ID CVE-2017-13673 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
{"nessus": [{"lastseen": "2021-01-07T10:12:58", "description": "ARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : xen (2017-b4329d6ee5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13673", "CVE-2017-13672"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2017-B4329D6EE5.NASL", "href": "https://www.tenable.com/plugins/nessus/105960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b4329d6ee5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105960);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\");\n script_xref(name:\"FEDORA\", value:\"2017-b4329d6ee5\");\n\n script_name(english:\"Fedora 27 : xen (2017-b4329d6ee5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b4329d6ee5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.0-11.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:53:50", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - QEMU (aka Quick Emulator), when built with the VGA\n display emulator support, allows local guest OS\n privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n involving display update.(CVE-2017-13672)\n\n - The vga display update in mis-calculated the region for\n the dirty bitmap snapshot in case split screen mode is\n used causing a denial of service (assertion failure) in\n the cpu_physical_memory_snapshot_get_dirty\n function.(CVE-2017-13673)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-09-18T00:00:00", "title": "EulerOS Virtualization 2.5.1 : qemu-kvm (EulerOS-SA-2018-1259)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13673", "CVE-2017-13672"], "modified": "2018-09-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-kvm-tools", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1259.NASL", "href": "https://www.tenable.com/plugins/nessus/117568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117568);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13672\",\n \"CVE-2017-13673\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : qemu-kvm (EulerOS-SA-2018-1259)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - QEMU (aka Quick Emulator), when built with the VGA\n display emulator support, allows local guest OS\n privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n involving display update.(CVE-2017-13672)\n\n - The vga display update in mis-calculated the region for\n the dirty bitmap snapshot in case split screen mode is\n used causing a denial of service (assertion failure) in\n the cpu_physical_memory_snapshot_get_dirty\n function.(CVE-2017-13673)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1259\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af8e12fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-kvm-2.8.1-25.127\",\n \"qemu-kvm-common-2.8.1-25.127\",\n \"qemu-kvm-tools-2.8.1-25.127\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-14T06:17:17", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP\nnetworking implementation (bsc#1123156).\n\nCVE-2018-16872: Fixed a host security vulnerability related to\nhandling symlinks in usb-mtp (bsc#1119493).\n\nCVE-2018-19489: Fixed a denial of service vulnerability in virtfs\n(bsc#1117275).\n\nCVE-2018-19364: Fixed a use-after-free if the virtfs interface\nresulting in a denial of service (bsc#1116717).\n\nCVE-2018-7858: Fixed a denial of service which could occur while\nupdating the VGA display, after guest has adjusted the display\ndimensions (bsc#1084604).\n\nCVE-2017-13673: Fixed a denial of service in the\ncpu_physical_memory_snapshot_get_dirty function.\n\nCVE-2017-13672: Fixed a denial of service via vectors involving\ndisplay update.\n\nNon-security issues fixed: Fixed bad guest time after migration\n(bsc#1113231).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-27T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0489-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-13673", "CVE-2019-6778", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-16872", "CVE-2018-7858"], "modified": "2019-02-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2019-0489-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122471", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0489-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122471);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2018-16872\", \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-7858\", \"CVE-2019-6778\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0489-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP\nnetworking implementation (bsc#1123156).\n\nCVE-2018-16872: Fixed a host security vulnerability related to\nhandling symlinks in usb-mtp (bsc#1119493).\n\nCVE-2018-19489: Fixed a denial of service vulnerability in virtfs\n(bsc#1117275).\n\nCVE-2018-19364: Fixed a use-after-free if the virtfs interface\nresulting in a denial of service (bsc#1116717).\n\nCVE-2018-7858: Fixed a denial of service which could occur while\nupdating the VGA display, after guest has adjusted the display\ndimensions (bsc#1084604).\n\nCVE-2017-13673: Fixed a denial of service in the\ncpu_physical_memory_snapshot_get_dirty function.\n\nCVE-2017-13672: Fixed a denial of service via vectors involving\ndisplay update.\n\nNon-security issues fixed: Fixed bad guest time after migration\n(bsc#1113231).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6778/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190489-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d7d5bad\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-489=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-489=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-489=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-489=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-489=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-debugsource-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-kvm-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-lang-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-2.6.2-41.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-debuginfo-2.6.2-41.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:11:10", "description": "An update for qemu-kvm-rhev is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nThe following packages have been upgraded to a later upstream version:\nqemu-kvm-rhev (2.10.0). (BZ#1470749)\n\nSecurity Fix(es) :\n\n* Qemu: stack-based buffer overflow in NBD server triggered via long\nexport name (CVE-2017-15118)\n\n* Qemu: DoS via large option request (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update\n(CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* Qemu: memory exhaustion through framebuffer update request message\nin VNC server (CVE-2017-15124)\n\n* Qemu: I/O: potential memory exhaustion via websock connection to VNC\n(CVE-2017-15268)\n\n* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank David Buchanan for reporting\nCVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for\nreporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting\nCVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were\ndiscovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was\ndiscovered by Daniel Berrange (Red Hat).", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-17T00:00:00", "title": "RHEL 7 : Virtualization (RHSA-2018:1104)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2017-15119", "CVE-2017-13673", "CVE-2017-15118", "CVE-2017-13711", "CVE-2017-13672"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "id": "REDHAT-RHSA-2018-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/109070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1104. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109070);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-13711\", \"CVE-2017-15118\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\", \"CVE-2018-5683\");\n script_xref(name:\"RHSA\", value:\"2018:1104\");\n\n script_name(english:\"RHEL 7 : Virtualization (RHSA-2018:1104)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nThe following packages have been upgraded to a later upstream version:\nqemu-kvm-rhev (2.10.0). (BZ#1470749)\n\nSecurity Fix(es) :\n\n* Qemu: stack-based buffer overflow in NBD server triggered via long\nexport name (CVE-2017-15118)\n\n* Qemu: DoS via large option request (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update\n(CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* Qemu: memory exhaustion through framebuffer update request message\nin VNC server (CVE-2017-15124)\n\n* Qemu: I/O: potential memory exhaustion via websock connection to VNC\n(CVE-2017-15268)\n\n* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank David Buchanan for reporting\nCVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for\nreporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting\nCVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were\ndiscovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was\ndiscovered by Daniel Berrange (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5683\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1104\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"qemu-kvm-rhev-2.10.0\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Virtualization\");\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.10.0-21.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.10.0-21.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.10.0-21.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.10.0-21.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.10.0-21.