Detections
Analytics

OracleVM 3.4 : xen (OVMSA-2017-0116)

high Nessus Plugin ID 101195

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - BUILDINFO: xen commit=74b662e79bc874fe8ad8a93d2891e6569c380004

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - gnttab: __gnttab_unmap_common_complete is all-or-nothing (Jan Beulich) [Orabug: 26288614]

 - gnttab: correct logic to get page references during map requests (George Dunlap) [Orabug: 26288614]

 - gnttab: never create host mapping unless asked to (Jan Beulich)

- gnttab: Fix handling of dev_bus_addr during unmap (George Dunlap)

- x86/shadow: Hold references for the duration of emulated writes (Andrew Cooper) [Orabug: 26288568]

 - x86/mm: disallow page stealing from HVM domains (Jan Beulich)

- guest_physmap_remove_page needs its return value checked (Jan Beulich) [Orabug: 26288602]

 - xen/memory: Fix return value handing of guest_remove_page (Andrew Cooper) [Orabug: 26288602]

 - evtchn: avoid NULL derefs (Jan Beulich) [Orabug:
 26288583]

 - gnttab: correct maptrack table accesses (Jan Beulich) [Orabug: 26288557]

 - gnttab: Avoid potential double-put of maptrack entry (George Dunlap)

- gnttab: fix unmap pin accounting race (Jan Beulich) [Orabug: 26288557]

 - IOMMU: handle IOMMU mapping and unmapping failures (Quan Xu) [Orabug: 26288557]

 - xen/disk: don't leak stack data via response ring (Jan Beulich)

- BUILDINFO: xen commit=7b45c3eb48a884f56f072a97a9a8da4d0b1077ed

 - BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - livepatch: Wrong usage of spinlock on debug console.
 (Konrad Rzeszutek Wilk) [Orabug: 26248311]

 - BUILDINFO: xen commit=40e21e7aea2b8bbc991346c3f516dfac4f94affe

 - BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - x86/do_invalid_op should use is_active_kernel_text rather than having its (Konrad Rzeszutek Wilk) [Orabug:
 26129273]

 - BUILDINFO: xen commit=0eadc919cf32139e5565e0d869ed09f35c0a3212

 - BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - kexec: Add spinlock for the whole hypercall. (Konrad Rzeszutek Wilk)

- kexec: clear kexec_image slot when unloading kexec image (Bhavesh Davda) [Orabug: 25861742]

 - BUILDINFO: xen commit=8b90d66cd941599d50ee80e14fd144e337814bf6

 - BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - x86: correct create_bounce_frame (tagged with CVE number) (Boris Ostrovsky) [Orabug: 25927739] (CVE-2017-8905)

 - x86: discard type information when stealing pages (tagged with CVE number) (Boris Ostrovsky) [Orabug:
 25927669] (CVE-2017-8904)

 - multicall: deal with early exit conditions (tagged with CVE number) (Boris Ostrovsky) [Orabug: 25927592] (CVE-2017-8903)

 - BUILDINFO: xen commit=583dedab5ceddbae4d0384de0ade8feeee75f78c

 - BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - tools/libxc: Set max_elem to zero in xc_lockprof_query_number (Boris Ostrovsky) [Orabug:
 26020611]

Solution

Update the affected xen / xen-tools packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000744.html

Plugin Details

Severity: High

ID: 101195

File Name: oraclevm_OVMSA-2017-0116.nasl

Version: 3.7

Type: local

Published: 7/3/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/30/2017

Vulnerability Publication Date: 5/11/2017

Reference Information

CVE: CVE-2017-8903, CVE-2017-8904, CVE-2017-8905