Detections
Analytics
Oracle Linux 7 : libvirt (ELSA-2018-3113)
high Nessus Plugin ID 118773
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3113 advisory.[4.5.0-10]
- conf: correct false boot order error during domain parse (rhbz#1601318)
[4.5.0-9]
- virDomainDefCompatibleDevice: Relax alias change check (rhbz#1621910)
- virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1621910)
- virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623157)
[4.5.0-8]
- storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1613746)
- access: Fix nwfilter-binding ACL access API name generation (rhbz#1611320)
- qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624735)
[4.5.0-7]
- qemu_migration: Avoid writing to freed memory (rhbz#1593137)
- qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618622)
- tests: rename hugepages to hugepages-default (rhbz#1591235)
- tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1591235)
- tests: rename hugepages-numa into hugepages-numa-default (rhbz#1591235)
- tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1591235)
- tests: extract pages-discard out of hugepages-pages (rhbz#1591235)
- tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1591235)
- tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1591235)
- tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1591235)
- tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1591235)
- tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1591235)
- tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1591235)
- tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1591235)
- tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1591235)
- tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1591235)
- tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1591235)
- tests: introduce hugepages-nodeset (rhbz#1591235)
- conf: Move hugepage XML validation check out of qemu_command (rhbz#1591235)
- conf: Move hugepages validation out of XML parser (rhbz#1591235)
- conf: Introduce virDomainDefPostParseMemtune (rhbz#1591235)
- tests: sev: Test launch-security with specific QEMU version (rhbz#1612009)
- qemu: Fix probing of AMD SEV support (rhbz#1612009)
- qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1612009)
[4.5.0-6]
- qemu: Exempt video model 'none' from getting a PCI address on Q35 (rhbz#1609087)
- conf: Fix a error msg typo in virDomainVideoDefValidate (rhbz#1607825)
[4.5.0-5]
- esx storage: Fix typo lsilogic -> lsiLogic (rhbz#1571759)
- networkGetDHCPLeases: Dont always report error if unable to read leases file (rhbz#1600468)
- nwfilter: Resolve SEGV for NWFilter Snoop processing (rhbz#1599973)
- qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs (rhbz#1589115)
- qemuDomainSaveMemory: Dont enforce dynamicOwnership (rhbz#1589115)
- domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl (rhbz#1607831)
- examples: Add clean-traffic-gateway into nwfilters (rhbz#1603115)
[4.5.0-4]
- qemu: hotplug: dont overwrite error message in qemuDomainAttachNetDevice (rhbz#1598311)
- qemu: hotplug: report error when changing rom enabled attr for net iface (rhbz#1599513)
- qemu: Fix setting global_period cputune element (rhbz#1600427)
- tests: qemucaps: Add test data for upcoming qemu 3.0.0 (rhbz#1475770)
- qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend (rhbz#1475770)
- qemu: command: Move graphics iteration to its own function (rhbz#1475770)
- qemu: address: Handle all the video devices within a single loop (rhbz#1475770)
- conf: Introduce virDomainVideoDefClear helper (rhbz#1475770)
- conf: Introduce virDomainDefPostParseVideo helper (rhbz#1475770)
- qemu: validate: Enforce compile time switch type checking for videos (rhbz#1475770)
- tests: Add capabilities data for QEMU 2.11 x86_64 (rhbz#1475770)
- tests: Update capabilities data for QEMU 3.0.0 x86_64 (rhbz#1475770)
- qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc (rhbz#1475770)
- qemu: caps: Introduce a capability for egl-headless (rhbz#1475770)
- qemu: Introduce a new graphics display type 'headless' (rhbz#1475770)
- qemu: caps: Add vfio-pci.display capability (rhbz#1475770)
- conf: Introduce virDomainGraphicsDefHasOpenGL helper (rhbz#1475770)
- conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys (rhbz#1475770)
- conf: Introduce new <hostdev> attribute 'display' (rhbz#1475770)
- qemu: command: Enable formatting vfio-pci.display option onto cmdline (rhbz#1475770)
- docs: Rephrase the mediated devices hostdev section a bit (rhbz#1475770)
- conf: Introduce new video type 'none' (rhbz#1475770)
- virt-xml-validate: Add schema for nwfilterbinding (rhbz#1600330)
- tools: Fix typo generating adapter_wwpn field (rhbz#1601377)
- src: Fix memory leak in virNWFilterBindingDispose (rhbz#1603025)
[4.5.0-3]
- qemu: hotplug: Do not try to add secret object for TLS if it does not exist (rhbz#1598015)
- qemu: monitor: Make qemuMonitorAddObject more robust against programming errors (rhbz#1598015)