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-23T16:30:56", "description": "This update for qemu fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\n - CVE-2019-6778: Fixed an out-of-bounds access in slirp\n (bsc#1123156)\n\n - CVE-2018-16872: Fixed a host security vulnerability\n related to handling symlinks in usb-mtp (bsc#1119493)\n\n - CVE-2018-19489: Fixed a Denial-of-Service in virtfs\n (bsc#1117275)\n\n - CVE-2018-19364: Fixed an use-after-free vulnerability if\n virtfs interface is deliberately abused (bsc#1116717)\n\n - CVE-2018-18954: Fixed an out-of-bounds access performing\n PowerNV memory operations (bsc#1114957)\n\n - CVE-2017-13673: Fixed a reachable assert failure during\n during display update (bsc#1056386)\n\n - CVE-2017-13672: Fixed an out-of-bounds read access\n during display update (bsc#1056334)\n\n - CVE-2018-7858: Fixed an out-of-bounds access in cirrus\n when updating vga display allowing for Denial-of-Service\n (bsc#1084604)\n\nOther bug fixes and changes :\n\n - Fix pwrite64/pread64/write to return 0 over -1 for a\n zero length NULL buffer in qemu (bsc#1121600)\n\n - Fix bad guest time after migration (bsc#1113231)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-29T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2019-1074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-13673", "CVE-2019-6778", "CVE-2018-18954", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-16872", "CVE-2018-7858"], "modified": "2019-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2019-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/123493", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1074.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123493);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2018-16872\", \"CVE-2018-18954\", \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-7858\", \"CVE-2019-6778\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-1074)\");\n script_summary(english:\"Check for the openSUSE-2019-1074 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\n - CVE-2019-6778: Fixed an out-of-bounds access in slirp\n (bsc#1123156)\n\n - CVE-2018-16872: Fixed a host security vulnerability\n related to handling symlinks in usb-mtp (bsc#1119493)\n\n - CVE-2018-19489: Fixed a Denial-of-Service in virtfs\n (bsc#1117275)\n\n - CVE-2018-19364: Fixed an use-after-free vulnerability if\n virtfs interface is deliberately abused (bsc#1116717)\n\n - CVE-2018-18954: Fixed an out-of-bounds access performing\n PowerNV memory operations (bsc#1114957)\n\n - CVE-2017-13673: Fixed a reachable assert failure during\n during display update (bsc#1056386)\n\n - CVE-2017-13672: Fixed an out-of-bounds read access\n during display update (bsc#1056334)\n\n - CVE-2018-7858: Fixed an out-of-bounds access in cirrus\n when updating vga display allowing for Denial-of-Service\n (bsc#1084604)\n\nOther bug fixes and changes :\n\n - Fix pwrite64/pread64/write to return 0 over -1 for a\n zero length NULL buffer in qemu (bsc#1121600)\n\n - Fix bad guest time after migration (bsc#1113231)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123156\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ipxe-1.0.0+-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debugsource-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-seabios-1.10.2-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-sgabios-8-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-vgabios-1.10.2-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ksm-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-lang-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-testsuite-2.9.1-56.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:17:26", "description": "This update for qemu fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\nCVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)\n\nCVE-2018-16872: Fixed a host security vulnerability related to\nhandling symlinks in usb-mtp (bsc#1119493)\n\nCVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)\n\nCVE-2018-19364: Fixed an use-after-free vulnerability if virtfs\ninterface is deliberately abused (bsc#1116717)\n\nCVE-2018-18954: Fixed an out-of-bounds access performing PowerNV\nmemory operations (bsc#1114957)\n\nCVE-2017-13673: Fixed a reachable assert failure during during display\nupdate (bsc#1056386)\n\nCVE-2017-13672: Fixed an out-of-bounds read access during display\nupdate (bsc#1056334)\n\nCVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating\nvga display allowing for Denial-of-Service (bsc#1084604)\n\nOther bug fixes and changes: Fix pwrite64/pread64/write to return 0\nover -1 for a zero length NULL buffer in qemu (bsc#1121600)\n\nFix bad guest time after migration (bsc#1113231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:0582-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-13673", "CVE-2019-6778", "CVE-2018-18954", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-16872", "CVE-2018-7858"], "modified": "2019-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2019-0582-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0582-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122776);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2018-16872\", \"CVE-2018-18954\", \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-7858\", \"CVE-2019-6778\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:0582-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\nCVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)\n\nCVE-2018-16872: Fixed a host security vulnerability related to\nhandling symlinks in usb-mtp (bsc#1119493)\n\nCVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)\n\nCVE-2018-19364: Fixed an use-after-free vulnerability if virtfs\ninterface is deliberately abused (bsc#1116717)\n\nCVE-2018-18954: Fixed an out-of-bounds access performing PowerNV\nmemory operations (bsc#1114957)\n\nCVE-2017-13673: Fixed a reachable assert failure during during display\nupdate (bsc#1056386)\n\nCVE-2017-13672: Fixed an out-of-bounds read access during display\nupdate (bsc#1056334)\n\nCVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating\nvga display allowing for Denial-of-Service (bsc#1084604)\n\nOther bug fixes and changes: Fix pwrite64/pread64/write to return 0\nover -1 for a zero length NULL buffer in qemu (bsc#1121600)\n\nFix bad guest time after migration (bsc#1113231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18954/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19489/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6778/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190582-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6d1a06d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-582=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-582=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-debugsource-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-kvm-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-lang-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-6.28.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:13", "description": "xen: various flaws (#1501391) multiple MSI mapping issues on x86\n[XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor\nstack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in\nlinear pagetable de-typing [XSA-240] Stale TLB entry due to page type\nrelease race [XSA-241] page type reference leak on x86 [XSA-242] x86:\nIncorrect handling of self-linear shadow mappings with translated\nguests [XSA-243] x86: Incorrect handling of IST settings during CPU\nhotplug [XSA-244]\n\n----\n\nARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "title": "Fedora 26 : xen (2017-5bcddc1984)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15592", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-13672", "CVE-2017-15595"], "modified": "2017-11-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-5BCDDC1984.NASL", "href": "https://www.tenable.com/plugins/nessus/104310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5bcddc1984.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104310);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-15588\", \"CVE-2017-15589\", \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15592\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-15595\");\n script_xref(name:\"FEDORA\", value:\"2017-5bcddc1984\");\n\n script_name(english:\"Fedora 26 : xen (2017-5bcddc1984)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1501391) multiple MSI mapping issues on x86\n[XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor\nstack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in\nlinear pagetable de-typing [XSA-240] Stale TLB entry due to page type\nrelease race [XSA-241] page type reference leak on x86 [XSA-242] x86:\nIncorrect handling of self-linear shadow mappings with translated\nguests [XSA-243] x86: Incorrect handling of IST settings during CPU\nhotplug [XSA-244]\n\n----\n\nARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5bcddc1984\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.2-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:14:07", "description": "xen: various flaws (#1501391) multiple MSI mapping issues on x86\n[XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor\nstack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in\nlinear pagetable de-typing [XSA-240] Stale TLB entry due to page type\nrelease race [XSA-241] page type reference leak on x86 [XSA-242] x86:\nIncorrect handling of self-linear shadow mappings with translated\nguests [XSA-243] x86: Incorrect handling of IST settings during CPU\nhotplug [XSA-244]\n\n----\n\nARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-02T00:00:00", "title": "Fedora 25 : xen (2017-d4709b0d8b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15592", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-13672", "CVE-2017-15595"], "modified": "2017-11-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-D4709B0D8B.NASL", "href": "https://www.tenable.com/plugins/nessus/104347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d4709b0d8b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104347);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-15588\", \"CVE-2017-15589\", \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15592\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-15595\");\n script_xref(name:\"FEDORA\", value:\"2017-d4709b0d8b\");\n\n script_name(english:\"Fedora 25 : xen (2017-d4709b0d8b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1501391) multiple MSI mapping issues on x86\n[XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor\nstack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in\nlinear pagetable de-typing [XSA-240] Stale TLB entry due to page type\nrelease race [XSA-241] page type reference leak on x86 [XSA-242] x86:\nIncorrect handling of self-linear shadow mappings with translated\nguests [XSA-243] x86: Incorrect handling of IST settings during CPU\nhotplug [XSA-244]\n\n----\n\nARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable\nassert failure during during display update [CVE-2017-13673]\n(#1486591) Qemu: vga: OOB read access during display update\n[CVE-2017-13672] (#1486562)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4709b0d8b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.3-7.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:55:49", "description": "According to the versions of the qemu packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An integer overflow issue was found in the NE200 NIC\n emulation. It could occur while receiving packets from\n the network, if the size value was greater than\n INT_MAX. Such overflow would lead to stack buffer\n overflow issue. A user inside guest could use this flaw\n to crash the QEMU process, resulting in DoS scenario.\n (CVE-2018-10839)\n\n - qmp_guest_file_read in qga/commands-posix.c and\n qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent)\n in QEMU 2.12.50 has an integer overflow causing a\n g_malloc0() call to trigger a segmentation fault when\n trying to allocate a large memory chunk. The\n vulnerability can be exploited by sending a crafted QMP\n command (including guest-file-read with a large count\n value) to the agent via the listening\n socket.(CVE-2018-12617)\n\n - Qemu before version 2.9 is vulnerable to an improper\n link following when built with the VirtFS. A privileged\n user inside guest could use this flaw to access host\n file system beyond the shared folder and potentially\n escalating their privileges on a host. (CVE-2016-9602)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur while loading a kernel image during the guest\n boot, if mh_load_end_addr address is greater than the\n mh_bss_end_addr address. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2018-7550)\n\n - An out-of-bounds read access issue was found in the VGA\n display emulator built into the Quick emulator (QEMU).\n It could occur while reading VGA memory to update\n graphics display. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service\n situation.(CVE-2017-13672)\n\n - An assert failure issue was found in the VGA display\n emulator built into the Quick emulator (QEMU). It could\n occur while updating graphics display, due to\n miscalculating region for dirty bitmap snapshot in\n split screen mode. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service.\n (CVE-2017-13673)\n\n - The Network Block Device (NBD) server in Quick Emulator\n (QEMU), is vulnerable to a denial of service issue. It\n could occur if a client sent large option requests,\n making the server waste CPU time on reading up to 4GB\n per request. A client could use this flaw to keep the\n NBD server from serving other requests, resulting in\n DoS.(CVE-2017-15119)\n\n - QEMU (aka Quick Emulator) before 2.9.0, when built with\n the USB OHCI Emulation support, allows local guest OS\n users to cause a denial of service (infinite loop) by\n leveraging an incorrect return value, a different\n vulnerability than CVE-2017-6505.(CVE-2017-9330)\n\n - Integer overflow in the macro ROUND_UP (n, d) in Quick\n Emulator (Qemu) allows a user to cause a denial of\n service (Qemu process crash). (CVE-2017-18043)\n\n - VNC server implementation in Quick Emulator (QEMU) was\n found to be vulnerable to an unbounded memory\n allocation issue, as it did not throttle the\n framebuffer updates sent to its client. If the client\n did not consume these updates, VNC server allocates\n growing memory to hold onto this data. A malicious\n remote VNC client could use this flaw to cause DoS to\n the server host.(CVE-2017-15124)\n\n - A memory leakage issue was found in the I/O channels\n websockets implementation of the Quick Emulator (QEMU).\n It could occur while sending screen updates to a\n client, which is slow to read and process them further.\n A privileged guest user could use this flaw to cause a\n denial of service on the host and/or potentially crash\n the QEMU process instance on the host.(CVE-2017-15268)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2017-14167)\n\n - Memory leak in QEMU (aka Quick Emulator), when built\n with IDE AHCI Emulation support, allows local guest OS\n privileged users to cause a denial of service (memory\n consumption) by repeatedly hot-unplugging the AHCI\n device.(CVE-2017-9373)\n\n - Memory leak in the serial_exit_core function in\n hw/char/serial.c in QEMU (aka Quick Emulator) allows\n local guest OS privileged users to cause a denial of\n service (host memory consumption and QEMU process\n crash) via a large number of device unplug\n operations.(CVE-2017-5579)\n\n - ** DISPUTED ** The disas_insn function in\n target/i386/translate.c in QEMU before 2.9.0, when TCG\n mode without hardware acceleration is used, does not\n limit the instruction size, which allows local users to\n gain privileges by creating a modified basic block that\n injects code into a setuid program, as demonstrated by\n procmail. NOTE: the vendor has stated 'this bug does\n not violate any security guarantees QEMU\n makes.'(CVE-2017-8284)\n\n - Memory leak in the keyboard input event handlers\n support in QEMU (aka Quick Emulator) allows local guest\n OS privileged users to cause a denial of service (host\n memory consumption) by rapidly generating large\n keyboard events.(CVE-2017-8379)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-6505", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "modified": "2019-05-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-guest-agent", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-gpu-specs", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:qemu-kvm-tools", "p-cpe:/a:huawei:euleros:qemu-seabios"], "id": "EULEROS_SA-2019-1444.NASL", "href": "https://www.tenable.com/plugins/nessus/124947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124947);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9602\",\n \"CVE-2017-13672\",\n \"CVE-2017-13673\",\n \"CVE-2017-14167\",\n \"CVE-2017-15119\",\n \"CVE-2017-15124\",\n \"CVE-2017-15268\",\n \"CVE-2017-18043\",\n \"CVE-2017-5579\",\n \"CVE-2017-8284\",\n \"CVE-2017-8379\",\n \"CVE-2017-9330\",\n \"CVE-2017-9373\",\n \"CVE-2018-10839\",\n \"CVE-2018-12617\",\n \"CVE-2018-7550\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An integer overflow issue was found in the NE200 NIC\n emulation. It could occur while receiving packets from\n the network, if the size value was greater than\n INT_MAX. Such overflow would lead to stack buffer\n overflow issue. A user inside guest could use this flaw\n to crash the QEMU process, resulting in DoS scenario.\n (CVE-2018-10839)\n\n - qmp_guest_file_read in qga/commands-posix.c and\n qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent)\n in QEMU 2.12.50 has an integer overflow causing a\n g_malloc0() call to trigger a segmentation fault when\n trying to allocate a large memory chunk. The\n vulnerability can be exploited by sending a crafted QMP\n command (including guest-file-read with a large count\n value) to the agent via the listening\n socket.(CVE-2018-12617)\n\n - Qemu before version 2.9 is vulnerable to an improper\n link following when built with the VirtFS. A privileged\n user inside guest could use this flaw to access host\n file system beyond the shared folder and potentially\n escalating their privileges on a host. (CVE-2016-9602)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur while loading a kernel image during the guest\n boot, if mh_load_end_addr address is greater than the\n mh_bss_end_addr address. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2018-7550)\n\n - An out-of-bounds read access issue was found in the VGA\n display emulator built into the Quick emulator (QEMU).\n It could occur while reading VGA memory to update\n graphics display. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service\n situation.(CVE-2017-13672)\n\n - An assert failure issue was found in the VGA display\n emulator built into the Quick emulator (QEMU). It could\n occur while updating graphics display, due to\n miscalculating region for dirty bitmap snapshot in\n split screen mode. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service.\n (CVE-2017-13673)\n\n - The Network Block Device (NBD) server in Quick Emulator\n (QEMU), is vulnerable to a denial of service issue. It\n could occur if a client sent large option requests,\n making the server waste CPU time on reading up to 4GB\n per request. A client could use this flaw to keep the\n NBD server from serving other requests, resulting in\n DoS.