OracleVM 3.4:xen (OVMSA-2017-0094)
high Nessus Plugin ID 99975
語系:
概要
遠端 OracleVM 主機缺少一個或多個安全性更新。說明
遠端 OracleVM 系統缺少可解決重大安全性更新的必要修補程式:- BUILDINFO:xen commit=8ee9cbea8e71c968e602d5b4974601d283d61d28
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:傳統 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86:更正 create_bounce_frame (Boris Ostrovsky) [Orabug:25927745]
- x86:竊取頁面時丟棄類型信息 (Boris Ostrovsky)
- multicall:處理提前退出條件 (Boris Ostrovsky) [Orabug:25927612]
- BUILDINFO:xen commit=66e33522666436a4b6c13fbaa77b4942876bb5f7
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:傳統 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- kexec:為整個超級呼叫添加自旋鎖。(Konrad Rzeszutek Wilk)
- kexec:卸載 kexec 圖像時,清理 kexec_image插槽 (Bhavesh Davda) [Orabug:25861731]
- BUILDINFO:xen commit=337c8edcc582f8bfb1bcfcb5a475c5fc18ff2def
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:傳統 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- memory:正確檢查 XENMEM_exchange 處理中的客體記憶體範圍 (Jan Beulich) [Orabug:
25760559] (CVE-2017-7228)
- xenstored:記錄寫入事務速率限制發生的時間 (Ian Jackson) [Orabug:25745225]
- xenstored:應用寫入事務速率限制 (Ian Jackson)
- BUILDINFO:xen commit=17b0cd2109c42553e9c8c34d3a2b8252abead104
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:傳統 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xm:修復「xm create ...」顯示的錯誤消息 (Venu Busireddy) [Orabug:25721696]
- xm:擴展 pci 隱藏設備工具 (Venu Busireddy) [Orabug:25721624]
- BUILDINFO:xen commit=81f33e7316b476c319f42eb56ac58fc450804ded
- BUILDINFO:QEMU 上游 commit=2e4e0a805aeb448242b43399e0853b851bccde4e
- BUILDINFO:傳統 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend:修復 vif 設備 ID 配置 (Zhigang Wang) [Orabug:25692157]
- BUILDINFO:xen commit=68930e8bbd9311ebd12fdb251362a2e1f9987fba
- BUILDINFO:QEMU 上游 commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO:傳統 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend:修復 waitForSuspend (Zhigang Wang) [Orabug:
25638583] [Orabug:25653480]
- IOMMU:始終呼叫拆卸回調 (Oleksandr Tyshchenko) [Orabug:25485193]
- BUILDINFO:xen commit=9f3030e391274b89deb80c86a6343dac473916b3
- BUILDINFO:QEMU 上游 commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO:傳統 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- 一次性構建
解決方案
更新受影響的 xen / xen-tools 套件。另請參閱
https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000689.html
Plugin 詳細資訊
嚴重性: High
ID: 99975
檔案名稱: oraclevm_OVMSA-2017-0094.nasl
版本: 3.7
類型: local
已發布: 2017/5/4
已更新: 2021/1/4
支援的感應器: Nessus
風險資訊
VPR
風險因素: High
分數: 7.3
CVSS v2
風險因素: High
基本分數: 7.2
時間分數: 5.6
媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
風險因素: High
基本分數: 8.2
時間分數: 7.4
媒介: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:P/RL:O/RC:C
弱點資訊
CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4
必要的 KB 項目: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2017/5/3
弱點發布日期: 2017/4/4
參考資訊
CVE: CVE-2017-7228