- spec: Explicitly require matching libvirt-libs (rhbz#1600122)
- virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash (rhbz#1599545)
- qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one (rhbz#1470007)
- qemuDomainValidateStorageSource: Relax PR validation (rhbz#1470007)
- virStoragePRDefFormat: Suppress path formatting for migratable XML (rhbz#1470007)
- qemu: Wire up PR_MANAGER_STATUS_CHANGED event (rhbz#1470007)
- qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo (rhbz#1470007)
- qemu: Fetch pr-helper process info on reconnect (rhbz#1470007)
- qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject (rhbz#1598015)
- virsh.pod: Fix a command name typo in nwfilter-binding-undefine (rhbz#1600329)
- docs: schema: Add missing <alias> to vsock device (rhbz#1600345)
- virnetdevtap: Dont crash on !ifname in virNetDevTapInterfaceStats (rhbz#1595184)
[4.5.0-2]
- qemu: Add capability for the HTM pSeries feature (rhbz#1525599)
- conf: Parse and format the HTM pSeries feature (rhbz#1525599)
- qemu: Format the HTM pSeries feature (rhbz#1525599)
- qemu: hotplug: Dont access srcPriv when its not allocated (rhbz#1597550)
- qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE (rhbz#1598084)
- src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs (rhbz#1598087)
- virsh.pod: Drop --persistent for detach-device-alias (rhbz#1598087)
- qemu: dont use chardev FD passing with standalone args (rhbz#1598281)
- qemu: remove chardevStdioLogd param from vhostuser code path (rhbz#1597940)
- qemu: consolidate parameters of qemuBuildChrChardevStr into flags (rhbz#1597940)
- qemu: dont use chardev FD passing for vhostuser backend (rhbz#1597940)
- qemu: fix UNIX socket chardevs operating in client mode (rhbz#1598440)
- qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set (rhbz#1515533)
[4.5.0-1]
- Rebased to libvirt-4.5.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1291851, rhbz#1393106, rhbz#1468422, rhbz#1469338, rhbz#1526382 rhbz#1529059, rhbz#1541921, rhbz#1544869, rhbz#1552092, rhbz#1568407 rhbz#1583623, rhbz#1584091, rhbz#1585108, rhbz#1586027, rhbz#1588295 rhbz#1588336, rhbz#1589730, rhbz#1590214, rhbz#1591017, rhbz#1591561 rhbz#1591628, rhbz#1591645, rhbz#1593549
[4.4.0-2]
- build: Dont install sysconfig files as scripts (rhbz#1563169)
[4.4.0-1]
- Rebased to libvirt-4.4.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1149445, rhbz#1291851, rhbz#1300772, rhbz#1400475, rhbz#1456165 rhbz#1470007, rhbz#1480668, rhbz#1534418, rhbz#1549531, rhbz#1559284 rhbz#1559835, rhbz#1560946, rhbz#1566416, rhbz#1569861, rhbz#1572491 rhbz#1574089, rhbz#1576916, rhbz#1583484, rhbz#1583927, rhbz#1584071 rhbz#1584073
[4.3.0-1]
- Rebased to libvirt-4.3.0 (rhbz#1563169)
- The rebase also fixes the following bugs:
rhbz#1509870, rhbz#1530451, rhbz#1577920, rhbz#1283700, rhbz#1425757 rhbz#1448149, rhbz#1454709, rhbz#1502754, rhbz#1507737, rhbz#1519130 rhbz#1519146, rhbz#1522706, rhbz#1523564, rhbz#1524399, rhbz#1525496 rhbz#1527740, rhbz#1550980, rhbz#916061, rhbz#1494454, rhbz#1515533 rhbz#1532542, rhbz#1538570, rhbz#1544325, rhbz#1544659, rhbz#1546971 rhbz#1347550, rhbz#1367238, rhbz#1483816, rhbz#1543775, rhbz#1551000 rhbz#1552127, rhbz#1553075, rhbz#1553085, rhbz#1554876, rhbz#1556828 rhbz#1558317, rhbz#1425058, rhbz#1490158, rhbz#1492597, rhbz#1520821 rhbz#1529256, rhbz#1547250, rhbz#1557769, rhbz#1560917, rhbz#1560976 rhbz#1568148, rhbz#1569678, rhbz#1576464
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 118773
File Name: oraclelinux_ELSA-2018-3113.nasl
Version: 1.6
Type: local
Agent: unix
Published: 11/7/2018
Updated: 11/1/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-6764
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter, p-cpe:/a:oracle:linux:libvirt-daemon-driver-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:oracle:linux:libvirt-daemon-kvm, p-cpe:/a:oracle:linux:libvirt-lock-sanlock, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:oracle:linux:libvirt-login-shell, p-cpe:/a:oracle:linux:libvirt-nss, p-cpe:/a:oracle:linux:libvirt-daemon-lxc, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:oracle:linux:libvirt, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage, p-cpe:/a:oracle:linux:libvirt-devel, p-cpe:/a:oracle:linux:libvirt-docs, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface, p-cpe:/a:oracle:linux:libvirt-bash-completion, p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret, p-cpe:/a:oracle:linux:libvirt-libs, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:oracle:linux:libvirt-client, p-cpe:/a:oracle:linux:libvirt-daemon-config-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu, p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc, p-cpe:/a:oracle:linux:libvirt-daemon, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:oracle:linux:libvirt-admin
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 11/6/2018
Vulnerability Publication Date: 2/23/2018
Reference Information
CVE: CVE-2018-6764
RHSA: 2018:3113