(CVE-2017-15119)\n\n - QEMU (aka Quick Emulator) before 2.9.0, when built with\n the USB OHCI Emulation support, allows local guest OS\n users to cause a denial of service (infinite loop) by\n leveraging an incorrect return value, a different\n vulnerability than CVE-2017-6505.(CVE-2017-9330)\n\n - Integer overflow in the macro ROUND_UP (n, d) in Quick\n Emulator (Qemu) allows a user to cause a denial of\n service (Qemu process crash). (CVE-2017-18043)\n\n - VNC server implementation in Quick Emulator (QEMU) was\n found to be vulnerable to an unbounded memory\n allocation issue, as it did not throttle the\n framebuffer updates sent to its client. If the client\n did not consume these updates, VNC server allocates\n growing memory to hold onto this data. A malicious\n remote VNC client could use this flaw to cause DoS to\n the server host.(CVE-2017-15124)\n\n - A memory leakage issue was found in the I/O channels\n websockets implementation of the Quick Emulator (QEMU).\n It could occur while sending screen updates to a\n client, which is slow to read and process them further.\n A privileged guest user could use this flaw to cause a\n denial of service on the host and/or potentially crash\n the QEMU process instance on the host.(CVE-2017-15268)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2017-14167)\n\n - Memory leak in QEMU (aka Quick Emulator), when built\n with IDE AHCI Emulation support, allows local guest OS\n privileged users to cause a denial of service (memory\n consumption) by repeatedly hot-unplugging the AHCI\n device.(CVE-2017-9373)\n\n - Memory leak in the serial_exit_core function in\n hw/char/serial.c in QEMU (aka Quick Emulator) allows\n local guest OS privileged users to cause a denial of\n service (host memory consumption and QEMU process\n crash) via a large number of device unplug\n operations.(CVE-2017-5579)\n\n - ** DISPUTED ** The disas_insn function in\n target/i386/translate.c in QEMU before 2.9.0, when TCG\n mode without hardware acceleration is used, does not\n limit the instruction size, which allows local users to\n gain privileges by creating a modified basic block that\n injects code into a setuid program, as demonstrated by\n procmail. NOTE: the vendor has stated 'this bug does\n not violate any security guarantees QEMU\n makes.'(CVE-2017-8284)\n\n - Memory leak in the keyboard input event handlers\n support in QEMU (aka Quick Emulator) allows local guest\n OS privileged users to cause a denial of service (host\n memory consumption) by rapidly generating large\n keyboard events.(CVE-2017-8379)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1444\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5f46bb7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-gpu-specs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-gpu-specs-2.8.1-30.027\",\n \"qemu-guest-agent-2.8.1-30.027\",\n \"qemu-img-2.8.1-30.027\",\n \"qemu-kvm-2.8.1-30.027\",\n \"qemu-kvm-common-2.8.1-30.027\",\n \"qemu-kvm-tools-2.8.1-30.027\",\n \"qemu-seabios-2.8.1-30.027\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:55:39", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An integer overflow issue was found in the NE200 NIC\n emulation. It could occur while receiving packets from\n the network, if the size value was greater than\n INT_MAX. Such overflow would lead to stack buffer\n overflow issue. A user inside guest could use this flaw\n to crash the QEMU process, resulting in DoS scenario.\n (CVE-2018-10839)\n\n - qmp_guest_file_read in qga/commands-posix.c and\n qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent)\n in QEMU 2.12.50 has an integer overflow causing a\n g_malloc0() call to trigger a segmentation fault when\n trying to allocate a large memory chunk. The\n vulnerability can be exploited by sending a crafted QMP\n command (including guest-file-read with a large count\n value) to the agent via the listening\n socket.(CVE-2018-12617)\n\n - Qemu before version 2.9 is vulnerable to an improper\n link following when built with the VirtFS. A privileged\n user inside guest could use this flaw to access host\n file system beyond the shared folder and potentially\n escalating their privileges on a host. (CVE-2016-9602)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur while loading a kernel image during the guest\n boot, if mh_load_end_addr address is greater than the\n mh_bss_end_addr address. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2018-7550)\n\n - An out-of-bounds read access issue was found in the VGA\n display emulator built into the Quick emulator (QEMU).\n It could occur while reading VGA memory to update\n graphics display. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service\n situation.(CVE-2017-13672)\n\n - An assert failure issue was found in the VGA display\n emulator built into the Quick emulator (QEMU). It could\n occur while updating graphics display, due to\n miscalculating region for dirty bitmap snapshot in\n split screen mode. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service.\n (CVE-2017-13673)\n\n - The Network Block Device (NBD) server in Quick Emulator\n (QEMU), is vulnerable to a denial of service issue. It\n could occur if a client sent large option requests,\n making the server waste CPU time on reading up to 4GB\n per request. A client could use this flaw to keep the\n NBD server from serving other requests, resulting in\n DoS.(CVE-2017-15119)\n\n - QEMU (aka Quick Emulator) before 2.9.0, when built with\n the USB OHCI Emulation support, allows local guest OS\n users to cause a denial of service (infinite loop) by\n leveraging an incorrect return value, a different\n vulnerability than CVE-2017-6505.(CVE-2017-9330)\n\n - Integer overflow in the macro ROUND_UP (n, d) in Quick\n Emulator (Qemu) allows a user to cause a denial of\n service (Qemu process crash). (CVE-2017-18043)\n\n - VNC server implementation in Quick Emulator (QEMU) was\n found to be vulnerable to an unbounded memory\n allocation issue, as it did not throttle the\n framebuffer updates sent to its client. If the client\n did not consume these updates, VNC server allocates\n growing memory to hold onto this data. A malicious\n remote VNC client could use this flaw to cause DoS to\n the server host.(CVE-2017-15124)\n\n - A memory leakage issue was found in the I/O channels\n websockets implementation of the Quick Emulator (QEMU).\n It could occur while sending screen updates to a\n client, which is slow to read and process them further.\n A privileged guest user could use this flaw to cause a\n denial of service on the host and/or potentially crash\n the QEMU process instance on the host.(CVE-2017-15268)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2017-14167)\n\n - Memory leak in QEMU (aka Quick Emulator), when built\n with IDE AHCI Emulation support, allows local guest OS\n privileged users to cause a denial of service (memory\n consumption) by repeatedly hot-unplugging the AHCI\n device.(CVE-2017-9373)\n\n - Memory leak in the serial_exit_core function in\n hw/char/serial.c in QEMU (aka Quick Emulator) allows\n local guest OS privileged users to cause a denial of\n service (host memory consumption and QEMU process\n crash) via a large number of device unplug\n operations.(CVE-2017-5579)\n\n - ** DISPUTED ** The disas_insn function in\n target/i386/translate.c in QEMU before 2.9.0, when TCG\n mode without hardware acceleration is used, does not\n limit the instruction size, which allows local users to\n gain privileges by creating a modified basic block that\n injects code into a setuid program, as demonstrated by\n procmail. NOTE: the vendor has stated 'this bug does\n not violate any security guarantees QEMU\n makes.'(CVE-2017-8284)\n\n - Memory leak in the keyboard input event handlers\n support in QEMU (aka Quick Emulator) allows local guest\n OS privileged users to cause a denial of service (host\n memory consumption) by rapidly generating large\n keyboard events.(CVE-2017-8379)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-6505", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "modified": "2019-05-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:qemu-kvm-tools"], "id": "EULEROS_SA-2019-1405.NASL", "href": "https://www.tenable.com/plugins/nessus/124908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124908);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9602\",\n \"CVE-2017-13672\",\n \"CVE-2017-13673\",\n \"CVE-2017-14167\",\n \"CVE-2017-15119\",\n \"CVE-2017-15124\",\n \"CVE-2017-15268\",\n \"CVE-2017-18043\",\n \"CVE-2017-5579\",\n \"CVE-2017-8284\",\n \"CVE-2017-8379\",\n \"CVE-2017-9330\",\n \"CVE-2017-9373\",\n \"CVE-2018-10839\",\n \"CVE-2018-12617\",\n \"CVE-2018-7550\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An integer overflow issue was found in the NE200 NIC\n emulation. It could occur while receiving packets from\n the network, if the size value was greater than\n INT_MAX. Such overflow would lead to stack buffer\n overflow issue. A user inside guest could use this flaw\n to crash the QEMU process, resulting in DoS scenario.\n (CVE-2018-10839)\n\n - qmp_guest_file_read in qga/commands-posix.c and\n qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent)\n in QEMU 2.12.50 has an integer overflow causing a\n g_malloc0() call to trigger a segmentation fault when\n trying to allocate a large memory chunk. The\n vulnerability can be exploited by sending a crafted QMP\n command (including guest-file-read with a large count\n value) to the agent via the listening\n socket.