Detections
Analytics
Oracle Linux 8 : glibc (ELSA-2019-3513)
medium Nessus Plugin ID 180769
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3513 advisory.[2.28-72.0.1]
- add Ampere emag to tunable cpu list (Patrick McGehearty)
- add optimized memset for emag
- add an ASIMD variant of strlen for falkor
- Orabug: 2700101.
- Modify glibc-ora28849085.patch so it works with RHCK kernels.
- Orabug: 28849085.
- Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile
- Both should test
- if (stream->_flags & _IO_USER_LOCK) == 0)
- _IO_lock_lock (*stream->_lock);
- OraBug: 28481550.
[2.28-72]
- Skip wide buffer handling for legacy stdio handles (#1722215)
[2.28-71]
- Remove copy_file_range emulation (#1724975)
[2.28-70]
- Avoid nscd assertion failure during persistent db check (#1727152)
[2.28-69]
- Fix invalid free under valgrind with libdl (#1717438)
[2.28-68]
- Account for size of locale-archive in rpm package (#1725131)
[2.28-67]
- Reject IP addresses with trailing characters in getaddrinfo (#1727241)
[2.28-66]
- Avoid header conflict between <sys/stat.h> and <linux/stat.h> (#1699194)
[2.28-65]
- glibc-all-langpacks: Do not delete locale archive during update (#1717347)
- Do not mark /usr/lib/locale/locale-archive as a configuration file because it is always automatically overwritten by build-locale-archive.
[2.28-64]
- Avoid ABI exposure of the NSS service_user type (#1710894)
[2.28-63]
- Enable full ICMP errors for UDP DNS sockets. (#1670043)
[2.28-62]
- Convert post-install binary to rpm lua scriptlet (#1639346)
[2.28-61]
- Fix crash during wide stream buffer flush (#1710478)
[2.28-60]
- Add PF_XDP, AF_XDP and SOL_XDP from Linux 4.18 (#1706777)
[2.28-59]
- Add .gdb_index to debug information (#1612448)
* Wed May 22 2019 DJ Delorie <[email protected]) - 2.28-58
- iconv, localedef: avoid floating point rounding differences (#1691528)
[2.28-57]
- locale: Add LOCPATH diagnostics to the locale program (#1701605)
[2.28-56]
- Fix hang in pldd. (#1702539)
[2.28-55]
- s390x string function improvements (#1659438)
[2.28-54]
- Fix test suite failures due to race conditions in posix/tst-spawn spawned processes. (#1659512)
[2.28-53]
- Add missing CFI data to __mpn_* functions on ppc64le (#1658901)
[2.28-52]
- intl: Do not return NULL on asprintf failure in gettext (#1663035)
[2.28-51]
- Increase BIND_NOW coverage (#1639343)
[2.28-50]
- Fix pthread_rwlock_trywrlock and pthread_rwlock_tryrdlock stalls (#1659293)
[2.28-49]
- malloc: Improve bad chunk detection (#1651283)
[2.28-48]
- Add compiler barriers around modifications of the robust mutex list for pthread_mutex_trylock. (#1672773)
[2.28-47]
- powerpc: Only enable HTM if kernel supports PPC_FEATURE2_HTM_NOSC (#1651742)
[2.28-46]
- Only build libm with -fno-math-errno (#1664408)
[2.28-45]
- ja_JP: Add new Japanese Era name (#1577438)
[2.28-44]
- math: Add XFAILs for some IBM 128-bit long double fma tests (#1623537)
[2.28-43]
- malloc: realloc ncopies integer overflow (#1662843)
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 180769
