OracleVM 3.2 : sos (OVMSA-2016-0078)

high Nessus Plugin ID 91754

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- add patch to remove all sysrq echo commands from sysreport.legacy (John Sobecki) [orabug 11061754]

- comment out rh-upload-core and README.rh-upload-core in specfile

- Strip passwords from grub.conf and /etc/fstab Resolves:
bz1107751

- Limit the default set of logs collected for directory server Resolves: bz1086736

- Set global[locking_type=0] when calling lvm2 commands Resolves: bz916937

- Force LC_ALL=C for external commands Resolves: bz1099520

- Do not verify cluster.conf for each mounted gfs2 file system Resolves: bz1098793

- Fix insecure temporary files usage in gfs2 plugin Resolves: bz1099151

- Suppress libxml2 debug output in gfs2 plugin Resolves:
bz1098793

- Use PATH when calling the klist command Resolves:
bz1029017

- Add SSSD plugin to collect configuration and logs Resolves: bz1018407

- Update sos UI text to match later releases Resolves:
bz1065468

- Free libxml2 bindings in cluster plugin Resolves:
bz773350

- Suppress libxml2 debug output in cluster plugin Resolves: bz782588

- Update URLs in README and RPM metadata Resolves:
bz783423

- Collect mcelog in hardware plugin Resolves: bz810701

- Add brctl show and brctl showstp output to networking Resolves: bz833406

- Fix installed-rpms formatting for long package names Resolves: bz978444

- Make ethernet interface detection more robust Resolves:
bz980177

- Do not collect kerberos keytab files Resolves: bz1029017

- Restrict wbinfo to local domain in samba plug-in Resolves: bz986975

- Collect /etc/yaboot.conf in bootloader module Resolves:
bz977187

- Sanitize hostname when constructing tar archive names Resolves: bz976242

- Remove anaconda-ks.cfg collection from general plug-in Resolves: bz857304

- Check that the up2date hardware script exists before running it Resolves: bz782218

- Ignore empty globs passed to addCopySpecLimit Resolves:
bz782247

- Collect /proc/iomem in the hardware module Resolves:
bz840981

- Elide passwords in anaconda-ks.cfg and yum.repos.d Resolves: bz857304

- Fix collection of SELinux data when disabled Resolves:
bz868008

- Handle ENOSPC more gracefully Resolves: bz891155

- Limit size of default sar log file collection Resolves:
bz891155

- Do not collect archived process accounting files by default Resolves: bz906071

- Collect /etc/modprobe.d in kernel plug-in Resolves:
bz958346

- Collect /etc/idmapd.conf for NFS clients and servers Resolves: bz907876

- Always log plugin exceptions that are not raised to the interpreter Resolves: bz717480

- Ensure relative symlink targets are correctly handled when copying Resolves: bz717962

- Correctly handle libxml2 parser exceptions when reading cluster.conf Resolves: bz750573

- Update Red Hat Certificate System plugin for current versions Resolves: bz627416

- Make single threaded operation default and add
--multithread to override Resolves: bz708346

- Support multiple possible locations of VRTSexplorer script Resolves: bz565996

- Collect wallaby dump and inventory information in mrggrid plugin Resolves: bz641020

- Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin Resolves: bz726421

- Update MRG grid plugin to collect additional logs and configuration Resolves: bz641020

- Fix collection of symlink destinations when copying directory trees Resolves: bz717962

- Allow plugins to specify non-root symlinks for collected command output Resolves: bz716987

- Ensure custom rsyslog destinations are captured and log size limits applied Resolves: bz717167

- Add basic plugin for Veritas products Resolves: bz565996

- Do not collect subscription manager keys in general plugin Resolves: bz750606

- Fix gfs2 plugin use of callExtProg API Resolves:
bz667783

- Fix exceptions and file naming in gfs2 plugin Resolves:
bz667783

- Fix translation for fr locale Resolves: bz641020

- Add basic Infiniband plugin Resolves: bz673246

- Add plugin for scsi-target-utils iSCSI target Resolves:
bz677123

- Fix handling of TMP environment variable Resolves:
bz733133

- Correctly determine kernel version in cluster plugin Resolves: bz742567

- Add libvirt plugin Resolves: bz568635

- Add gfs2 plugin to supplement cluster data collection Resolves: bz667783

- Add support for collecting Red Hat Subscrition Manager configuration Resolves: bz714296

- Fix rhelVersion and convert all in-tree users to use it Resolves: bz710567

- Add support for --tmp-dir command line option Resolves:
bz562283

- Add support for collecting entitlement certificates Resolves: bz678666

- Collect non-standard syslog and rsyslog log files Resolves: bz596970

- Fix up2dateclient path in hardware plugin Resolves:
bz572353

- Add plugin to collect rsyslog configuration Resolves:
bz548616

- Collect /etc/sysconfig/selinux in SELinux plugin Resolves: bz674717

- Fix parted and dumpe2fs output on s390 Resolves:
bz645507

- Truncate files that exceed specified size limit Resolves: bz636472

- Update cluster plugin for group_tool and lockdump changes Resolves: bz584060

- Fix satellite and proxy package detection in rhn plugin Resolves: bz590389

- Add plugin to collect certificate system and pki data Resolves: bz635966

Solution

Update the affected sos package.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000494.html

Plugin Details

Severity: High

ID: 91754

File Name: oraclevm_OVMSA-2016-0078.nasl

Version: 2.4

Type: local

Published: 6/22/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:sos, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 6/21/2016

Vulnerability Publication Date: 6/21/2016