OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0022)

Medium Nessus Plugin ID 125615

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- scsi: libfc: sanitize E_D_TOV and R_A_TOV setting (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: use configured rport E_D_TOV (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: additional debugging messages (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: don't advance state machine for incoming FLOGI (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: Do not login if the port is already started (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: Do not drop down to FLOGI for fc_rport_login (Hannes Reinecke) [Orabug: 25933179]

- scsi: libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response. (Chad Dupuis) [Orabug:
25933179]

- scsi: libfc: Fixup disc_mutex handling (Hannes Reinecke) [Orabug: 25933179]

- xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050]

- net: sched: run ingress qdisc without locks (Alexei Starovoitov) [Orabug: 29395374]

- bnxt_en: Fix typo in firmware message timeout logic.
(Michael Chan) [Orabug: 29412112]

- bnxt_en: Wait longer for the firmware message response to complete. (Michael Chan) [Orabug: 29412112]

- mm,vmscan: Make unregister_shrinker no-op if register_shrinker failed. (Tetsuo Handa) [Orabug:
29456281]

- X.509: Handle midnight alternative notation in GeneralizedTime (David Howells) [Orabug: 29460344] (CVE-2015-5327)

- X.509: Support leap seconds (David Howells) [Orabug:
29460344] (CVE-2015-5327)

- X.509: Fix the time validation [ver #2] (David Howells) [Orabug: 29460344] (CVE-2015-5327) (CVE-2015-5327)

- be2net: enable new Kconfig items in kernel configs (Brian Maly) [Orabug: 29475071]

- benet: remove broken and unused macro (Lubomir Rintel) [Orabug: 29475071]

- be2net: don't flip hw_features when VXLANs are added/deleted (Davide Caratti) [Orabug: 29475071]

- be2net: Fix memory leak in be_cmd_get_profile_config (Petr Oros) [Orabug: 29475071]

- be2net: Use Kconfig flag to support for enabling/disabling adapters (Petr Oros) [Orabug:
29475071]

- be2net: Mark expected switch fall-through (Gustavo A. R.
Silva) [Orabug: 29475071]

- be2net: fix spelling mistake 'seqence' -> 'sequence' (Colin Ian King) [Orabug: 29475071]

- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29475071]

- be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (Suresh Reddy) [Orabug:
29475071]

- be2net: move rss_flags field in rss_info to ensure proper alignment (Ivan Vecera) [Orabug: 29475071]

- be2net: re-order fields in be_error_recovert to avoid hole (Ivan Vecera) [Orabug: 29475071]

- be2net: remove unused tx_jiffies field from be_tx_stats (Ivan Vecera) [Orabug: 29475071]

- be2net: move txcp field in be_tx_obj to eliminate holes in the struct (Ivan Vecera) [Orabug: 29475071]

- be2net: reorder fields in be_eq_obj structure (Ivan Vecera) [Orabug: 29475071]

- be2net: remove unused old custom busy-poll fields (Ivan Vecera) [Orabug: 29475071]

- be2net: remove unused old AIC info (Ivan Vecera) [Orabug: 29475071]

- be2net: Fix error detection logic for BE3 (Suresh Reddy) [Orabug: 29475071]

- scsi: sd: Do not override max_sectors_kb sysfs setting (Martin K. Petersen) [Orabug: 29596510]

- USB: serial: io_ti: fix div-by-zero in set_termios (Johan Hovold) [Orabug: 29487834] (CVE-2017-18360)

- bnxt_en: Drop oversize TX packets to prevent errors.
(Michael Chan) [Orabug: 29516462]

- x86/speculation: Read per-cpu value of x86_spec_ctrl_priv in x86_virt_spec_ctrl (Alejandro Jimenez) [Orabug: 29526401]

- x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug:
29526401]

- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug:
29605982] (CVE-2018-19985) (CVE-2018-19985)

- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug:
29637525]

- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637525]

- x86/bugs, kvm: don't miss SSBD when IBRS is in use.
(Quentin Casasnovas) [Orabug: 29642113]

- cifs: Fix use after free of a mid_q_entry (Shuning Zhang) [Orabug: 29654888]

- binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677233] (CVE-2019-11190)

- x86/microcode: Don't return error if microcode update is not needed (Boris Ostrovsky) [Orabug: 29759756]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000941.html

Plugin Details

Severity: Medium

ID: 125615

File Name: oraclevm_OVMSA-2019-0022.nasl

Version: 1.3

Type: local

Published: 2019/05/31

Updated: 2020/01/13

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-11190

CVSS v2.0

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/05/30

Vulnerability Publication Date: 2017/09/25

Reference Information

CVE: CVE-2015-5327, CVE-2017-18360, CVE-2018-19985, CVE-2019-11190