OracleVM 3.4:xen (OVMSA-2017-0094)
high Nessus 插件 ID 99975
语言:
简介
远程 OracleVM 主机缺少一个或多个安全更新。描述
远程 OracleVM 系统缺少解决关键安全更新的必要补丁:- BUILDINFO:xen commit=8ee9cbea8e71c968e602d5b4974601d283d61d28
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86:更正 create_bounce_frame (Boris Ostrovsky) [Orabug:25927745]
- x86:窃取页面时丢弃类型信息 (Boris Ostrovsky)
- multicall:处理提前退出条件 (Boris Ostrovsky) [Orabug:25927612]
- BUILDINFO:xen commit=66e33522666436a4b6c13fbaa77b4942876bb5f7
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- kexec:为整个超级调用添加自旋锁。(Konrad Rzeszutek Wilk)
- kexec:卸载 kexec 图像时,清理 kexec_image插槽 (Bhavesh Davda) [Orabug:25861731]
- BUILDINFO:xen commit=337c8edcc582f8bfb1bcfcb5a475c5fc18ff2def
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- memory:正确检查 XENMEM_exchange 处理中的客户机内存范围 (Jan Beulich) [Orabug:
25760559] (CVE-2017-7228)
- xenstored:记录写入事务速率限制发生的时间 (Ian Jackson) [Orabug:25745225]
- xenstored:应用写入事务速率限制 (Ian Jackson)
- BUILDINFO:xen commit=17b0cd2109c42553e9c8c34d3a2b8252abead104
- BUILDINFO:QEMU 上游 commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xm:修复“xm create ...”显示的错误消息 (Venu Busireddy) [Orabug:25721696]
- xm:扩展 pci 隐藏设备工具 (Venu Busireddy) [Orabug:25721624]
- BUILDINFO:xen commit=81f33e7316b476c319f42eb56ac58fc450804ded
- BUILDINFO:QEMU 上游 commit=2e4e0a805aeb448242b43399e0853b851bccde4e
- BUILDINFO:传统 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend:修复 vif 设备 ID 分配 (Zhigang Wang) [Orabug:25692157]
- BUILDINFO:xen commit=68930e8bbd9311ebd12fdb251362a2e1f9987fba
- BUILDINFO:QEMU 上游 commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO:传统 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend:修复 waitForSuspend (Zhigang Wang) [Orabug:
25638583] [Orabug:25653480]
- IOMMU:始终调用拆卸回调 (Oleksandr Tyshchenko) [Orabug:25485193]
- BUILDINFO:xen commit=9f3030e391274b89deb80c86a6343dac473916b3
- BUILDINFO:QEMU 上游 commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO:传统 QEMU commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- 一次性构建
解决方案
更新受影响的 xen/xen-tools 程序包。另见
https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000689.html
插件详情
严重性: High
ID: 99975
文件名: oraclevm_OVMSA-2017-0094.nasl
版本: 3.7
类型: local
发布时间: 2017/5/4
最近更新时间: 2021/1/4
支持的传感器: Nessus
风险信息
VPR
风险因素: High
分数: 7.3
CVSS v2
风险因素: High
基本分数: 7.2
时间分数: 5.6
矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
风险因素: High
基本分数: 8.2
时间分数: 7.4
矢量: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4
必需的 KB 项: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
可利用: true
易利用性: Exploits are available
补丁发布日期: 2017/5/3
漏洞发布日期: 2017/4/4
参考资料信息
CVE: CVE-2017-7228