OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)

High Nessus Plugin ID 91155

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- fix CVE-2014-3538 (unrestricted regular expression matching)

- fix #1284826 - try to read ELF header to detect corrupted one

- fix #1263987 - fix bugs found by coverity in the patch

- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)

- fix CVE-2014-3710 (out-of-bounds read in elf note headers)

- fix CVE-2014-8116 (multiple DoS issues (resource consumption))

- fix CVE-2014-8117 (denial of service issue (resource consumption))

- fix CVE-2014-9620 (limit the number of ELF notes processed)

- fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory)

- fix #809898 - add support for detection of Python 2.7 byte-compiled files

- fix #1263987 - fix coredump execfn detection on ppc64 and s390

- fix #966953 - include msooxml file in magic.mgc generation

- fix #966953 - increate the strength of MSOOXML magic patterns

- fix #1169509 - add support for Java 1.7 and 1.8

- fix #1243650 - comment out too-sensitive Pascal magic

- fix #1080453 - remove .orig files from magic directory

- fix #1161058 - add support for EPUB

- fix #1162149 - remove parts of patches patching .orig files

- fix #1154802 - fix detection of zip files containing file named mime

- fix #1246073 - fix detection UTF8 and UTF16 encoded XML files

- fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump

- fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files

- fix #966953 - backport support for MSOOXML

Solution

Update the affected file / file-libs packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000460.html

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000464.html

Plugin Details

Severity: High

ID: 91155

File Name: oraclevm_OVMSA-2016-0050.nasl

Version: 2.4

Type: local

Published: 2016/05/16

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:file, p-cpe:/a:oracle:vm:file-libs, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/05/13

Vulnerability Publication Date: 2012/07/17

Reference Information

CVE: CVE-2012-1571, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653

BID: 52225, 68348, 69325, 70807, 71692, 71700, 71715, 72516