Detections
Analytics

OracleVM 3.3 : rpm (OVMSA-2014-0083)

high Nessus Plugin ID 80008

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163059)

 - Fix thinko in the non-root python byte-compilation fix

 - Byte-compile versioned python libdirs in non-root prefix too (#868332)

 - Fix segfault on rpmdb addition when header unload fails (#706935)

 - Add a compat mode for enabling legacy rpm scriptlet error behavior (#963724)

 - Fix build-time double-free on file capability processing (#904818)

 - Fix include-directive getting processed on false branch (#920190)

 - Bring back --fileid in the man page with description of the id (#804049)

 - Fix missing error on --import on bogus key file (#869667)

 - Add DWARF 4 support to debugedit (#858731)

 - Add better error handling to patch for bug

 - Fix memory corruption on multikey PGP packets/armors (#829621)

 - Handle identical binaries for debug-info (#727872)

 - Fix typos in Japanese rpm man page (#845065)

 - Document -D and -E options in man page (#845063)

 - Add --setperms and --setuids to the man page (#839126)

 - Update man page that SHA256 is also used for file digest (#804049)

 - Remove --fileid from man page to get rid of md5

 - Remove -s from patch calls (#773503)

 - Force _host_vendor to redhat to better match toolchain (#743229)

 - Backport reloadConfig for Python API (#825147)

 - Support for dpkg-style sorting of tilde in version/release (#825087)

 - Fix explicit directory %attr when %defattr is active (#730473)

 - Don't load keyring if signature checking is disabled (#664696)

 - Retry read to fix rpm2cpio with pipe as stdin (#802839)

Solution

Update the affected rpm / rpm-libs / rpm-python packages.

See Also

http://www.nessus.org/u?8451a6f3

Plugin Details

Severity: High

ID: 80008

File Name: oraclevm_OVMSA-2014-0083.nasl

Version: 1.8

Type: local

Published: 12/15/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:rpm-python, cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:rpm-libs, p-cpe:/a:oracle:vm:rpm

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2014

Vulnerability Publication Date: 12/16/2014

Reference Information

CVE: CVE-2013-6435

BID: 71558