OracleVM 3.3 / 3.4 : glibc (OVMSA-2017-0051)

Critical Nessus Plugin ID 99078

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Update newmode size to fix a possible corruption

- Fix AF_INET6 getaddrinfo with nscd (#1416496)

- Update tests for struct sockaddr_storage changes (#1338673)

- Use FL_CLOEXEC in internal calls to fopen (#1012343).

- Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015).

- Make padding in struct sockaddr_storage explicit (#1338673)

- Fix detection of Intel FMA hardware (#1384281).

- Add support for, ur_IN, and wal_ET locales (#1101858).

- Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380).

- df can fail on some systems (#1307029).

- Log uname, cpuinfo, meminfo during build (#1307029).

- Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304).

- Avoid unneeded calls to __check_pf in getadddrinfo (#1270950)

- Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013).

- Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime (#1358011).

- tzdata-update: Ignore umask setting (#1373646)

- CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014)

- Avoid using uninitialized data in getaddrinfo (#1223095)

- Update fix for CVE-2015-7547 (#1296029).

- Create helper threads with enough stack for POSIX AIO and timers (#1299319).

- Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296029).

- Update malloc free_list cyclic fix (#1264189).

- Update tzdata-update changes (#1200555).

- Avoid redundant shift character in iconv output at block boundary (#1293914).

- Clean up testsuite results when testing with newer kernels (#1293464).

- Do not rewrite /etc/localtime if it is a symbolic link.
(#1200555)

- Support long lines in /etc/hosts (#1020263).

- Avoid aliasing warning in tst-rec-dlopen (#1291444)

- Don't touch user-controlled stdio locks in forked child (#1275384).

- Increase the limit of shared libraries that can use static TLS (#1198802).

- Avoid PLT in libm for feupdateenv (#1186104).

- Allow PLT entry in libc for _Unwind_Find_FDE on s390/s390x (#1186104).

- Provide /etc/gai.conf only in the glibc package.
(#1223818)

- Change first day of the week to Monday for the ca_ES locale. (#1011900)

- Update BIG5-HKSCS charmap to HKSCS-2008. (#1211748)

- Rename Oriya locale to Odia. (#1091334)

- Avoid hang in gethostbyname_r due to missing mutex unlocking (#1192621)

- Avoid ld.so crash when audit modules provide path (#1211098)

- Suppress expected backtrace in tst-malloc-backtrace (#1276633)

- Avoid PLT for memmem (#1186104).

- Fix up a missing dependency in the Makefile (#1219627).

- Reduce lock contention in __tz_convert (#1244585).

- Prevent the malloc arena free list from becoming cyclic (#1264189)

- Remove legacy IA64 support (#1246145).

- Check for NULL arena pointer in _int_pvalloc (#1246656).

- Don't change no_dyn_threshold on mallopt failure (#1246660).

- Unlock main arena after allocation in calloc (#1245731).

- Enable robust malloc change again (#1245731).

- Fix perturbing in malloc on free and simply perturb_byte (#1245731).

- Don't fall back to mmap prematurely (#1245731).

- The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1243824).

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?583f14a4

http://www.nessus.org/u?8cce5281

https://www.tenable.com/security/research/tra-2017-08

Plugin Details

Severity: Critical

ID: 99078

File Name: oraclevm_OVMSA-2017-0051.nasl

Version: 3.3

Type: local

Published: 2017/03/30

Updated: 2018/07/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:glibc, p-cpe:/a:oracle:vm:glibc-common, p-cpe:/a:oracle:vm:glibc-devel, p-cpe:/a:oracle:vm:glibc-headers, p-cpe:/a:oracle:vm:nscd, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/03/29

Reference Information

CVE: CVE-2014-9761, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779