37 matches found
OracleVM 3.3 : ipmitool (OVMSA-2020-0012)
The remote OracleVM system is missing necessary patches to address critical security updates : - Backport fix for CVE-2020-5208 - Fix missing return in ipmikontronoemmain - CID1261317 - rebase to latest stable upstream version - resolves: rhbz1253416 - remove the redundant OpenIMPI dependency -...
OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)
The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...
OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)
The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0016) (Meltdown) (Spectre)
The remote OracleVM system is missing necessary patches to address critical security updates : - x86: Add another set of MSR accessor functions Borislav Petkov Orabug: 27444923 CVE-2017-5753 - userns: prevent speculative execution Elena Reshetova Orabug: 27444923 CVE-2017-5753 - udf: prevent...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)
The remote OracleVM system is missing necessary patches to address critical security updates : - nvme: Drop nvmeq-qlock before dmapoolalloc, so as to prevent hard lockups Aruna Ramakrishna Orabug: 25409587 - nvme: Handle PM1725 HIL reset Martin K. Petersen Orabug: 26277600 - char: lp: fix possibl...
OracleVM 3.3 : xen (OVMSA-2017-0148)
The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: gnttab: correct pin status fixup for copy Regardless of copy operations only setting GNTPINhst, GNTPINdev also need to be taken into account when deciding whether to clear...
OracleVM 3.3 / 3.4 : nss (OVMSA-2017-0109)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Fix zero-length record treatment for stream ciphers and SSLv2 - Include CKBI 2.14 and...
OracleVM 3.3 / 3.4 : openjpeg (OVMSA-2017-0048)
The remote OracleVM system is missing necessary patches to address critical security updates : - Revert previous changes in patch for CVE-2016-5159 - Fix double free in patch for CVE-2016-5139 - Fix memory leaks and invalid read in ciobytein Related: 1419775 - Add two more allocation checks to...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0040)
The remote OracleVM system is missing necessary patches to address critical security updates : - crypto: algifhash - Only export and import on sockets with data Herbert Xu Orabug: 25417805 CVE-2016-8646 - USB: usbfs: fix potential infoleak in devio Kangjie Lu Orabug: 25462760 CVE-2016-4482 - net:...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0005)
The remote OracleVM system is missing necessary patches to address critical security updates : - net: avoid signed overflows for SOSND|RCVBUFFORCE Eric Dumazet Orabug: 25203623 CVE-2016-9793 - nvme: Limit command retries Ashok Vairavan Orabug: 25374794 - tcp: fix use after free in...
OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)
The remote OracleVM system is missing necessary patches to address critical security updates : - Update noexec syscall blacklist - Fixes CVE-2016-7032, CVE-2016-7076 Resolves: rhbz1391937 - RHEL-6.8 erratum - fixed a bug causing that non-root users can list privileges of other users Resolves:...
OracleVM 3.3 / 3.4 : policycoreutils (OVMSA-2016-0157)
The remote OracleVM system is missing necessary patches to address critical security updates : - Lazy unmount private, shared entryJoe Jinorabug 12560705 - sandbox: create a new session for sandboxed processes Resolves: CVE-2016-7545 - Update translations Resolves: rhbz819794 - Fix sepolgen test...
OracleVM 3.3 : xen (OVMSA-2016-0103)
The remote OracleVM system is missing necessary patches to address critical security updates : - From: Andrew Cooper Subject: x86/shadow: Avoid overflowing shctxt-segreg hvmgetsegreg does not perform a range check on its input segment, calls hvmgetsegmentregister and writes straight into...
OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093)
The remote OracleVM system is missing necessary patches to address critical security updates : - Update patch for CVE-2014-8127 - Related: 1335099 - Fix patches for CVE-2016-3990, CVE-2016-5320 - Related: 1335099 - Add patches for CVEs : - CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 - CVE-2016-3991...
OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)
The remote OracleVM system is missing necessary patches to address critical security updates : - don't allow spoofed packets to demobilize associations CVE-2015-7979, CVE-2016-1547 - don't allow spoofed packet to enable symmetric interleaved mode CVE-2016-1548 - check mode of new source in config...
OracleVM 3.3 : kernel-uek (OVMSA-2016-0046)
The remote OracleVM system is missing necessary patches to address critical security updates : - skbuff: skbsegment: orphan frags before copying Dongli Zhang - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE Venkat Venkatsubra Orabug: 22888920 - mlx4core: Introduce...
OracleVM 3.3 : kernel-uek (OVMSA-2016-0005)
The remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: Fix keyring ref leak in joinsessionkeyring Yevgeny Pats Orabug: 22563965 CVE-2016-0728 - KEYS: Don't permit requestkey to construct a new keyring David Howells Orabug: 22373442 CVE-2015-7872 -...
OracleVM 3.3 : nss (OVMSA-2016-0003)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Resolves: Bug 1289881 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
OracleVM 3.3 : libxml2 (OVMSA-2015-0152)
The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - Fix a series of CVEs rhbz1286495 - CVE-2015-7941 Cleanup conditional section error handling -...