OracleVM 3.3 : kernel-uek (OVMSA-2016-0005)
High Nessus Plugin ID 88034
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- KEYS: Fix keyring ref leak in join_session_keyring (Yevgeny Pats) [Orabug: 22563965] (CVE-2016-0728)
- KEYS: Don't permit request_key to construct a new keyring (David Howells) [Orabug: 22373442] (CVE-2015-7872)
- dcache: Handle escaped paths in prepend_path (Eric W.
- vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [Orabug: 22249875]
- KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [Orabug:
- KEYS: Fix race between key destruction and finding a keyring by name (David Howells) [Orabug: 22373442]
SolutionUpdate the affected kernel-uek / kernel-uek-firmware packages.