OracleVM 3.2 : xen (OVMSA-2018-0225)

The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: x86/paging: don't unconditionally BUG on finding SHAREDM2PENTRY PV guests can fully control the values written into the P2M. This is XSA-251. CVE-2017-17565 - From: Jan...

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)

The remote OracleVM system is missing necessary patches to address critical security updates : - vfs: read filehandle only once in handletopath Sasha Levin Orabug: 25388709 CVE-2015-1420 - crypto: algifhash - Only export and import on sockets with data Herbert Xu Orabug: 25417807 - USB: usbfs: fi...

OracleVM 3.2 : xen (OVMSA-2017-0009)

The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: x86: force EFLAGS.IF on when exiting to PV guests Guest kernels modifying instructions in the process of being emulated for another of their vCPU-s may effect EFLAGS.IF to b...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0006)

The remote OracleVM system is missing necessary patches to address critical security updates : - nvme: Limit command retries Ashok Vairavan Orabug: 25342947 - tcp: fix use after free in tcpxmitretransmitqueue Eric Dumazet Orabug: 25374376 CVE-2016-6828 - ALSA: pcm : Call killfasync in stream lock...

OracleVM 3.2 : xen (OVMSA-2016-0172)

The remote OracleVM system is missing necessary patches to address critical security updates : - qemu: ioportread, ioportwrite: be defensive about 32-bit addresses On x86, ioport addresses are 16-bit. That these functions take 32-bit arguments is a mistake. Changing the argument type to 16-bit wi...

OracleVM 3.2 : bind (OVMSA-2016-0137)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-2776 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2016-0137. include'deprecatednasllevel.inc...

OracleVM 3.2 : openssl (OVMSA-2016-0086)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2016-0799 - Fix memory issues in BIOprintf functions - CVE-2016-2105 - Avoid overflow in EVPEncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large...

OracleVM 3.2 : OpenIPMI (OVMSA-2016-0068)

The remote OracleVM system is missing necessary patches to address critical security updates : - ipmitool: fix ipmi command retry shifts replies 863310 - ipmitool: added -b, -B, -l and -T options to ipmitool man page 846596 - ipmitool: fixed man page documentation for delloem setled command 79705...

OracleVM 3.2 : libxml2 (OVMSA-2016-0063)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add libxml2-enterprise.patch - Replaced doc/redhat.gif in tarball with updated image - CVE-2014-3660 denial of service via recursive entity expansion rhbz1161841 - fixed one regexp bug and added a...

OracleVM 3.2 : sudo (OVMSA-2016-0079)

The remote OracleVM system is missing necessary patches to address critical security updates : - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210 - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-277...

OracleVM 3.2 : nss (OVMSA-2016-0066)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSLDHMINPBITS in more places. - Keep SSLDHMINPBITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are execut...

OracleVM 3.2 : openldap (OVMSA-2016-0069)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: bergetnext denial of service vulnerability 1263170 - fix: syncprov psearch race condition 999811 - fix: CVE-2013-4449 segfault on certain queries with rwm overlay 1064146 - fix...

OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...

OracleVM 3.2 : rpm (OVMSA-2016-0077)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add missing files in /usr/share/doc/ - Fix warning when applying the patch for 1163057 - Fix race condidition where unchecked data is exposed in the file system CVE-2013-64351163057 - Fix segfault on...

OracleVM 3.2 : xen (OVMSA-2016-0008)

The remote OracleVM system is missing necessary patches to address critical security updates : - VT-d: fix TLB flushing in dmapteclearone From: Jan Beulich The TLB flush code was wrong since xen-4.1.3-25.el5.127.20 commit: vtd-Refactor-iotlb-flush-code.patch, both ovm-3.2.9 and ovm-3.2.10 were...

OracleVM 3.2 : xen (OVMSA-2015-0143)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86: rate-limit logging in doxenoprof,pmuop Some of the sub-ops are acessible to all guests, and hence should be rate-limited. In the xenoprof case, just like for XSA-146, include them only in debug...

OracleVM 3.2 : xen (OVMSA-2015-0096)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0096 for details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...

OracleVM 3.2 : xen (OVMSA-2015-0063)

The remote OracleVM system is missing necessary patches to address critical security updates : - xen/pt: unknown PCI config space fields should be read-only ... by default. Add a per-device 'permissive' mode similar to pciback's to allow restoring previous behavior and hence break security again,...

OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)

The remote OracleVM system is missing necessary patches to address critical security updates : - force the fifo access to be in bounds of the allocated buffer This is CVE-2015-3456. bug 21078935 CVE-2015-3456 - xen: limit guest control of PCI command register Otherwise the guest can abuse that...