OracleVM 3.3 : rpm (OVMSA-2014-0083)

High Nessus Plugin ID 80008


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163059)

- Fix thinko in the non-root python byte-compilation fix

- Byte-compile versioned python libdirs in non-root prefix too (#868332)

- Fix segfault on rpmdb addition when header unload fails (#706935)

- Add a compat mode for enabling legacy rpm scriptlet error behavior (#963724)

- Fix build-time double-free on file capability processing (#904818)

- Fix include-directive getting processed on false branch (#920190)

- Bring back --fileid in the man page with description of the id (#804049)

- Fix missing error on --import on bogus key file (#869667)

- Add DWARF 4 support to debugedit (#858731)

- Add better error handling to patch for bug

- Fix memory corruption on multikey PGP packets/armors (#829621)

- Handle identical binaries for debug-info (#727872)

- Fix typos in Japanese rpm man page (#845065)

- Document -D and -E options in man page (#845063)

- Add --setperms and --setuids to the man page (#839126)

- Update man page that SHA256 is also used for file digest (#804049)

- Remove --fileid from man page to get rid of md5

- Remove -s from patch calls (#773503)

- Force _host_vendor to redhat to better match toolchain (#743229)

- Backport reloadConfig for Python API (#825147)

- Support for dpkg-style sorting of tilde in version/release (#825087)

- Fix explicit directory %attr when %defattr is active (#730473)

- Don't load keyring if signature checking is disabled (#664696)

- Retry read to fix rpm2cpio with pipe as stdin (#802839)


Update the affected rpm / rpm-libs / rpm-python packages.

See Also

Plugin Details

Severity: High

ID: 80008

File Name: oraclevm_OVMSA-2014-0083.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2014/12/15

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:rpm, p-cpe:/a:oracle:vm:rpm-libs, p-cpe:/a:oracle:vm:rpm-python, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/10

Reference Information

CVE: CVE-2013-6435

BID: 71558

OSVDB: 115601