OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0169)

Medium Nessus Plugin ID 104619

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- thp: run vma_adjust_trans_huge outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180]

- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] (CVE-2017-2618) (CVE-2017-2618) (CVE-2017-2618)

- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] (CVE-2016-9191) (CVE-2016-9191) (CVE-2016-9191)

- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] (CVE-2017-12192)

- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718]

- IB/ipoib: increase the max mcast backlog queue (Doug Ledford)

- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718]

- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter)

- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718]

- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718]

- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944]

- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944]

- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)

- netns: notify new nsid outside __peernet2id (Nicolas Dichtel)

- netns: rename peernet2id to peernet2id_alloc (Nicolas Dichtel)

- netns: always provide the id to rtnl_net_fill (Nicolas Dichtel)

- netns: returns always an id in __peernet2id (Nicolas Dichtel)

- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?45e119ea

Plugin Details

Severity: Medium

ID: 104619

File Name: oraclevm_OVMSA-2017-0169.nasl

Version: 3.2

Type: local

Published: 2017/11/16

Modified: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/11/15

Reference Information

CVE: CVE-2016-9191, CVE-2017-12192, CVE-2017-2618