Oracle Linux 7 : libvirt (ELSA-2018-3113)

high Nessus Plugin ID 118773

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3113 advisory.

[4.5.0-10]
- conf: correct false boot order error during domain parse (rhbz#1601318)

[4.5.0-9]
- virDomainDefCompatibleDevice: Relax alias change check (rhbz#1621910)
- virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1621910)
- virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623157)

[4.5.0-8]
- storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1613746)
- access: Fix nwfilter-binding ACL access API name generation (rhbz#1611320)
- qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624735)

[4.5.0-7]
- qemu_migration: Avoid writing to freed memory (rhbz#1593137)
- qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618622)
- tests: rename hugepages to hugepages-default (rhbz#1591235)
- tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1591235)
- tests: rename hugepages-numa into hugepages-numa-default (rhbz#1591235)
- tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1591235)
- tests: extract pages-discard out of hugepages-pages (rhbz#1591235)
- tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1591235)
- tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1591235)
- tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1591235)
- tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1591235)
- tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1591235)
- tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1591235)
- tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1591235)
- tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1591235)
- tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1591235)
- tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1591235)
- tests: introduce hugepages-nodeset (rhbz#1591235)
- conf: Move hugepage XML validation check out of qemu_command (rhbz#1591235)
- conf: Move hugepages validation out of XML parser (rhbz#1591235)
- conf: Introduce virDomainDefPostParseMemtune (rhbz#1591235)
- tests: sev: Test launch-security with specific QEMU version (rhbz#1612009)
- qemu: Fix probing of AMD SEV support (rhbz#1612009)
- qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1612009)

[4.5.0-6]
- qemu: Exempt video model 'none' from getting a PCI address on Q35 (rhbz#1609087)
- conf: Fix a error msg typo in virDomainVideoDefValidate (rhbz#1607825)

[4.5.0-5]
- esx storage: Fix typo lsilogic -> lsiLogic (rhbz#1571759)
- networkGetDHCPLeases: Dont always report error if unable to read leases file (rhbz#1600468)
- nwfilter: Resolve SEGV for NWFilter Snoop processing (rhbz#1599973)
- qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs (rhbz#1589115)
- qemuDomainSaveMemory: Dont enforce dynamicOwnership (rhbz#1589115)
- domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl (rhbz#1607831)
- examples: Add clean-traffic-gateway into nwfilters (rhbz#1603115)

[4.5.0-4]
- qemu: hotplug: dont overwrite error message in qemuDomainAttachNetDevice (rhbz#1598311)
- qemu: hotplug: report error when changing rom enabled attr for net iface (rhbz#1599513)
- qemu: Fix setting global_period cputune element (rhbz#1600427)
- tests: qemucaps: Add test data for upcoming qemu 3.0.0 (rhbz#1475770)
- qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend (rhbz#1475770)
- qemu: command: Move graphics iteration to its own function (rhbz#1475770)
- qemu: address: Handle all the video devices within a single loop (rhbz#1475770)
- conf: Introduce virDomainVideoDefClear helper (rhbz#1475770)
- conf: Introduce virDomainDefPostParseVideo helper (rhbz#1475770)
- qemu: validate: Enforce compile time switch type checking for videos (rhbz#1475770)
- tests: Add capabilities data for QEMU 2.11 x86_64 (rhbz#1475770)
- tests: Update capabilities data for QEMU 3.0.0 x86_64 (rhbz#1475770)
- qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc (rhbz#1475770)
- qemu: caps: Introduce a capability for egl-headless (rhbz#1475770)
- qemu: Introduce a new graphics display type 'headless' (rhbz#1475770)
- qemu: caps: Add vfio-pci.display capability (rhbz#1475770)
- conf: Introduce virDomainGraphicsDefHasOpenGL helper (rhbz#1475770)
- conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys (rhbz#1475770)
- conf: Introduce new <hostdev> attribute 'display' (rhbz#1475770)
- qemu: command: Enable formatting vfio-pci.display option onto cmdline (rhbz#1475770)
- docs: Rephrase the mediated devices hostdev section a bit (rhbz#1475770)
- conf: Introduce new video type 'none' (rhbz#1475770)
- virt-xml-validate: Add schema for nwfilterbinding (rhbz#1600330)
- tools: Fix typo generating adapter_wwpn field (rhbz#1601377)
- src: Fix memory leak in virNWFilterBindingDispose (rhbz#1603025)

[4.5.0-3]
- qemu: hotplug: Do not try to add secret object for TLS if it does not exist (rhbz#1598015)
- qemu: monitor: Make qemuMonitorAddObject more robust against programming errors (rhbz#1598015)
- spec: Explicitly require matching libvirt-libs (rhbz#1600122)
- virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash (rhbz#1599545)
- qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one (rhbz#1470007)
- qemuDomainValidateStorageSource: Relax PR validation (rhbz#1470007)
- virStoragePRDefFormat: Suppress path formatting for migratable XML (rhbz#1470007)
- qemu: Wire up PR_MANAGER_STATUS_CHANGED event (rhbz#1470007)
- qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo (rhbz#1470007)
- qemu: Fetch pr-helper process info on reconnect (rhbz#1470007)
- qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject (rhbz#1598015)
- virsh.pod: Fix a command name typo in nwfilter-binding-undefine (rhbz#1600329)
- docs: schema: Add missing <alias> to vsock device (rhbz#1600345)
- virnetdevtap: Dont crash on !ifname in virNetDevTapInterfaceStats (rhbz#1595184)

