Detections
Analytics
Oracle Linux 7 : systemd (ELSA-2020-4007)
low Nessus Plugin ID 141225
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4007 advisory.[219-78.0.1]
- Backport upstream patches related to private-tmp (Sushmita Bhattacharya) [Orabug: 31561883]
- backport upstream pstore tmpfiles patch (Eric DeVolder) [Orabug: 31414539]
- udev rules: fix memory hot add and remove [Orabug: 31309730]
- enable and start the pstore service [Orabug: 30950903]
- fix to generate the systemd-pstore.service file [Orabug: 30235241]
- Backport upstream patches for the new systemd-pstore tool [Orabug: 30235241]
- do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896]
- OL7 udev rule for virtio net standby interface [Orabug: 28826743]
- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] ([email protected])
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
[219-78]
- avoid double free (#1832816)
[219-77]
- core: coldplug possible nop_job (#1829754)
- core: make sure to restore the control command id, too (#1828953)
[219-76]
- core: enforce a ratelimiter when stopping units due to StopWhenUnneeded=1 (#1775291)
- core: rework StopWhenUnneeded= logic (#1775291)
[219-75]
- journal: break recursion (#1778744)
[219-74]
- sd-bus: bump message queue size again (#1770158)
- unit: fix potential use of cgroup_path after free() when freeing unit (#1760149)
- add test for ExecStopPost (#1733998)
- core: when restarting services, dont close fds (#1757704)
- unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1757704)
- tests: add basic journal test (#1757704)
- tests: add regression test for 'systemctl restart systemd-journald' (#1757704)
- tests: add test that journald keeps fds over termination by signal (#1757704)
- nss-util: silence warning about deprecated RES_USE_INET6 (#1799002)
- journal: do not trigger assertion when journal_file_close() get NULL (#1786046)
- mount: dont propagate errors from mount_setup_unit() further up (#1804757)
- mount: when allocating a Mount object based on /proc/self/mountinfo mark it so (#1804757)
- fix the fix for #1691511 (#1804757)
- v3: Properly parsing SCSI Hyperv devices (#8509) (#1809053)
- Consider smb3 as remote filesystem (#1811700)
- mount: dont add Requires for tmp.mount (#1813270)
- sd-bus: when attached to an sd-event loop, disconnect on processing errors (#1769928)
- sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1812889)
- sd-journal: remove the dead code and actually fix #14695 (#1812889)
- swap: adjust swap.c in a similar way to what we just did to mount.c (#1749621)
- swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749621)
- core: add a new unit file setting CollectMode= for tweaking the GC logic (#1817576)
- run: add '-G' as shortcut for '--property=CollectMode=inactive-or-failed' (#1817576)
- core: clarify that the CollectMode bus property is constant (#1817576)
- udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1814028)
- logind: check PolicyKit before allowing VT switch (#1797672)
- timer: dont use persietent file timestamps from the future (#6823) (#1769923)
- core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766477)
- bus_open leak sd_event_source when udevadm trigger (#1798503)
- journal-remote: split-mode=host, remove port from journal filename (#1244691)
- core: downgrade log message about inability to propagate cgroup release message (#1679934)
- units: move Before deps for quota services to remote-fs.target (#5627) (#1693374)
- set kptr_restrict=1 (#1689344)
[219-73.3]
- journal: do not trigger assertion when journal_file_close() get NULL (#1807798)
[219-73.2]
- core: when restarting services, dont close fds (#1803802)
- unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1803802)
- tests: add basic journal test (#1803802)
- tests: add regression test for 'systemctl restart systemd-journald' (#1803802)
- tests: add test that journald keeps fds over termination by signal (#1803802)
[219-73.1]
- unit: fix potential use of cgroup_path after free() when freeing unit (#1760149)
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Low
ID: 141225
File Name: oraclelinux_ELSA-2020-4007.nasl
Version: 1.5
Type: local
Agent: unix
Published: 10/7/2020
Updated: 11/1/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2019-20386
CVSS v3
Risk Factor: Low
Base Score: 2.4
Temporal Score: 2.1
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:libgudev1, p-cpe:/a:oracle:linux:systemd-resolved, p-cpe:/a:oracle:linux:systemd-devel, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:systemd-python, p-cpe:/a:oracle:linux:systemd, p-cpe:/a:oracle:linux:systemd-journal-gateway, p-cpe:/a:oracle:linux:systemd-networkd, p-cpe:/a:oracle:linux:libgudev1-devel, p-cpe:/a:oracle:linux:systemd-sysv, p-cpe:/a:oracle:linux:systemd-libs
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 10/6/2020
Vulnerability Publication Date: 1/21/2020
Reference Information
CVE: CVE-2019-20386