OracleVM 2.1 : kernel (OVMSA-2009-0014)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1192 The 1 agpgenericallocpage and 2 agpgenericallocpages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later...

OracleVM 2.1 : kernel (OVMSA-2009-0017)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1895 The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or...

OracleVM 2.1 : krb5 (OVMSA-2009-0003)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0844 The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain...

OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1574 racoon/isakmpfrag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service crash via crafted fragmented packets without a payload, which triggers a NULL pointer...

OracleVM 2.1 : kernel (OVMSA-2009-0004)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2008-3528 The error-reporting functionality in 1 fs/ext2/dir.c, 2 fs/ext3/dir.c, and possibly 3 fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that...

OracleVM 2.1 : dnsmasq (OVMSA-2009-0022)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-2957 Heap-based buffer overflow in the tftprequest function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long...

OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash CVE-2009-2414, CVE-2009-2416 - Resolves:...

OracleVM 2.1 : freetype (OVMSA-2009-0012)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in 1 smooth/ftsmooth.c, 2...

OracleVM 2.1 : acpid (OVMSA-2009-0008)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0798 The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service CPU consumption and connectivity loss by opening a large number of UNIX sockets without closing them,...

OracleVM 2.1 : xen (OVMSA-2009-0001)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix permissions problem with VM.GuestMetrics bugz 7265 - Disable ovs-disabled-create-netif-if-vif-type-set-ioemu.patch - Include proper patch for bugz 7807 - Implement VM.GuestMetrics to communicate...