OracleVM 2.2 : xen (OVMSA-2013-0074)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- x86: check segment descriptor read result in 64-bit OUTS
emulation XSA-67 (Matthew Daley) [orabug 17571640]
(CVE-2013-4368)

- x86: properly set up fbld emulation operand address
XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361)

- x86: properly handle hvm_copy_from_guest_[phys,virt]
errors XSA-63 (Jan Beulich) [orabug 17472461]
(CVE-2013-4355)

- libxc: builder: limit maximum size of kernel/ramdisk
(Ian Campbell) [orabug 15852491] (CVE-2012-4544)

- libxc: builder: Correct fix for CVE-2012-4544 (Ian
Campbell) [orabug 15852491] (CVE-2012-4544)

- [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages
(Ian Jackson) [orabug 16902308] (CVE-2013-2194
CVE-2013-2195 CVE-2013-2196)

- [PATCH 03/21] libxc: Fix range checking in
xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 04/21] libelf: abolish elf_sval and
elf_access_signed (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use
'syms' uninitialised (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 06/21] libelf: introduce macros for memory access
and pointer handling (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 07/21] tools/xcutils/readnotes: adjust
print_l1_mfn_valid_note (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 08/21] libelf: check nul-terminated strings
properly (Ian Jackson) [orabug 16902308] (CVE-2013-2194
CVE-2013-2195 CVE-2013-2196)

- [PATCH 09/21] libelf: check all pointer accesses (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 10/21] libelf: Check pointer references in
elf_is_elfbinary (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 11/21] libelf: Make all callers call
elf_check_broken (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 12/21] libelf: use C99 bool for booleans (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 13/21] libelf: use only unsigned integers (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson)
[orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 15/21] libelf: check loops for running away (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 16/21] libelf: abolish obsolete macros (Ian
Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- [PATCH 17/21] libxc: Add range checking to
xc_dom_binloader (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr,
xc_map_foreign_range (Ian Jackson) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 19/21] libxc: check return values from malloc
(Ian Jackson) [orabug 16902308] (CVE-2013-2194
CVE-2013-2195 CVE-2013-2196)

- [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and
_guest (Ian Jackson) [orabug 16902308] (CVE-2013-2194
CVE-2013-2195 CVE-2013-2196)

- [PATCH 21/21] libxc: check blob size before proceeding
in xc_dom_check_gzip (Matthew Daley) [orabug 16902308]
(CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- libxc: define INVALID_MFN for the XSA-55 patchset (Chuck
Anderson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
CVE-2013-2196)

- fix page refcount handling in page table pin error path
(Andrew Cooper) [orabug 16949882] (CVE-2013-1432)

- remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741]
(CVE-2013-1919)

- x86: make vcpu_destroy_pagetables preemptible (Jan
Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make new_guest_cr3 preemptible (Jan Beulich)
[orabug 16714903] (CVE-2013-1918)

- x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan
Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make vcpu_reset preemptible (Jan Beulich) [orabug
16714903] (CVE-2013-1918)

- x86: make arch_set_info_guest preemptible (Jan Beulich)
[orabug 16714903] (CVE-2013-1918)

- x86: make page table unpinning preemptible (Jan Beulich)
[orabug 16714903] (CVE-2013-1918)

- x86: make page table handling error paths preemptible
(Jan Beulich) [orabug 16714903] (CVE-2013-1918)

See also :

http://www.nessus.org/u?82e75a28

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now