OracleVM 3.3 : rpm (OVMSA-2014-0083)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix race condidition where unchecked data is exposed in
the file system (CVE-2013-6435)(#1163059)

- Fix thinko in the non-root python byte-compilation fix

- Byte-compile versioned python libdirs in non-root prefix
too (#868332)

- Fix segfault on rpmdb addition when header unload fails
(#706935)

- Add a compat mode for enabling legacy rpm scriptlet
error behavior (#963724)

- Fix build-time double-free on file capability processing
(#904818)

- Fix include-directive getting processed on false branch
(#920190)

- Bring back --fileid in the man page with description of
the id (#804049)

- Fix missing error on --import on bogus key file
(#869667)

- Add DWARF 4 support to debugedit (#858731)

- Add better error handling to patch for bug

- Fix memory corruption on multikey PGP packets/armors
(#829621)

- Handle identical binaries for debug-info (#727872)

- Fix typos in Japanese rpm man page (#845065)

- Document -D and -E options in man page (#845063)

- Add --setperms and --setuids to the man page (#839126)

- Update man page that SHA256 is also used for file digest
(#804049)

- Remove --fileid from man page to get rid of md5

- Remove -s from patch calls (#773503)

- Force _host_vendor to redhat to better match toolchain
(#743229)

- Backport reloadConfig for Python API (#825147)

- Support for dpkg-style sorting of tilde in
version/release (#825087)

- Fix explicit directory %attr when %defattr is active
(#730473)

- Don't load keyring if signature checking is disabled
(#664696)

- Retry read to fix rpm2cpio with pipe as stdin (#802839)

See also :

http://www.nessus.org/u?8451a6f3

Solution :

Update the affected rpm / rpm-libs / rpm-python packages.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 80008 ()

Bugtraq ID: 71558

CVE ID: CVE-2013-6435

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now