [bz#1079518 bz#1086678] - kvm-vpc-vhd-add-bounds-check-for-max_table_entries-and-b.patch [bz#1079452 bz#1079453] - kvm-vpc-Validate-block-size-CVE-2014-0142.patch [bz#1079313 bz#1079314] - kvm-vdi-add-bounds-checks-for-blocks_in_image-and-disk_s.patch [bz#1079452 bz#1079453] - kvm-vhdx-Bounds-checking-for-block_size-and-logical_sect.patch [bz#1079343 bz#1079344] - kvm-curl-check-data-size-before-memcpy-to-local-buffer.-.patch [bz#1079452 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'qemu-kvm' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0142 DSA-3044 http://www.debian.org/security/2014/dsa-3044 RHSA-2014:0420 http://rhn.redhat.com/errata/RHSA-2014-0420.html RHSA-2014:0421 http://rhn.redhat.com/errata/RHSA-2014-0421.html http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f https://bugzilla.redhat.com/show_bug.cgi?id=1078201 Common Vulnerability Exposure (CVE) ID: CVE-2014-0143 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b https://bugzilla.redhat.com/show_bug.cgi?id=1079140 Common Vulnerability Exposure (CVE) ID: CVE-2014-0144 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce https://bugzilla.redhat.com/show_bug.cgi?id=1079240 https://www.vulnerabilitycenter.com/#%21vul=44767 Common Vulnerability Exposure (CVE) ID: CVE-2014-0145 [oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs) http://www.openwall.com/lists/oss-security/2014/03/26/8 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b https://bugzilla.redhat.com/show_bug.cgi?id=1078885 https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0146 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9 https://bugzilla.redhat.com/show_bug.cgi?id=1078232 Common Vulnerability Exposure (CVE) ID: CVE-2014-0147 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789 https://bugzilla.redhat.com/show_bug.cgi?id=1078848 https://bugzilla.redhat.com/show_bug.cgi?id=1086717 Common Vulnerability Exposure (CVE) ID: CVE-2014-0148 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6 https://bugzilla.redhat.com/show_bug.cgi?id=1078212 Common Vulnerability Exposure (CVE) ID: CVE-2014-0150 57878 http://secunia.com/advisories/57878 58191 http://secunia.com/advisories/58191 DSA-2909 http://www.debian.org/security/2014/dsa-2909 DSA-2910 http://www.debian.org/security/2014/dsa-2910 USN-2182-1 http://www.ubuntu.com/usn/USN-2182-1 [Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun http://article.gmane.org/gmane.comp.emulators.qemu/266768 [Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun http://thread.gmane.org/gmane.comp.emulators.qemu/266713 https://bugzilla.redhat.com/show_bug.cgi?id=1078846
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.