OracleVM 3.3 / 3.4 : glibc (OVMSA-2017-0051)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Update newmode size to fix a possible corruption

- Fix AF_INET6 getaddrinfo with nscd (#1416496)

- Update tests for struct sockaddr_storage changes
(#1338673)

- Use FL_CLOEXEC in internal calls to fopen (#1012343).

- Fix CVE-2015-8779 glibc: Unbounded stack allocation in
catopen function (#1358015).

- Make padding in struct sockaddr_storage explicit
(#1338673)

- Fix detection of Intel FMA hardware (#1384281).

- Add support for, ur_IN, and wal_ET locales (#1101858).

- Change malloc/tst-malloc-thread-exit.c to use fewer
threads and avoid timeout (#1318380).

- df can fail on some systems (#1307029).

- Log uname, cpuinfo, meminfo during build (#1307029).

- Draw graphs for heap and stack only if MAXSIZE_HEAP and
MAXSIZE_STACK are non-zero (#1331304).

- Avoid unneeded calls to __check_pf in getadddrinfo
(#1270950)

- Fix CVE-2015-8778 glibc: Integer overflow in hcreate and
hcreate_r (#1358013).

- Fix CVE-2015-8776 glibc: Segmentation fault caused by
passing out-of-range data to strftime (#1358011).

- tzdata-update: Ignore umask setting (#1373646)

- CVE-2014-9761: Fix unbounded stack allocation in nan*
(#1358014)

- Avoid using uninitialized data in getaddrinfo (#1223095)

- Update fix for CVE-2015-7547 (#1296029).

- Create helper threads with enough stack for POSIX AIO
and timers (#1299319).

- Fix CVE-2015-7547: getaddrinfo stack-based buffer
overflow (#1296029).

- Update malloc free_list cyclic fix (#1264189).

- Update tzdata-update changes (#1200555).

- Avoid redundant shift character in iconv output at block
boundary (#1293914).

- Clean up testsuite results when testing with newer
kernels (#1293464).

- Do not rewrite /etc/localtime if it is a symbolic link.
(#1200555)

- Support long lines in /etc/hosts (#1020263).

- Avoid aliasing warning in tst-rec-dlopen (#1291444)

- Don't touch user-controlled stdio locks in forked child
(#1275384).

- Increase the limit of shared libraries that can use
static TLS (#1198802).

- Avoid PLT in libm for feupdateenv (#1186104).

- Allow PLT entry in libc for _Unwind_Find_FDE on
s390/s390x (#1186104).

- Provide /etc/gai.conf only in the glibc package.
(#1223818)

- Change first day of the week to Monday for the ca_ES
locale. (#1011900)

- Update BIG5-HKSCS charmap to HKSCS-2008. (#1211748)

- Rename Oriya locale to Odia. (#1091334)

- Avoid hang in gethostbyname_r due to missing mutex
unlocking (#1192621)

- Avoid ld.so crash when audit modules provide path
(#1211098)

- Suppress expected backtrace in tst-malloc-backtrace
(#1276633)

- Avoid PLT for memmem (#1186104).

- Fix up a missing dependency in the Makefile (#1219627).

- Reduce lock contention in __tz_convert (#1244585).

- Prevent the malloc arena free list from becoming cyclic
(#1264189)

- Remove legacy IA64 support (#1246145).

- Check for NULL arena pointer in _int_pvalloc (#1246656).

- Don't change no_dyn_threshold on mallopt failure
(#1246660).

- Unlock main arena after allocation in calloc (#1245731).

- Enable robust malloc change again (#1245731).

- Fix perturbing in malloc on free and simply perturb_byte
(#1245731).

- Don't fall back to mmap prematurely (#1245731).

- The malloc deadlock avoidance support has been
temporarily removed since it triggers deadlocks in
certain applications (#1243824).

See also :

http://www.nessus.org/u?583f14a4
http://www.nessus.org/u?8cce5281
https://www.tenable.com/security/research/tra-2017-08

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 99078 ()

Bugtraq ID:

CVE ID: CVE-2014-9761
CVE-2015-7547
CVE-2015-8776
CVE-2015-8778
CVE-2015-8779

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now