Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0748)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123885

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2012-0748)

Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2012-0748 advisory.

Description: Summary:
The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2012-0748 advisory.

Vulnerability Insight:
[libvirt-0.9.10-21.0.1.el6]
- Replace docs/et.png in tarball with blank image

[libvirt-0.9.10-21.el6]
- qemu: Rollback on used USB devices (rhbz#743671)
- qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#743671)
- Revert 'rpc: Discard non-blocking calls only when necessary' (rhbz#821468)

[libvirt-0.9.10-20.el6]
- Fix virDomainDeviceInfoIsSet() to check all struct fields (rhbz#820869)
- Fix logic for assigning PCI addresses to USB2 companion controllers (rhbz#820869)
- Set a sensible default master start port for ehci companion controllers (rhbz#820869)

[libvirt-0.9.10-19.el6]
- build: Fix the typo in configure.ac (rhbz#820461)
- qemu: Fix build when !HAVE_NUMACTL (rhbz#820461)
- usb: Fix crash when failing to attach a second usb device (rhbz#815755)
- qemu: Use the CPU index in capabilities to map NUMA node to cpu list. (rhbz#820461)
- qemu: Set memory policy using cgroup if placement is auto (rhbz#820461)

[libvirt-0.9.10-18.el6]
- numad: Set memory policy from numad advisory nodeset (rhbz#810157)
[by default (rhbz#810157)]
[(rhbz#810157)]
- qemu: Avoid the memory allocation and freeing (rhbz#810157)
- numad: Divide cur_balloon by 1024 before passing it to numad (rhbz#810157)
- numad: Check numactl-devel if compiled with numad support (rhbz#810157)

[libvirt-0.9.10-17.el6]
- qemu: Don't modify domain on failed blockiotune (rhbz#819014)
- qemu: Reject blockiotune if qemu too old (rhbz#819014)
- qemu: Don't use virDomainDefFormat* directly (rhbz#815503)
- qemu: Emit compatible XML when migrating a domain (rhbz#815503)
- usb: Create functions to search usb device accurately (rhbz#815755)
- qemu: Call usb search function for hostdev initialization and hotplug (rhbz#815755)
- virsh: Avoid heap corruption leading to virsh abort (rhbz#819636)
- util: Fix libvirtd startup failure due to netlink error (rhbz#816465)
- util: Allow specifying both src and dst pid in virNetlinkCommand (rhbz#816465)
- util: Function to get local nl_pid used by netlink event socket (rhbz#816465)
- util: Set src_pid for virNetlinkCommand when appropriate (rhbz#816465)
- domain_conf: Add 'usbredir' to list of valid spice channels (rhbz#819498)
- domain_conf: Add 'default' to list of valid spice channels (rhbz#819499)
- snapshot: Allow block devices past cgroup (rhbz#810200)
- blockjob: Allow block devices past cgroup (rhbz#810200)
- util: Avoid libvirtd crash in virNetDevTapCreate (rhbz#817234)
- python: Fix the forward_null error in Python binding codes (rhbz#771021)
- xen: Fix resource leak in xen driver (rhbz#771021)
- test: Fix resource leak in test driver (rhbz#771021)
- node: Fix resource leak in nodeinfo.c (rhbz#771021)
- virnet: Fix resource leak in virnetlink.c (rhbz#771021)
- vmx: Fix resource leak (rhbz#771021)
- qemu: Fix resource leak (rhbz#771021)
- uuid: Fix possible non-terminated string (rhbz#771021)
- node_device: Fix possible non-terminated string ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libvirt' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
3.7

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2693
RHSA-2012:0748
http://rhn.redhat.com/errata/RHSA-2012-0748.html
RHSA-2013:0127
http://rhn.redhat.com/errata/RHSA-2013-0127.html
[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html
[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
http://www.openwall.com/lists/oss-security/2012/06/11/2
[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
http://www.openwall.com/lists/oss-security/2012/06/11/3

