OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0104)

Critical Nessus Plugin ID 100236

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson)

- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug:
26038830]

- nfsd: stricter decoding of write-like NFSv2/v3 ops (J.
Bruce Fields) [Orabug: 25986971] (CVE-2017-7895)

- sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533]

- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner)

- sparc64: Disable DAX flow control (Rob Gardner) [Orabug:
25997226]

- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137]

- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975]

- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]

- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823]

- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]

- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790]

- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747]

- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar)

- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628]

- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546]

- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522]

- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475]

- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469]

- megaraid: Fix unaligned warning (Allen Pais) [Orabug:
24817799]

- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572]

- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli)

- NVMe: Set affinity after allocating request queues (Keith Busch)

- nvme: use an integer value to Linux errno values (Christoph Hellwig)

- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973]

- x86/apic: Handle zero vector gracefully in clear_vector_irq (Keith Busch) [Orabug: 24515998]

- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170]

- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170]

- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433]

- Btrfs: don't BUG_ON in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945]

- Btrfs: clarify do_chunk_alloc's return value (Liu Bo) [Orabug: 25534945]

- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945]

- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518]

- qla2xxx: Allow vref count to timeout on vport delete.
(Joe Carnuccio) [Orabug: 25862953]

- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691]

- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691]

- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691]

- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691]

- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov)

- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data (Vitaly Kuznetsov)

- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691]

- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416]

- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] (CVE-2016-10229)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000726.html

Plugin Details

Severity: Critical

ID: 100236

File Name: oraclevm_OVMSA-2017-0104.nasl

Version: 3.5

Type: local

Published: 2017/05/17

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/05/16

Vulnerability Publication Date: 2017/04/04

Reference Information

CVE: CVE-2016-10229, CVE-2017-7895