File Name: oraclelinux_ELSA-2019-3513.nasl
Version: 1.2
Type: local
Agent: unix
Published: 9/7/2023
Updated: 11/1/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-10739
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:glibc-langpack-ug, p-cpe:/a:oracle:linux:glibc-langpack-yi, p-cpe:/a:oracle:linux:glibc-langpack-gez, p-cpe:/a:oracle:linux:glibc-langpack-ga, p-cpe:/a:oracle:linux:glibc-langpack-te, p-cpe:/a:oracle:linux:glibc-langpack-dz, p-cpe:/a:oracle:linux:glibc-langpack-fi, p-cpe:/a:oracle:linux:glibc-langpack-or, p-cpe:/a:oracle:linux:glibc-langpack-fil, p-cpe:/a:oracle:linux:libnsl, p-cpe:/a:oracle:linux:glibc-langpack-ig, p-cpe:/a:oracle:linux:glibc-langpack-mk, p-cpe:/a:oracle:linux:glibc-langpack-ja, p-cpe:/a:oracle:linux:glibc-langpack-ks, p-cpe:/a:oracle:linux:glibc-langpack-sid, p-cpe:/a:oracle:linux:glibc-langpack-et, p-cpe:/a:oracle:linux:glibc-langpack-ha, p-cpe:/a:oracle:linux:glibc-langpack-yuw, p-cpe:/a:oracle:linux:glibc-langpack-nl, p-cpe:/a:oracle:linux:glibc-langpack-ve, p-cpe:/a:oracle:linux:glibc-langpack-bo, p-cpe:/a:oracle:linux:glibc-langpack-mhr, p-cpe:/a:oracle:linux:glibc-langpack-tg, p-cpe:/a:oracle:linux:nss_hesiod, p-cpe:/a:oracle:linux:glibc-langpack-lv, p-cpe:/a:oracle:linux:glibc-langpack-pt, p-cpe:/a:oracle:linux:glibc-langpack-zh, p-cpe:/a:oracle:linux:glibc-langpack-agr, p-cpe:/a:oracle:linux:glibc-langpack-anp, p-cpe:/a:oracle:linux:glibc-langpack-tpi, p-cpe:/a:oracle:linux:glibc-langpack-se, p-cpe:/a:oracle:linux:glibc-langpack-wal, p-cpe:/a:oracle:linux:glibc-langpack-oc, p-cpe:/a:oracle:linux:glibc-langpack-nb, p-cpe:/a:oracle:linux:glibc-langpack-mni, p-cpe:/a:oracle:linux:glibc-langpack-mr, p-cpe:/a:oracle:linux:glibc-langpack-sr, p-cpe:/a:oracle:linux:glibc-langpack-ml, p-cpe:/a:oracle:linux:glibc-langpack-wo, p-cpe:/a:oracle:linux:glibc-langpack-ar, p-cpe:/a:oracle:linux:glibc-langpack-si, p-cpe:/a:oracle:linux:glibc-langpack-wae, p-cpe:/a:oracle:linux:glibc-langpack-sd, p-cpe:/a:oracle:linux:glibc-langpack-xh, p-cpe:/a:oracle:linux:glibc-langpack-crh, p-cpe:/a:oracle:linux:glibc-headers, p-cpe:/a:oracle:linux:glibc-langpack-nan, p-cpe:/a:oracle:linux:glibc-langpack-ayc, p-cpe:/a:oracle:linux:glibc-langpack-am, p-cpe:/a:oracle:linux:glibc-langpack-eo, p-cpe:/a:oracle:linux:glibc-langpack-ta, p-cpe:/a:oracle:linux:glibc-langpack-vi, p-cpe:/a:oracle:linux:glibc-langpack-hak, p-cpe:/a:oracle:linux:glibc-langpack-ss, p-cpe:/a:oracle:linux:glibc-langpack-fy, p-cpe:/a:oracle:linux:glibc-langpack-bho, p-cpe:/a:oracle:linux:glibc-langpack-bi, p-cpe:/a:oracle:linux:glibc-langpack-ln, p-cpe:/a:oracle:linux:glibc-langpack-gl, p-cpe:/a:oracle:linux:glibc-minimal-langpack, p-cpe:/a:oracle:linux:glibc-langpack-aa, p-cpe:/a:oracle:linux:glibc-langpack-sat, p-cpe:/a:oracle:linux:glibc-langpack-sw, p-cpe:/a:oracle:linux:glibc-langpack-fur, p-cpe:/a:oracle:linux:glibc-langpack-mi, p-cpe:/a:oracle:linux:glibc-langpack-yo, p-cpe:/a:oracle:linux:glibc-langpack-id, p-cpe:/a:oracle:linux:glibc-langpack-kk, p-cpe:/a:oracle:linux:glibc-langpack-sm, p-cpe:/a:oracle:linux:glibc-langpack-so, p-cpe:/a:oracle:linux:glibc-langpack-nso, p-cpe:/a:oracle:linux:glibc-langpack-szl, p-cpe:/a:oracle:linux:glibc-benchtests, p-cpe:/a:oracle:linux:glibc-langpack-pl, p-cpe:/a:oracle:linux:glibc-langpack-kw, p-cpe:/a:oracle:linux:glibc-langpack-cs, p-cpe:/a:oracle:linux:glibc-langpack-mai, p-cpe:/a:oracle:linux:glibc-langpack-it, p-cpe:/a:oracle:linux:glibc-langpack-ne, p-cpe:/a:oracle:linux:glibc-langpack-ro, p-cpe:/a:oracle:linux:glibc-langpack-ru, p-cpe:/a:oracle:linux:glibc-langpack-hy, p-cpe:/a:oracle:linux:glibc-langpack-tt, p-cpe:/a:oracle:linux:glibc-langpack-lt, p-cpe:/a:oracle:linux:glibc-langpack-li, p-cpe:/a:oracle:linux:glibc-nss-devel, p-cpe:/a:oracle:linux:glibc-langpack-lb, p-cpe:/a:oracle:linux:glibc-langpack-ko, p-cpe:/a:oracle:linux:glibc-langpack-kok, p-cpe:/a:oracle:linux:glibc-langpack-hu, p-cpe:/a:oracle:linux:glibc-langpack-hif, p-cpe:/a:oracle:linux:glibc-langpack-as, p-cpe:/a:oracle:linux:glibc-langpack-bn, p-cpe:/a:oracle:linux:glibc-langpack-hr, p-cpe:/a:oracle:linux:glibc-langpack-mg, p-cpe:/a:oracle:linux:glibc-langpack-sl, p-cpe:/a:oracle:linux:glibc-langpack-wa, p-cpe:/a:oracle:linux:glibc-langpack-sa, p-cpe:/a:oracle:linux:glibc-langpack-ht, p-cpe:/a:oracle:linux:glibc-langpack-cv, p-cpe:/a:oracle:linux:glibc-langpack-km, p-cpe:/a:oracle:linux:glibc-langpack-ff, p-cpe:/a:oracle:linux:glibc-langpack-unm, p-cpe:/a:oracle:linux:glibc-langpack-quz, p-cpe:/a:oracle:linux:glibc-langpack-af, p-cpe:/a:oracle:linux:glibc-langpack-kn, p-cpe:/a:oracle:linux:glibc-locale-source, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:glibc-langpack-sk, p-cpe:/a:oracle:linux:glibc-langpack-bg, p-cpe:/a:oracle:linux:glibc-langpack-ber, p-cpe:/a:oracle:linux:glibc-all-langpacks, p-cpe:/a:oracle:linux:glibc-langpack-csb, p-cpe:/a:oracle:linux:glibc-langpack-ps, p-cpe:/a:oracle:linux:glibc-langpack-mfe, p-cpe:/a:oracle:linux:glibc-langpack-iu, p-cpe:/a:oracle:linux:glibc-langpack-ti, p-cpe:/a:oracle:linux:glibc-langpack-ms, p-cpe:/a:oracle:linux:glibc-langpack-an, p-cpe:/a:oracle:linux:glibc-langpack-en, p-cpe:/a:oracle:linux:glibc-langpack-ka, p-cpe:/a:oracle:linux:nss_db, p-cpe:/a:oracle:linux:glibc-langpack-mag, p-cpe:/a:oracle:linux:glibc-common, p-cpe:/a:oracle:linux:glibc-langpack-lzh, p-cpe:/a:oracle:linux:glibc-langpack-gu, p-cpe:/a:oracle:linux:glibc-langpack-tl, p-cpe:/a:oracle:linux:glibc-langpack-raj, p-cpe:/a:oracle:linux:glibc-langpack-th, p-cpe:/a:oracle:linux:glibc-langpack-kl, p-cpe:/a:oracle:linux:glibc-langpack-hsb, p-cpe:/a:oracle:linux:glibc-langpack-miq, p-cpe:/a:oracle:linux:glibc-langpack-cmn, p-cpe:/a:oracle:linux:glibc-langpack-ky, p-cpe:/a:oracle:linux:glibc-langpack-mjw, p-cpe:/a:oracle:linux:glibc-langpack-st, p-cpe:/a:oracle:linux:glibc-langpack-lg, p-cpe:/a:oracle:linux:glibc-langpack-nhn, p-cpe:/a:oracle:linux:glibc-langpack-tn, p-cpe:/a:oracle:linux:glibc-langpack-the, p-cpe:/a:oracle:linux:glibc-langpack-rw, p-cpe:/a:oracle:linux:glibc-static, p-cpe:/a:oracle:linux:glibc-langpack-doi, p-cpe:/a:oracle:linux:glibc-langpack-sq, p-cpe:/a:oracle:linux:glibc-langpack-tig, p-cpe:/a:oracle:linux:glibc-langpack-tr, p-cpe:/a:oracle:linux:glibc-langpack-uz, p-cpe:/a:oracle:linux:glibc-langpack-byn, p-cpe:/a:oracle:linux:glibc-langpack-hne, p-cpe:/a:oracle:linux:glibc-langpack-mn, p-cpe:/a:oracle:linux:glibc-langpack-uk, p-cpe:/a:oracle:linux:glibc-langpack-ce, p-cpe:/a:oracle:linux:glibc-langpack-da, p-cpe:/a:oracle:linux:glibc-langpack-chr, p-cpe:/a:oracle:linux:glibc-langpack-zu, p-cpe:/a:oracle:linux:glibc-langpack-cy, p-cpe:/a:oracle:linux:nscd, p-cpe:/a:oracle:linux:glibc-langpack-el, p-cpe:/a:oracle:linux:glibc-langpack-pa, p-cpe:/a:oracle:linux:glibc-langpack-gv, p-cpe:/a:oracle:linux:glibc-langpack-hi, p-cpe:/a:oracle:linux:glibc-langpack-ca, p-cpe:/a:oracle:linux:glibc-langpack-bem, p-cpe:/a:oracle:linux:glibc-langpack-om, p-cpe:/a:oracle:linux:glibc-langpack-gd, p-cpe:/a:oracle:linux:glibc-langpack-be, p-cpe:/a:oracle:linux:glibc-langpack-yue, p-cpe:/a:oracle:linux:glibc-langpack-nds, p-cpe:/a:oracle:linux:glibc-langpack-nr, p-cpe:/a:oracle:linux:glibc-langpack-sc, p-cpe:/a:oracle:linux:glibc-langpack-is, p-cpe:/a:oracle:linux:glibc-langpack-os, p-cpe:/a:oracle:linux:glibc-langpack-fa, p-cpe:/a:oracle:linux:glibc-langpack-ku, p-cpe:/a:oracle:linux:glibc-langpack-lo, p-cpe:/a:oracle:linux:glibc-langpack-sah, p-cpe:/a:oracle:linux:glibc-langpack-az, p-cpe:/a:oracle:linux:glibc-langpack-ur, p-cpe:/a:oracle:linux:glibc, p-cpe:/a:oracle:linux:glibc-langpack-sgs, p-cpe:/a:oracle:linux:glibc-langpack-fr, p-cpe:/a:oracle:linux:compat-libpthread-nonshared, p-cpe:/a:oracle:linux:glibc-langpack-he, p-cpe:/a:oracle:linux:glibc-langpack-my, p-cpe:/a:oracle:linux:glibc-langpack-dsb, p-cpe:/a:oracle:linux:glibc-langpack-ts, p-cpe:/a:oracle:linux:glibc-devel, p-cpe:/a:oracle:linux:glibc-langpack-fo, p-cpe:/a:oracle:linux:glibc-langpack-es, p-cpe:/a:oracle:linux:glibc-langpack-kab, p-cpe:/a:oracle:linux:glibc-langpack-shn, p-cpe:/a:oracle:linux:glibc-langpack-br, p-cpe:/a:oracle:linux:glibc-langpack-ia, p-cpe:/a:oracle:linux:glibc-langpack-brx, p-cpe:/a:oracle:linux:glibc-langpack-shs, p-cpe:/a:oracle:linux:glibc-langpack-mt, p-cpe:/a:oracle:linux:glibc-langpack-niu, p-cpe:/a:oracle:linux:glibc-langpack-pap, p-cpe:/a:oracle:linux:glibc-langpack-tk, p-cpe:/a:oracle:linux:glibc-langpack-to, p-cpe:/a:oracle:linux:glibc-langpack-lij, p-cpe:/a:oracle:linux:glibc-langpack-sv, p-cpe:/a:oracle:linux:glibc-langpack-ik, p-cpe:/a:oracle:linux:glibc-langpack-ast, p-cpe:/a:oracle:linux:glibc-langpack-tcy, p-cpe:/a:oracle:linux:glibc-utils, p-cpe:/a:oracle:linux:glibc-langpack-bhb, p-cpe:/a:oracle:linux:glibc-langpack-eu, p-cpe:/a:oracle:linux:glibc-langpack-dv, p-cpe:/a:oracle:linux:glibc-langpack-ak, p-cpe:/a:oracle:linux:glibc-langpack-bs, p-cpe:/a:oracle:linux:glibc-langpack-de, p-cpe:/a:oracle:linux:glibc-langpack-nn
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 11/21/2019
Vulnerability Publication Date: 1/21/2019
Reference Information
CVE: CVE-2016-10739