Oracle Linux 8 : kexec-tools (ELSA-2021-4404)

medium Nessus Plugin ID 155420

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4404 advisory.

[2.0.20-57.0.3]
- Merge 8.4 extra patches for SB boot environment [Orabug: 33512440]

[2.0.20-57.0.2]
- Merge SRPM/ol8-u4 orabug patches into SRPM/ol8-u5 [Orabug: 33471981]

[2.0.20-57.0.1]
- makedumpfile: Add support for newer kernels up to v5.12 [Orabug: 33250117]

[2.0.20-57]
- kdumpctl: enable secure boot on ppc64le LPARs

[2.0.20-56]
- kdumpctl: fix a typo

[2.0.20-55]
- kdump/ppc64: migration action registration clean up

[2.0.20-54]
- kdump/ppc64: rebuild initramfs image after migration
- Check the existence of /sys/bus/ccwgroup/devices/*/online beforehand
- kdump.sysconfig.s390: Remove 'prot_virt' from kdump kernel cmdline

[2.0.20-53]
- check for invalid physical address of /proc/kcore when making ELF dumpfile
- check for invalid physical address of /proc/kcore when finding max_paddr
- fix format issue in find_online_znet_device
- check the existence of /sys/bus/ccwgroup/devices before trying to find online network device
- kdump-lib.sh: fix a warning in prepare_kdump_bootinfo()

[2.0.20-52]
- Write to /var/lib/kdump if not writable
- Iterate /sys/bus/ccwgroup/devices to tell if we should set up rd.znet
- mkdumprd: display the absolute path of dump location in the check_user_configured_target()

[2.0.20-51]
- Stop reloading kdump service on CPU hotplug event for FADump
- fadump: improve fadump-howto.txt about remote dump target setup

[2.0.20-50]
- rd.route should use the name from kdump_setup_ifname
- get kdump ifname once in kdump_install_netdev

[2.0.20-49]
- kdump-lib.sh: fix the case if no enough total RAM for kdump in get_recommend_size()

[2.0.20-48]
- kdumpctl: Add kdumpctl estimate
- mkdumprd: make use of the new get_luks_crypt_dev helper
- kdump-lib.sh: introduce a helper to get all crypt dev used by kdump
- kdump-lib.sh: introduce a helper to get underlying crypt device
- RHEL-only: keep total memory size coherent to RHEL-only kernel patch
- Show write byte size in report messages
- Add shorthand --show-stats option to show report stats
- Add --dry-run option to prevent writing the dumpfile
- kdump-lib.sh: introduce functions to return recommened mem size

[2.0.20-47]
- Implement IP netmask calculation to replace 'ipcalc -m'
- kdumpctl: fix check_config error when kdump.conf is empty
- Fix incorrect vmcore permissions when dumped through ssh
- Fix incorrect permissions on kdump dmesg file

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kexec-tools package.

See Also

https://linux.oracle.com/errata/ELSA-2021-4404.html

Plugin Details

Severity: Medium

ID: 155420

File Name: oraclelinux_ELSA-2021-4404.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/17/2021

Updated: 10/23/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-20269

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kexec-tools, cpe:/o:oracle:linux:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2021-20269