OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)

Critical Nessus Plugin ID 111021

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756]

- dccp: check sk for closed state in dccp_sendmsg (Alexey Kodanev) [Orabug: 28001529] (CVE-2017-8824) (CVE-2018-1130)

- net/rds: Implement ARP flushing correctly (H&aring kon Bugge) [Orabug: 28219857]

- net/rds: Fix incorrect bigger vs. smaller IP address check (H&aring kon Bugge) [Orabug: 28236599]

- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391]

- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] (CVE-2017-11600) (CVE-2017-11600)

- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]

- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] (CVE-2017-7616)

- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023]

- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet)

- mlx4_core: allocate ICM memory in page size chunks (Qing Huang)

- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] (CVE-2018-10124)

- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214]

- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]

- net/rds: Fix bug in failover_group parsing (H&aring kon Bugge) [Orabug: 28198749]

- sctp: verify size of a new chunk in _sctp_make_chunk (Alexey Kodanev) [Orabug: 28240074] (CVE-2018-5803)

- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] (CVE-2017-18017)

- kernel/exit.c: avoid undefined behaviour when calling wait4 wait4(-2147483648, 0x20, 0, 0xdd0000) triggers:
UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] (CVE-2018-10087)

- x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000872.html

Plugin Details

Severity: Critical

ID: 111021

File Name: oraclevm_OVMSA-2018-0236.nasl

Version: 1.2

Type: local

Published: 2018/07/12

Modified: 2018/07/13

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/07/11

Reference Information

CVE: CVE-2017-11600, CVE-2017-18017, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130, CVE-2018-5803