(CVE-2018-12617)\n\n - Qemu before version 2.9 is vulnerable to an improper\n link following when built with the VirtFS. A privileged\n user inside guest could use this flaw to access host\n file system beyond the shared folder and potentially\n escalating their privileges on a host. (CVE-2016-9602)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur while loading a kernel image during the guest\n boot, if mh_load_end_addr address is greater than the\n mh_bss_end_addr address. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2018-7550)\n\n - An out-of-bounds read access issue was found in the VGA\n display emulator built into the Quick emulator (QEMU).\n It could occur while reading VGA memory to update\n graphics display. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service\n situation.(CVE-2017-13672)\n\n - An assert failure issue was found in the VGA display\n emulator built into the Quick emulator (QEMU). It could\n occur while updating graphics display, due to\n miscalculating region for dirty bitmap snapshot in\n split screen mode. A privileged user/process inside\n guest could use this flaw to crash the QEMU process on\n the host resulting in denial of service.\n (CVE-2017-13673)\n\n - The Network Block Device (NBD) server in Quick Emulator\n (QEMU), is vulnerable to a denial of service issue. It\n could occur if a client sent large option requests,\n making the server waste CPU time on reading up to 4GB\n per request. A client could use this flaw to keep the\n NBD server from serving other requests, resulting in\n DoS.(CVE-2017-15119)\n\n - QEMU (aka Quick Emulator) before 2.9.0, when built with\n the USB OHCI Emulation support, allows local guest OS\n users to cause a denial of service (infinite loop) by\n leveraging an incorrect return value, a different\n vulnerability than CVE-2017-6505.(CVE-2017-9330)\n\n - Integer overflow in the macro ROUND_UP (n, d) in Quick\n Emulator (Qemu) allows a user to cause a denial of\n service (Qemu process crash). (CVE-2017-18043)\n\n - VNC server implementation in Quick Emulator (QEMU) was\n found to be vulnerable to an unbounded memory\n allocation issue, as it did not throttle the\n framebuffer updates sent to its client. If the client\n did not consume these updates, VNC server allocates\n growing memory to hold onto this data. A malicious\n remote VNC client could use this flaw to cause DoS to\n the server host.(CVE-2017-15124)\n\n - A memory leakage issue was found in the I/O channels\n websockets implementation of the Quick Emulator (QEMU).\n It could occur while sending screen updates to a\n client, which is slow to read and process them further.\n A privileged guest user could use this flaw to cause a\n denial of service on the host and/or potentially crash\n the QEMU process instance on the host.(CVE-2017-15268)\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host.(CVE-2017-14167)\n\n - Memory leak in QEMU (aka Quick Emulator), when built\n with IDE AHCI Emulation support, allows local guest OS\n privileged users to cause a denial of service (memory\n consumption) by repeatedly hot-unplugging the AHCI\n device.(CVE-2017-9373)\n\n - Memory leak in the serial_exit_core function in\n hw/char/serial.c in QEMU (aka Quick Emulator) allows\n local guest OS privileged users to cause a denial of\n service (host memory consumption and QEMU process\n crash) via a large number of device unplug\n operations.(CVE-2017-5579)\n\n - ** DISPUTED ** The disas_insn function in\n target/i386/translate.c in QEMU before 2.9.0, when TCG\n mode without hardware acceleration is used, does not\n limit the instruction size, which allows local users to\n gain privileges by creating a modified basic block that\n injects code into a setuid program, as demonstrated by\n procmail. NOTE: the vendor has stated 'this bug does\n not violate any security guarantees QEMU\n makes.'(CVE-2017-8284)\n\n - Memory leak in the keyboard input event handlers\n support in QEMU (aka Quick Emulator) allows local guest\n OS privileged users to cause a denial of service (host\n memory consumption) by rapidly generating large\n keyboard events.(CVE-2017-8379)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1405\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?21fa9e3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-2.8.1-30.025\",\n \"qemu-kvm-2.8.1-30.025\",\n \"qemu-kvm-common-2.8.1-30.025\",\n \"qemu-kvm-tools-2.8.1-30.025\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13672", "CVE-2017-13673"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-10-10T19:33:06", "published": "2017-10-10T19:33:06", "id": "FEDORA:3A7BD6133B26", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.0-11.fc27", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13672", "CVE-2017-13673", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-11-01T16:45:54", "published": "2017-11-01T16:45:54", "id": "FEDORA:F2BD760997CB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.3-7.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13672", "CVE-2017-13673", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-11-01T00:11:32", "published": "2017-11-01T00:11:32", "id": "FEDORA:F3BA860769F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.2-4.fc26", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11334", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14318", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17046", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-12T18:27:24", "published": "2018-05-12T18:27:24", "id": "FEDORA:6315F608DDDD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-4.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11334", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14318", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17046", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-27T19:19:06", "published": "2018-05-27T19:19:06", "id": "FEDORA:E655260321A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-5.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13673", "CVE-2017-13672"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181259", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1259)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1259\");\n script_version(\"2020-01-23T11:19:13+0000\");\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1259)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1259\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1259\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2018-1259 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.(CVE-2017-13672)\n\nThe vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.(CVE-2017-13673)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~25.127\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~25.127\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~25.127\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T17:09:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-13673", "CVE-2019-6778", "CVE-2018-18954", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-16872", "CVE-2018-7858"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310852359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852359", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1074-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852359\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2018-16872\", \"CVE-2018-18954\",\n \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-7858\", \"CVE-2019-6778\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:41:20 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1074-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1074-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2019:1074-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security vulnerabilities addressed:\n\n - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)\n\n - CVE-2018-16872: Fixed a host security vulnerability related to handling\n symlinks in usb-mtp (bsc#1119493)\n\n - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)\n\n - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs\n interface is deliberately abused (bsc#1116717)\n\n - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory\n operations (bsc#1114957)\n\n - CVE-2017-13673: Fixed a reachable assert failure during during display\n update (bsc#1056386)\n\n - CVE-2017-13672: Fixed an out-of-bounds read access during display update\n (bsc#1056334)\n\n - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga\n display allowing for Denial-of-Service (bsc#1084604)\n\n Other bug fixes and changes:\n\n - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL\n buffer in qemu (bsc#1121600)\n\n - Fix bad guest time after migration (bsc#1113231)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1074=1\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~56.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15592", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-13672", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310873562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873562", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-d4709b0d8b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_d4709b0d8b_xen_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-d4709b0d8b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873562\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 11:13:56 +0100 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2017-13673\", \"CVE-2017-13672\", \"CVE-2017-15590\", \"CVE-2017-15591\",\n \"CVE-2017-15589\", \"CVE-2017-15595\", \"CVE-2017-15588\", \"CVE-2017-15593\",\n \"CVE-2017-15592\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-d4709b0d8b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-d4709b0d8b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXXVHVMUK6LKXWAIDZDOQA4FEI5LN5AT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.3~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15592", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-13672", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310873558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873558", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-5bcddc1984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_5bcddc1984_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-5bcddc1984\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873558\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 18:05:34 +0530 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2017-13673\", \"CVE-2017-13672\", \"CVE-2017-15590\", \"CVE-2017-15591\",\n \"CVE-2017-15589\", \"CVE-2017-15595\", \"CVE-2017-15588\", \"CVE-2017-15593\",\n \"CVE-2017-15592\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-5bcddc1984\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-5bcddc1984\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYLZFELDR4ESWID6BGOFVRA3W5M7SHND\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.2~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191444", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-1444)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1444\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2016-9602\", \"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-14167\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\", \"CVE-2017-18043\", \"CVE-2017-5579\", \"CVE-2017-8284\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2018-10839\", \"CVE-2018-12617\", \"CVE-2018-7550\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-1444)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1444\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1444\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu' package(s) announced via the EulerOS-SA-2019-1444 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario. (CVE-2018-10839)\n\nqmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.(CVE-2018-12617)\n\nQemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. (CVE-2016-9602)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550)\n\nAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672)\n\nAn assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. (CVE-2017-13673)\n\nThe Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.(CVE-2017-15119)\n\nQEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-gpu-specs\", rpm:\"qemu-gpu-specs~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191405", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1405)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1405\");\n script_version(\"2020-01-23T11:42:22+0000\");\n script_cve_id(\"CVE-2016-9602\", \"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-14167\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\", \"CVE-2017-18043\", \"CVE-2017-5579\", \"CVE-2017-8284\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2018-10839\", \"CVE-2018-12617\", \"CVE-2018-7550\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:42:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:42:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1405)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1405\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1405\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2019-1405 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario. (CVE-2018-10839)\n\nqmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.(CVE-2018-12617)\n\nQemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. (CVE-2016-9602)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550)\n\nAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672)\n\nAn assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. (CVE-2017-13673)\n\nThe Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.(CVE-2017-15119)\n\nQEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-15595", "CVE-2017-9524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-28T00:00:00", "id": "OPENVAS:1361412562310874616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874616", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-7cd077ddd3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7cd077ddd3_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-7cd077ddd3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874616\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-28 05:53:47 +0200 (Mon, 28 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\",\n \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17044\",\n \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\",\n \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\",\n \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\", \"CVE-2017-13672\",\n \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\", \"CVE-2017-14319\",\n \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\", \"CVE-2017-11334\",\n \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\", \"CVE-2017-7718\",\n \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-7cd077ddd3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7cd077ddd3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFPXZZ4KQ6AGMTQLMLDRU2CQ4SRCPWK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-15597", "CVE-2018-10472", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2017-15595", "CVE-2017-9524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-13T00:00:00", "id": "OPENVAS:1361412562310874435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874435", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-eb69078020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_eb69078020_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-eb69078020\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-13 05:45:06 +0200 (Sun, 13 May 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\",\n \"CVE-2017-13672\", \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\",\n \"CVE-2017-14319\", \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\",\n \"CVE-2017-11334\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\",\n \"CVE-2017-7718\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\",\n \"CVE-2017-12855\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-eb69078020\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-eb69078020\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTBUMHXXYEU5ST4CRY3CHNJZUII77XCT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:31:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13672", "CVE-2017-13673", "CVE-2017-13711", "CVE-2017-15118", "CVE-2017-15119", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update (CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. (CVE-2017-15124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673 and Wjjzhang (Tencent.com) for reporting CVE-2017-13711. The CVE-2017-15119 issue was discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).", "modified": "2018-04-26T02:06:13", "published": "2018-04-11T21:35:52", "id": "RHSA-2018:1113", "href": "https://access.redhat.com/errata/RHSA-2018:1113", "type": "redhat", "title": "(RHSA-2018:1113) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13672", "CVE-2017-13673", "CVE-2017-13711", "CVE-2017-15118", "CVE-2017-15119", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nThe following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.10.0). (BZ#1470749)\n\nSecurity Fix(es):\n\n* Qemu: stack buffer overflow in NBD server triggered via long export name (CVE-2017-15118)\n\n* Qemu: DoS via large option request (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update (CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)\n\n* Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)\n\n* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).", "modified": "2018-04-10T22:44:01", "published": "2018-04-10T22:43:01", "id": "RHSA-2018:1104", "href": "https://access.redhat.com/errata/RHSA-2018:1104", "type": "redhat", "title": "(RHSA-2018:1104) Important: qemu-kvm-rhev security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2019-03-29T02:51:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2017-13673", "CVE-2019-6778", "CVE-2018-18954", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-16872", "CVE-2018-7858"], "description": "This update for qemu fixes the following issues:\n\n Security vulnerabilities addressed:\n\n - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)\n - CVE-2018-16872: Fixed a host security vulnerability related to handling\n symlinks in usb-mtp (bsc#1119493)\n - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)\n - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs\n interface is deliberately abused (bsc#1116717)\n - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory\n operations (bsc#1114957)\n - CVE-2017-13673: Fixed a reachable assert failure during during display\n update (bsc#1056386)\n - CVE-2017-13672: Fixed an out-of-bounds read access during display update\n (bsc#1056334)\n - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga\n display allowing for Denial-of-Service (bsc#1084604)\n\n Other bug fixes and changes:\n\n - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL\n buffer in qemu (bsc#1121600)\n - Fix bad guest time after migration (bsc#1113231)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-03-29T00:09:22", "published": "2019-03-29T00:09:22", "id": "OPENSUSE-SU-2019:1074-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-17962", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858"], "description": "[15:3.0.0-1.el7]\n- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963}\n- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962}\n- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958}\n- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839}\n- seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746}\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724]\n- kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) \n- Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) \n- Update version for v3.0.0 release (Peter Maydell) \n- Update version for v3.0.0-rc4 release (Peter Maydell) \n- virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) \n- slirp: Correct size check in m_inc() (Peter Maydell) \n- target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) \n- hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) \n- hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) \n- target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) \n- hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) \n- hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) \n- tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) \n- tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) \n- pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) \n- tests/acpi-test: update ACPI tables test blobs (Dou Liyang) \n- hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) \n- vhost: check region type before casting (Tiwei Bie) \n- sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) \n- hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) \n- Update version for v3.0.0-rc3 release (Peter Maydell) \n- monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) \n- linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) \n- tests: add check_invalid_maps to test-mmap (Alex Bennee) \n- linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) \n- s390x/sclp: fix maxram calculation (Christian Borntraeger) \n- target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) \n- hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) \n- hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) \n- armv7m_nvic: Fix m-security subsection name (Peter Maydell) \n- hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) \n- arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) \n- qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) \n- block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) \n- block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) \n- file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) \n- block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) \n- iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) \n- qemu-img: Add -C option for convert with copy offloading (Fam Zheng) \n- Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) \n- iotests: Dont lock /dev/null in 226 (Fam Zheng) \n- docs: Describe using images in writing iotests (Fam Zheng) \n- file-posix: Handle EINTR in preallocation=full write (Fam Zheng) \n- qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) \n- qcow: fix a reference leak (KONRAD Frederic) \n- backends/cryptodev: remove dead code (Jay Zhou) \n- timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) \n- i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) \n- i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) \n- qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) \n- qstring: Assert size calculations dont overflow (Markus Armbruster) \n- qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) \n- Update version for v3.0.0-rc2 release (Peter Maydell) \n- tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) \n- tests: use error_abort in places expecting errors (Daniel P. Berrange) \n- tests: dont silence error reporting for all tests (Daniel P. Berrange) \n- tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) \n- migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) \n- tests: only update last_byte when at the edge (Peter Xu) \n- migration: disallow recovery for release-ram (Peter Xu) \n- migration: update recv bitmap only on dest vm (Peter Xu) \n- audio/hda: Fix migration (Dr. David Alan Gilbert) \n- migrate: Fix cancelling state warning (Dr. David Alan Gilbert) \n- migration: fix potential overflow in multifd send (Peter Xu) \n- block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) \n- tests/tcg: remove runcom test (Alex Bennee) \n- docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) \n- docker: ignore distro versioning of debootstrap (Alex Bennee) \n- docker: add commentary to debian-bootstrap.docker (Alex Bennee) \n- docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) \n- docker: report hint when docker.py check fails (Alex Bennee) \n- docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) \n- docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) \n- docker: add test-unit runner (Alex Bennee) \n- docker: Makefile.include dont include partial images (Alex Bennee) \n- docker: gracefully skip check_qemu (Alex Bennee) \n- docker: move make check into check_qemu helper (Alex Bennee) \n- docker: split configure_qemu from build_qemu (Alex Bennee) \n- docker: fail more gracefully on docker.py check (Alex Bennee) \n- docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) \n- docker: base debian-tricore on qemu:debian9 (Alex Bennee) \n- tests/.gitignore: dont ignore docker tests (Alex Bennee) \n- target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) \n- hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) \n- ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) \n- qga: process_event() simplification and leak fix (Marc-Andre Lureau) \n- qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) \n- tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) \n- i386: Rename enum CacheType members (Eduardo Habkost) \n- block/vvfat: Disable debug message by default (Thomas Huth) \n- iotests: Disallow compat=0.10 in 223 (Max Reitz) \n- iotest: Fix filtering order in 226 (Max Reitz) \n- iotests: remove LUKS support from test 226 (John Snow) \n- qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) \n- block: Fix typos in comments (found by codespell) (Stefan Weil) \n- qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) \n- hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) \n- hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) \n- target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) \n- hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) \n- hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) \n- monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) \n- qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) \n- po: Dont include comments with location (Stefan Weil) \n- linux-user/ppc: Implement swapcontext syscall (Richard Henderson) \n- linux-user: fix ELF load alignment error (Laurent Vivier) \n- tap: fix memory leak on success to create a tap device (Yunjian Wang) \n- e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) \n- tcg/aarch64: limit mul_vec size (Alex Bennee) \n- spike: Fix crash when introspecting the device (Alistair Francis) \n- riscv_hart: Fix crash when introspecting the device (Alistair Francis) \n- virt: Fix crash when introspecting the device (Alistair Francis) \n- sifive_u: Fix crash when introspecting the device (Alistair Francis) \n- sifive_e: Fix crash when introspecting the device (Alistair Francis) \n- tracing: Use double-dash spelling for trace option (Yaowei Bai) \n- throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) \n- s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) \n- Update version for v3.0.0-rc1 release (Peter Maydell) \n- Document command line options with single dash (BALATON Zoltan) \n- opts: remove redundant check for NULL parameter (Daniel P. Berrange) \n- i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) \n- i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) \n- hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) \n- hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) \n- hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) \n- hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) \n- hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) \n- hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) \n- hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) \n- hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) \n- hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) \n- hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) \n- hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) \n- hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) \n- hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) \n- hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) \n- hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) \n- hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) \n- qom/object: Add a new function object_initialize_child() (Thomas Huth) \n- qga: fix file descriptor leak (Paolo Bonzini) \n- qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) \n- accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) \n- accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) \n- bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) \n- hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) \n- hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) \n- hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) \n- aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) \n- target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) \n- virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) \n- qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) \n- hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) \n- PC