Oracle Linux 7 : glibc (ELSA-2024-12444)

high Nessus Plugin ID 200741

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory.

[2.17-326.0.9.3]
- Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history:
June-22-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.9
- OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations.
Reviewed-by: Jose E. Marchesi <[email protected]> June-20-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.7
- OraBug 35517820 Do not allocate heap memory in __nptl_tunables_init.
- This issue was introduced and fixed in patch related to OraBug 35318841.
Reviewed-by: Jose E. Marchesi <[email protected]> April-21-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.5
- OraBug 35318841 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi <[email protected]> December-19-2022 Cupertino Miranda <[email protected]> - 2.17-326.0.3
- OraBug 34909902 vDSO timer functions support on i686 Reviewed-by: Jose E. Marchesi <[email protected]> May-18-2022 Patrick McGehearty <[email protected]> - 2.17-326.0.1
- Forward-port Oracle patches to 2.17-326.
Reviewed-by: Jose E. Marchesi <[email protected]> April-26-2022 Patrick McGehearty <[email protected]> - 2.17-325.0.3
- OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <[email protected]> October-12-2021 Patrick McGehearty <[email protected]> - 2.17-325.0.1
- Merge el7 u9 errata4 patch with Oracle patches Review-exception: Simple merge
- Merge el7 u9 errata patches with Oracle patches Review-exception: Simple merge
- Adding three arm specific patches to allow glibc x86 tree to be used for
- ILOM and other arm builds Reviewed-by: Jose E. Marchesi <[email protected]>
- Merge el7 u8 patches with Oracle patches Review-exception: Simple merge
- Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch
- Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0)
_IO_lock_lock (*stream->_lock);
OraBug 28481550.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Modify glibc-ora28849085.patch so it works with RHCK kernels.
Orabug 28849085.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs.
- Orabug 28849085
- Reviewed-by: Patrick McGehearty <[email protected]>
- Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984.
- Orabug 25558067.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty <[email protected]>
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Include-linux-falloc.h-in-bits-fcntl-linux.h
- Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
- OraBug 28483336
- Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
- sysdeps/unix/sysv/linux/x86/bits/mman.h
- OraBug 28389572
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-12444.html

Plugin Details

Severity: High

ID: 200741

File Name: oraclelinux_ELSA-2024-12444.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/19/2024

Updated: 11/4/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

CVSS Score Source: CVE-2024-2961

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2024-33602

Vulnerability Information

CPE: cpe:/a:oracle:linux:7::userspace_ksplice, p-cpe:/a:oracle:linux:glibc-headers, p-cpe:/a:oracle:linux:nscd, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:glibc, p-cpe:/a:oracle:linux:glibc-utils, p-cpe:/a:oracle:linux:glibc-static, p-cpe:/a:oracle:linux:glibc-common, p-cpe:/a:oracle:linux:glibc-devel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/19/2024

Vulnerability Publication Date: 4/5/2024

Exploitable With

Metasploit (CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961))

Reference Information

CVE: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602