OracleVM 3.3 : glibc (OVMSA-2014-0017)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Remove gconv transliteration loadable modules support
(CVE-2014-5119, - _nl_find_locale: Improve handling of
crafted locale names (CVE-2014-0475,

- Don't use alloca in addgetnetgrentX (#1087789).

- Adjust pointers to triplets in netgroup query data
(#1087789).

- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN
(#1098050).

- Fix race in free of fastbin chunk (#1091162).

- Revert the addition of gettimeofday vDSO function for
ppc and ppc64 until OPD VDSO function call issues are
resolved (#1026533).

- Call gethostbyname4_r only for PF_UNSPEC (#1022022).

- Fix integer overflows in *valloc and memalign.
(#1008310).

- Initialize res_hconf in nscd (#970090).

- Update previous patch for dcigettext.c and loadmsgcat.c
(#834386).

- Save search paths before performing relro protection
(#988931).

- Correctly name the 240-bit slow path sytemtap probe
slowpow_p10 for slowpow (#905575).

- Align value of stacksize in nptl-init (#663641).

- Renamed release engineering directory from 'fedora' to
`releng' (#903754).

- Backport GLIBC sched_getcpu and gettimeofday vDSO
functions for ppc (#929302).

- Fall back to local DNS if resolv.conf does not define
nameservers (#928318).

- Add systemtap probes to slowexp and slowpow (#905575).

- Fix getaddrinfo stack overflow resulting in application
crash (CVE-2013-1914, #951213).

- Fix multibyte character processing crash in regexp
(CVE-2013-0242, #951213).

- Add netgroup cache support for nscd (#629823).

- Fix multiple nss_compat initgroups bugs (#966778).

- Don't use simple lookup for AF_INET when AI_CANONNAME is
set (#863384).

- Add MAP_HUGETLB and MAP_STACK support (#916986).

- Update translation for stale file handle error
(#970776).

- Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).

- Fix up _init in pt-initfini to accept arguments
(#663641).

- Set reasonable limits on xdr requests to prevent memory
leaks (#848748).

- Fix mutex locking for PI mutexes on spurious wake-ups on
pthread condvars (#552960).

- New environment variable GLIBC_PTHREAD_STACKSIZE to set
thread stack size (#663641).

- Improved handling of recursive calls in backtrace
(#868808).

- The ttyname and ttyname_r functions on Linux now fall
back to searching for the tty file descriptor in
/dev/pts or /dev if /proc is not available. This allows
creation of chroots without the procfs mounted on /proc.
(#851470)

- Don't free rpath strings allocated during startup until
after ld.so is re-relocated. (#862094)

- Consistantly MANGLE/DEMANGLE function pointers. Fix use
after free in dcigettext.c (#834386).

- Change rounding mode only when necessary (#966775).

- Backport of code to allow incremental loading of library
list (#886968).

- Fix loading of audit libraries when TLS is in use
(#919562)

- Fix application of SIMD FP exception mask (#929388).

See also :

http://www.nessus.org/u?2eb23e08

Solution :

Update the affected glibc / glibc-common / nscd packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79539 ()

Bugtraq ID: 57638
58839
68505
68983
69738

CVE ID: CVE-2013-0242
CVE-2013-1914
CVE-2014-0475
CVE-2014-5119

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now