New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- Update newmode size to fix a possible corruption
- Fix AF_INET6 getaddrinfo with nscd (#1416496)
- Update tests for struct sockaddr_storage changes (#1338673)
- Use FL_CLOEXEC in internal calls to fopen (#1012343).
- Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015).
- Make padding in struct sockaddr_storage explicit (#1338673)
- Fix detection of Intel FMA hardware (#1384281).
- Add support for, ur_IN, and wal_ET locales (#1101858).
- Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380).
- df can fail on some systems (#1307029).
- Log uname, cpuinfo, meminfo during build (#1307029).
- Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304).
- Avoid unneeded calls to __check_pf in getadddrinfo (#1270950)
- Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013).
- Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime (#1358011).
- tzdata-update: Ignore umask setting (#1373646)
- CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014)
- Avoid using uninitialized data in getaddrinfo (#1223095)
- Update fix for CVE-2015-7547 (#1296029).
- Create helper threads with enough stack for POSIX AIO and timers (#1299319).
- Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296029).
- Update malloc free_list cyclic fix (#1264189).
- Update tzdata-update changes (#1200555).
- Avoid redundant shift character in iconv output at block boundary (#1293914).
- Clean up testsuite results when testing with newer kernels (#1293464).
- Do not rewrite /etc/localtime if it is a symbolic link.
- Support long lines in /etc/hosts (#1020263).
- Avoid aliasing warning in tst-rec-dlopen (#1291444)
- Don't touch user-controlled stdio locks in forked child (#1275384).
- Increase the limit of shared libraries that can use static TLS (#1198802).
- Avoid PLT in libm for feupdateenv (#1186104).
- Allow PLT entry in libc for _Unwind_Find_FDE on s390/s390x (#1186104).
- Provide /etc/gai.conf only in the glibc package.
- Change first day of the week to Monday for the ca_ES locale. (#1011900)
- Update BIG5-HKSCS charmap to HKSCS-2008. (#1211748)
- Rename Oriya locale to Odia. (#1091334)
- Avoid hang in gethostbyname_r due to missing mutex unlocking (#1192621)
- Avoid ld.so crash when audit modules provide path (#1211098)
- Suppress expected backtrace in tst-malloc-backtrace (#1276633)
- Avoid PLT for memmem (#1186104).
- Fix up a missing dependency in the Makefile (#1219627).
- Reduce lock contention in __tz_convert (#1244585).
- Prevent the malloc arena free list from becoming cyclic (#1264189)
- Remove legacy IA64 support (#1246145).
- Check for NULL arena pointer in _int_pvalloc (#1246656).
- Don't change no_dyn_threshold on mallopt failure (#1246660).
- Unlock main arena after allocation in calloc (#1245731).
- Enable robust malloc change again (#1245731).
- Fix perturbing in malloc on free and simply perturb_byte (#1245731).
- Don't fall back to mmap prematurely (#1245731).
- The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1243824).
SolutionUpdate the affected packages.