OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix DNSKEY that encountered a CNAME (#1447869, ISC
change 3391)

- Fix CVE-2017-3136 (ISC change 4575)

- Fix CVE-2017-3137 (ISC change 4578)

- Fix and test caching CNAME before DNAME (ISC change
4558)

- Fix CVE-2016-9147 (ISC change 4510)

- Fix regression introduced by CVE-2016-8864 (ISC change
4530)

- Restore SELinux contexts before named restart

- Use /lib or /lib64 only if directory in chroot already
exists

- Tighten NSS library pattern, escape chroot mount path

- Fix (CVE-2016-8864)

- Do not change lib permissions in chroot (#1321239)

- Support WKS records in chroot (#1297562)

- Do not include patch backup in docs (fixes #1325081
patch)

- Backported relevant parts of [RT #39567] (#1259923)

- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)

- Fix multiple realms in nsupdate script like upstream
(#1313286)

- Fix multiple realm in nsupdate script (#1313286)

- Use resolver-query-timeout high enough to recover all
forwarders (#1325081)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000692.html
https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000693.html

Solution :

Update the affected bind-libs / bind-utils packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 100090 ()

Bugtraq ID:

CVE ID: CVE-2016-8864
CVE-2016-9147
CVE-2017-3136
CVE-2017-3137

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now