Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0127)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123749

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2013-0127)

Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0127 advisory.

Description: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0127 advisory.

Vulnerability Insight:
[0.8.2-29.0.1.el5]
- Replaced docs/et.png in tarball
- remove virshtest from test cases to fix failure in mock build root

[libvirt-0.8.2-29.el5]
- Coverity pointed out an use after free in the fix for 816601 (rhbz#772848)

[libvirt-0.8.2-28.el5]
- qemu: Rollback on used USB devices (rhbz#816601)
- qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#816601)

[libvirt-0.8.2-27.el5]
- qemu: Delete USB devices used by domain on stop (rhbz#816601)

[libvirt-0.8.2-26.el5]
- Fix off-by-1 in virFileAbsPath. (rhbz#680289)
- Fix autostart flag when loading running domains (rhbz#675319)
- node_device: Avoid null dereference on error (rhbz#772848)
- util: Avoid null deref on qcowXGetBackingStore (rhbz#772848)
- docs: Improve virsh domxml-*-native command docs (rhbz#783001)
- Clarify the purpose of domxml-from-native (rhbz#783001)
- qemu: Add return value check (rhbz#772821)
- storage: Avoid mishandling backing store > 2GB (rhbz#772821)
- util: Avoid PATH_MAX-sized array (rhbz#816601)
- qemu: Keep list of USB devices attached to domains (rhbz#816601)
- qemu: Don't leak temporary list of USB devices (rhbz#816601)
- usb: Create functions to search usb device accurately (rhbz#816601)
- qemu: Call usb search function for hostdev initialization and hotplug (rhbz#816601)
- usb: Fix crash when failing to attach a second usb device (rhbz#816601)

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
3.7

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2693
RHSA-2012:0748
http://rhn.redhat.com/errata/RHSA-2012-0748.html
RHSA-2013:0127
http://rhn.redhat.com/errata/RHSA-2013-0127.html
[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html
[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
http://www.openwall.com/lists/oss-security/2012/06/11/2
[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
http://www.openwall.com/lists/oss-security/2012/06/11/3

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123749
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-0127)
Summary:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0127 advisory.
Description:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2013-0127 advisory. Vulnerability Insight: [0.8.2-29.0.1.el5] - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root [libvirt-0.8.2-29.el5] - Coverity pointed out an use after free in the fix for 816601 (rhbz#772848) [libvirt-0.8.2-28.el5] - qemu: Rollback on used USB devices (rhbz#816601) - qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#816601) [libvirt-0.8.2-27.el5] - qemu: Delete USB devices used by domain on stop (rhbz#816601) [libvirt-0.8.2-26.el5] - Fix off-by-1 in virFileAbsPath. (rhbz#680289) - Fix autostart flag when loading running domains (rhbz#675319) - node_device: Avoid null dereference on error (rhbz#772848) - util: Avoid null deref on qcowXGetBackingStore (rhbz#772848) - docs: Improve virsh domxml-*-native command docs (rhbz#783001) - Clarify the purpose of domxml-from-native (rhbz#783001) - qemu: Add return value check (rhbz#772821) - storage: Avoid mishandling backing store > 2GB (rhbz#772821) - util: Avoid PATH_MAX-sized array (rhbz#816601) - qemu: Keep list of USB devices attached to domains (rhbz#816601) - qemu: Don't leak temporary list of USB devices (rhbz#816601) - usb: Create functions to search usb device accurately (rhbz#816601) - qemu: Call usb search function for hostdev initialization and hotplug (rhbz#816601) - usb: Fix crash when failing to attach a second usb device (rhbz#816601) Affected Software/OS: 'libvirt' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2693 RHSA-2012:0748 http://rhn.redhat.com/errata/RHSA-2012-0748.html RHSA-2013:0127 http://rhn.redhat.com/errata/RHSA-2013-0127.html [libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html [oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored http://www.openwall.com/lists/oss-security/2012/06/11/2 [oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored http://www.openwall.com/lists/oss-security/2012/06/11/3
Copyright	Copyright (C) 2015 Greenbone AG