OracleVM 3.2 : rpm (OVMSA-2016-0077)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Add missing files in /usr/share/doc/

- Fix warning when applying the patch for #1163057

- Fix race condidition where unchecked data is exposed in
the file system (CVE-2013-6435)(#1163057)

- Fix segfault on rpmdb addition when header unload fails

- Fix segfault on invalid OpenPGP packet (#743203)

- Account for excludes and hardlinks wrt payload max size

- Fix payload size tag generation on big-endian systems

- Track all install failures within a transaction

- fix changelog (bug #707677 is actually #808547)

- Document -D and -E options in man page (#814602)

- Require matching arch for freshen on colored
transactions (#813282)

- Add DWARF 3 and 4 support to debugedit (#808547)

- No longer add \n to group tag in Python bindings

- Fix typos in Japanese rpm man page (#760552)

- Bump Geode compatibility up to i686 (#620570)

- Proper region tag validation on package/header read

- Double-check region size against header size

- Validate negated offsets too in headerVerifyInfo

- Revert fix for #740291, too many packages rely on the
broken behavior

- Add support for XZ-compressed sources and patches to
rpmbuild (#620674)

- Avoid unnecessary assert-death when closing NULL fd

- Add scriptlet error notification callbacks (#533831)

- Honor --noscripts for pre- and posttrans scriptlets too

- Avoid bogus error on printing empty ds from python

- File conflicts correctness & consistency fixes (#740291)

- Create the directory used for transaction lock if
necessary (#510469)

- Only enforce default umask during transaction (#673821)

- fix thinko in the CVE backport

- fix CVE-2011-3378 (#742157)

- accept windows cr/lf line endings in gpg keys (#530212)

- Backport multilib ordering fixes from rpm 4.8.x

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 91753 ()

Bugtraq ID: 49799

CVE ID: CVE-2011-3378

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now