OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)

Critical Nessus Plugin ID 100237

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- nfsd: stricter decoding of write-like NFSv2/v3 ops (J.
Bruce Fields) [Orabug: 25986990] (CVE-2017-7895)

- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585]

- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703]

- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703]

- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki)

- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:
25549809]

- ksplice: add sysctls for determining Ksplice features.
(Jamie Iles)

- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809]

- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug:
25559937]

- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937]

- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469]

- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] (CVE-2017-2583) (CVE-2017-2583)

- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] (CVE-2016-10208)

- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] (CVE-2017-5986)

- tcp: avoid infinite loop in tcp_splice_read (Eric Dumazet) [Orabug: 25720813] (CVE-2017-6214)

- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083]

- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] (CVE-2016-2782)

- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] (CVE-2017-5669)

- vhost: actually track log eventfd file (Marc-Andr&eacute Lureau) [Orabug: 25797052] (CVE-2015-6252)

- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] (CVE-2017-7184)

- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] (CVE-2017-7184)

- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug:
25823962] (CVE-2017-2647) (CVE-2017-2647)

- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] (CVE-2015-5257) (CVE-2015-5257)

- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] (CVE-2015-9731)

- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] (CVE-2016-10229)

- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] (CVE-2016-7910)

- Revert 'fix minor infoleak in get_user_ex' (Brian Maly) [Orabug: 25790392] (CVE-2016-9644)

- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] (CVE-2016-8399)

- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] (CVE-2016-10142)

- sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] (CVE-2016-10088)

- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] (CVE-2017-7187)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000727.html

Plugin Details

Severity: Critical

ID: 100237

File Name: oraclevm_OVMSA-2017-0105.nasl

Version: $Revision: 3.5 $

Type: local

Published: 2017/05/17

Modified: 2018/01/29

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/05/16

Reference Information

CVE: CVE-2015-5257, CVE-2015-6252, CVE-2015-9731, CVE-2016-10088, CVE-2016-10142, CVE-2016-10208, CVE-2016-10229, CVE-2016-2782, CVE-2016-7910, CVE-2016-8399, CVE-2016-9644, CVE-2017-2583, CVE-2017-2647, CVE-2017-5669, CVE-2017-5986, CVE-2017-6214, CVE-2017-7184, CVE-2017-7187, CVE-2017-7895