OracleVM 3.4 : xen (OVMSA-2016-0164)

High Nessus Plugin ID 95278


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :


- pygrub: Properly quote results, when returning them to the caller: (Ian Jackson) [Orabug: 25094263] (CVE-2016-9379) (CVE-2016-9380)

- x86emul: fix huge bit offset handling (Jan Beulich) [Orabug: 25088366] (CVE-2016-9383)

- x86/PV: writes of %fs and %gs base MSRs require canonical addresses (Jan Beulich) [Orabug: 25087576] (CVE-2016-9385)

- x86/HVM: don't load LDTR with VM86 mode attrs during task switch (Jan Beulich) [Orabug: 25087539] (CVE-2016-9382)

- x86/hvm: Fix the handling of non-present segments (Andrew Cooper) [Orabug: 25087515] (CVE-2016-9386)


- move TLB-flush filtering out into populate_physmap during vm creation (Dongli Zhang) [Orabug: 24951888]

- replace tlbflush check and operation with inline functions (Dongli Zhang) [Orabug: 24951888]

- x86/hvm: extend HVM cpuid leaf with vcpu id (Paul Durrant) - x86/hvm: add HVM-specific hypervisor CPUID leaf (Boris Ostrovsky) - xend: soft_reset support.
(Konrad Rzeszutek Wilk) - (lib)xl: soft reset support (Vitaly Kuznetsov) - tools/libxl: Save and restore EMULATOR_XENSTORE_DATA content (Andrew Cooper) - libxl:
introduce libxl__device_model_xs_path (Wei Liu) - libxl:
add LIBXL_DEVICE_MODEL_SAVE_FILE (Vitaly Kuznetsov) - libxc: support XEN_DOMCTL_soft_reset operation (Vitaly Kuznetsov) - arch-specific hooks for domain_soft_reset (Vitaly Kuznetsov) - flask: DOMCTL_soft_reset support (Vitaly Kuznetsov) - introduce XEN_DOMCTL_soft_reset (Vitaly Kuznetsov) - evtchn: make evtchn_reset ready for soft reset (Vitaly Kuznetsov) - evtchn: make EVTCHNOP_reset suitable for kexec (Vitaly Kuznetsov) - xl: introduce enum domain_restart_type (Vitaly Kuznetsov) - libxl: support SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov) - introduce SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov) - x86emul: honor guest CR0.TS and CR0.EM (Jan Beulich) [Orabug: 24697001] (CVE-2016-7777)


Update the affected xen / xen-tools packages.

See Also

Plugin Details

Severity: High

ID: 95278

File Name: oraclevm_OVMSA-2016-0164.nasl

Version: $Revision: 3.12 $

Type: local

Published: 2016/11/23

Modified: 2017/02/17

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/11/22

Reference Information

CVE: CVE-2016-7777, CVE-2016-9379, CVE-2016-9380, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386

OSVDB: 145066, 147621, 147622, 147623, 147653, 147655, 147656

IAVB: 2016-B-0149, 2016-B-0177