[4.5.0-2]
- qemu: Add capability for the HTM pSeries feature (rhbz#1525599)
- conf: Parse and format the HTM pSeries feature (rhbz#1525599)
- qemu: Format the HTM pSeries feature (rhbz#1525599)
- qemu: hotplug: Dont access srcPriv when its not allocated (rhbz#1597550)
- qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE (rhbz#1598084)
- src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs (rhbz#1598087)
- virsh.pod: Drop --persistent for detach-device-alias (rhbz#1598087)
- qemu: dont use chardev FD passing with standalone args (rhbz#1598281)
- qemu: remove chardevStdioLogd param from vhostuser code path (rhbz#1597940)
- qemu: consolidate parameters of qemuBuildChrChardevStr into flags (rhbz#1597940)
- qemu: dont use chardev FD passing for vhostuser backend (rhbz#1597940)
- qemu: fix UNIX socket chardevs operating in client mode (rhbz#1598440)
- qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set (rhbz#1515533)

[4.5.0-1]
- Rebased to libvirt-4.5.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1291851, rhbz#1393106, rhbz#1468422, rhbz#1469338, rhbz#1526382 rhbz#1529059, rhbz#1541921, rhbz#1544869, rhbz#1552092, rhbz#1568407 rhbz#1583623, rhbz#1584091, rhbz#1585108, rhbz#1586027, rhbz#1588295 rhbz#1588336, rhbz#1589730, rhbz#1590214, rhbz#1591017, rhbz#1591561 rhbz#1591628, rhbz#1591645, rhbz#1593549

[4.4.0-2]
- build: Dont install sysconfig files as scripts (rhbz#1563169)

[4.4.0-1]
- Rebased to libvirt-4.4.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1149445, rhbz#1291851, rhbz#1300772, rhbz#1400475, rhbz#1456165 rhbz#1470007, rhbz#1480668, rhbz#1534418, rhbz#1549531, rhbz#1559284 rhbz#1559835, rhbz#1560946, rhbz#1566416, rhbz#1569861, rhbz#1572491 rhbz#1574089, rhbz#1576916, rhbz#1583484, rhbz#1583927, rhbz#1584071 rhbz#1584073

[4.3.0-1]
- Rebased to libvirt-4.3.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1509870, rhbz#1530451, rhbz#1577920, rhbz#1283700, rhbz#1425757 rhbz#1448149, rhbz#1454709, rhbz#1502754, rhbz#1507737, rhbz#1519130 rhbz#1519146, rhbz#1522706, rhbz#1523564, rhbz#1524399, rhbz#1525496 rhbz#1527740, rhbz#1550980, rhbz#916061, rhbz#1494454, rhbz#1515533 rhbz#1532542, rhbz#1538570, rhbz#1544325, rhbz#1544659, rhbz#1546971 rhbz#1347550, rhbz#1367238, rhbz#1483816, rhbz#1543775, rhbz#1551000 rhbz#1552127, rhbz#1553075, rhbz#1553085, rhbz#1554876, rhbz#1556828 rhbz#1558317, rhbz#1425058, rhbz#1490158, rhbz#1492597, rhbz#1520821 rhbz#1529256, rhbz#1547250, rhbz#1557769, rhbz#1560917, rhbz#1560976 rhbz#1568148, rhbz#1569678, rhbz#1576464

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-3113.html

Plugin Details

Severity: High

ID: 118773

File Name: oraclelinux_ELSA-2018-3113.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/7/2018

Updated: 11/1/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-6764

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter, p-cpe:/a:oracle:linux:libvirt-daemon-driver-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:oracle:linux:libvirt-daemon-kvm, p-cpe:/a:oracle:linux:libvirt-lock-sanlock, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:oracle:linux:libvirt-login-shell, p-cpe:/a:oracle:linux:libvirt-nss, p-cpe:/a:oracle:linux:libvirt-daemon-lxc, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:oracle:linux:libvirt, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage, p-cpe:/a:oracle:linux:libvirt-devel, p-cpe:/a:oracle:linux:libvirt-docs, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface, p-cpe:/a:oracle:linux:libvirt-bash-completion, p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret, p-cpe:/a:oracle:linux:libvirt-libs, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:oracle:linux:libvirt-client, p-cpe:/a:oracle:linux:libvirt-daemon-config-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu, p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc, p-cpe:/a:oracle:linux:libvirt-daemon, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:oracle:linux:libvirt-admin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2018

Vulnerability Publication Date: 2/23/2018

Reference Information

CVE: CVE-2018-6764

RHSA: 2018:3113