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123885
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0748)
Summary:	The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2012-0748 advisory.
Description:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the ELSA-2012-0748 advisory. Vulnerability Insight: [libvirt-0.9.10-21.0.1.el6] - Replace docs/et.png in tarball with blank image [libvirt-0.9.10-21.el6] - qemu: Rollback on used USB devices (rhbz#743671) - qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#743671) - Revert 'rpc: Discard non-blocking calls only when necessary' (rhbz#821468) [libvirt-0.9.10-20.el6] - Fix virDomainDeviceInfoIsSet() to check all struct fields (rhbz#820869) - Fix logic for assigning PCI addresses to USB2 companion controllers (rhbz#820869) - Set a sensible default master start port for ehci companion controllers (rhbz#820869) [libvirt-0.9.10-19.el6] - build: Fix the typo in configure.ac (rhbz#820461) - qemu: Fix build when !HAVE_NUMACTL (rhbz#820461) - usb: Fix crash when failing to attach a second usb device (rhbz#815755) - qemu: Use the CPU index in capabilities to map NUMA node to cpu list. (rhbz#820461) - qemu: Set memory policy using cgroup if placement is auto (rhbz#820461) [libvirt-0.9.10-18.el6] - numad: Set memory policy from numad advisory nodeset (rhbz#810157) [by default (rhbz#810157)] [(rhbz#810157)] - qemu: Avoid the memory allocation and freeing (rhbz#810157) - numad: Divide cur_balloon by 1024 before passing it to numad (rhbz#810157) - numad: Check numactl-devel if compiled with numad support (rhbz#810157) [libvirt-0.9.10-17.el6] - qemu: Don't modify domain on failed blockiotune (rhbz#819014) - qemu: Reject blockiotune if qemu too old (rhbz#819014) - qemu: Don't use virDomainDefFormat* directly (rhbz#815503) - qemu: Emit compatible XML when migrating a domain (rhbz#815503) - usb: Create functions to search usb device accurately (rhbz#815755) - qemu: Call usb search function for hostdev initialization and hotplug (rhbz#815755) - virsh: Avoid heap corruption leading to virsh abort (rhbz#819636) - util: Fix libvirtd startup failure due to netlink error (rhbz#816465) - util: Allow specifying both src and dst pid in virNetlinkCommand (rhbz#816465) - util: Function to get local nl_pid used by netlink event socket (rhbz#816465) - util: Set src_pid for virNetlinkCommand when appropriate (rhbz#816465) - domain_conf: Add 'usbredir' to list of valid spice channels (rhbz#819498) - domain_conf: Add 'default' to list of valid spice channels (rhbz#819499) - snapshot: Allow block devices past cgroup (rhbz#810200) - blockjob: Allow block devices past cgroup (rhbz#810200) - util: Avoid libvirtd crash in virNetDevTapCreate (rhbz#817234) - python: Fix the forward_null error in Python binding codes (rhbz#771021) - xen: Fix resource leak in xen driver (rhbz#771021) - test: Fix resource leak in test driver (rhbz#771021) - node: Fix resource leak in nodeinfo.c (rhbz#771021) - virnet: Fix resource leak in virnetlink.c (rhbz#771021) - vmx: Fix resource leak (rhbz#771021) - qemu: Fix resource leak (rhbz#771021) - uuid: Fix possible non-terminated string (rhbz#771021) - node_device: Fix possible non-terminated string ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libvirt' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2693 RHSA-2012:0748 http://rhn.redhat.com/errata/RHSA-2012-0748.html RHSA-2013:0127 http://rhn.redhat.com/errata/RHSA-2013-0127.html [libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html [oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored http://www.openwall.com/lists/oss-security/2012/06/11/2 [oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored http://www.openwall.com/lists/oss-security/2012/06/11/3
Copyright	Copyright (C) 2015 Greenbone AG