OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix CVE-2017-3136 (ISC change 4575)

- Fix CVE-2017-3137 (ISC change 4578)

- Fix and test caching CNAME before DNAME (ISC change
4558)

- Fix CVE-2016-9147 (ISC change 4510)

- Fix regression introduced by CVE-2016-8864 (ISC change
4530)

- Restore SELinux contexts before named restart

- Use /lib or /lib64 only if directory in chroot already
exists

- Tighten NSS library pattern, escape chroot mount path

- Fix (CVE-2016-8864)

- Do not change lib permissions in chroot (#1321239)

- Support WKS records in chroot (#1297562)

- Do not include patch backup in docs (fixes #1325081
patch)

- Backported relevant parts of [RT #39567] (#1259923)

- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)

- Fix multiple realms in nsupdate script like upstream
(#1313286)

- Fix multiple realm in nsupdate script (#1313286)

- Use resolver-query-timeout high enough to recover all
forwarders (#1325081)

- Fix (CVE-2016-2848)

- Fix infinite loop in start_lookup (#1306504)

- Fix (CVE-2016-2776)

See also :

http://www.nessus.org/u?cd826bc7
http://www.nessus.org/u?67f77036

Solution :

Update the affected bind-libs / bind-utils packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:ND/RC:C)
Public Exploit Available : true