Scientific Linux Security Update : xorg-x11-drv-qxl on SL6.x i386/x86_64 (20130131)

low Nessus Plugin ID 64429

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to '1' in the guest), crash the guest. (CVE-2013-0241)

All running X.Org server instances using the qxl driver must be restarted for this update to take effect.

Solution

Update the affected xorg-x11-drv-qxl and / or xorg-x11-drv-qxl-debuginfo packages.

See Also

http://www.nessus.org/u?47bc7f1a

Plugin Details

Severity: Low

ID: 64429

File Name: sl_20130131_xorg_x11_drv_qxl_on_SL6_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2/4/2013

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-qxl, p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-qxl-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 1/31/2013

Vulnerability Publication Date: 2/13/2013

Reference Information

CVE: CVE-2013-0241