OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0253)

Medium Nessus Plugin ID 112282

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- rebuild bumping release

- Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] (CVE-2018-10938)

- Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo)

- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] (CVE-2018-15594)

- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir in sym_hipd.c (George Kennedy) [Orabug:
28481893]

- md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228]

- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug:
28540376]

- ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971]

- ext4: properly align shifted xattrs when expanding inodes (Jan Kara)

- ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara)

- ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971]

- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171]

- nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821]

- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821]

- uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886]

- ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg (Junichi Nomura)

- x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303]

- Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] (CVE-2018-13405)

- scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] (CVE-2018-10021)

- PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?c8217169

Plugin Details

Severity: Medium

ID: 112282

File Name: oraclevm_OVMSA-2018-0253.nasl

Version: 1.1

Type: local

Published: 2018/09/05

Modified: 2018/09/05

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSSv3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 2018/09/04

Reference Information

CVE: CVE-2018-10021, CVE-2018-10938, CVE-2018-13405, CVE-2018-15594