Chipset: Improve serial divisor calculation (Calvin Lee) \n- vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) \n- hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) \n- hyperv: rename vcpu_id to vp_index (Roman Kagan) \n- accel: Fix typo and grammar in comment (Stefan Weil) \n- dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) \n- monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) \n- MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) \n- qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) \n- cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) \n- qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) \n- sm501: Fix warning about unreachable code (BALATON Zoltan) \n- sam460ex: Correct use after free error (BALATON Zoltan) \n- etsec: fix IRQ (un)masking (Michael Davidsaver) \n- ppc/xics: fix ICP reset path (Greg Kurz) \n- spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) \n- sm501: Update screen on frame buffer address change (BALATON Zoltan) \n- Zero out the hosts 'msg_control' buffer (Jonas Schievink) \n- linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) \n- linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) \n- linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) \n- docs: Grammar and spelling fixes (Ville Skytte) \n- qemu-img: align result of is_allocated_sectors (Peter Lieven) \n- scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) \n- iotests: add test 226 for file driver types (John Snow) \n- file-posix: specify expected filetypes (John Snow) \n- iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) \n- iotests: 153: Fix dead code (Fam Zheng) \n- ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) \n- seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) \n- vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) \n- monitor: fix double-free of request error (Marc-Andre Lureau) \n- error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) \n- s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda)\n[12:2.11.1-2.el7]\n- hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753]\n- qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753]\n- pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753]\n- block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106]\n- Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106]\n- block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106]\n- block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106]\n- block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106]\n- aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106]\n- qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300]\n- multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550}\n- CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030}\n- vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858}\n- keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795]\n- qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337]\n[12:2.11.1-1.el7]\n- BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04\n- Update qemu.spec version for 2.11.1", "edition": 69, "modified": "2018-11-28T00:00:00", "published": "2018-11-28T00:00:00", "id": "ELSA-2018-4289", "href": "http://linux.oracle.com/errata/ELSA-2018-4289.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-15T23:10:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-17962", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858"], "description": "[15:3.0.0-1.el7]\n- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963}\n- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962}\n- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958}\n- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839}\n- seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746}\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724]\n- kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) \n- Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) \n- Update version for v3.0.0 release (Peter Maydell) \n- Update version for v3.0.0-rc4 release (Peter Maydell) \n- virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) \n- slirp: Correct size check in m_inc() (Peter Maydell) \n- target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) \n- hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) \n- hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) \n- target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) \n- hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) \n- hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) \n- tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) \n- tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) \n- pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) \n- tests/acpi-test: update ACPI tables test blobs (Dou Liyang) \n- hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) \n- vhost: check region type before casting (Tiwei Bie) \n- sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) \n- hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) \n- Update version for v3.0.0-rc3 release (Peter Maydell) \n- monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) \n- linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) \n- tests: add check_invalid_maps to test-mmap (Alex Bennee) \n- linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) \n- s390x/sclp: fix maxram calculation (Christian Borntraeger) \n- target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) \n- hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) \n- hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) \n- armv7m_nvic: Fix m-security subsection name (Peter Maydell) \n- hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) \n- arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) \n- qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) \n- block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) \n- block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) \n- file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) \n- block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) \n- iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) \n- qemu-img: Add -C option for convert with copy offloading (Fam Zheng) \n- Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) \n- iotests: Dont lock /dev/null in 226 (Fam Zheng) \n- docs: Describe using images in writing iotests (Fam Zheng) \n- file-posix: Handle EINTR in preallocation=full write (Fam Zheng) \n- qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) \n- qcow: fix a reference leak (KONRAD Frederic) \n- backends/cryptodev: remove dead code (Jay Zhou) \n- timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) \n- i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) \n- i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) \n- qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) \n- qstring: Assert size calculations dont overflow (Markus Armbruster) \n- qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) \n- Update version for v3.0.0-rc2 release (Peter Maydell) \n- tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) \n- tests: use error_abort in places expecting errors (Daniel P. Berrange) \n- tests: dont silence error reporting for all tests (Daniel P. Berrange) \n- tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) \n- migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) \n- tests: only update last_byte when at the edge (Peter Xu) \n- migration: disallow recovery for release-ram (Peter Xu) \n- migration: update recv bitmap only on dest vm (Peter Xu) \n- audio/hda: Fix migration (Dr. David Alan Gilbert) \n- migrate: Fix cancelling state warning (Dr. David Alan Gilbert) \n- migration: fix potential overflow in multifd send (Peter Xu) \n- block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) \n- tests/tcg: remove runcom test (Alex Bennee) \n- docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) \n- docker: ignore distro versioning of debootstrap (Alex Bennee) \n- docker: add commentary to debian-bootstrap.docker (Alex Bennee) \n- docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) \n- docker: report hint when docker.py check fails (Alex Bennee) \n- docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) \n- docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) \n- docker: add test-unit runner (Alex Bennee) \n- docker: Makefile.include dont include partial images (Alex Bennee) \n- docker: gracefully skip check_qemu (Alex Bennee) \n- docker: move make check into check_qemu helper (Alex Bennee) \n- docker: split configure_qemu from build_qemu (Alex Bennee) \n- docker: fail more gracefully on docker.py check (Alex Bennee) \n- docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) \n- docker: base debian-tricore on qemu:debian9 (Alex Bennee) \n- tests/.gitignore: dont ignore docker tests (Alex Bennee) \n- target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) \n- hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) \n- ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) \n- qga: process_event() simplification and leak fix (Marc-Andre Lureau) \n- qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) \n- tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) \n- i386: Rename enum CacheType members (Eduardo Habkost) \n- block/vvfat: Disable debug message by default (Thomas Huth) \n- iotests: Disallow compat=0.10 in 223 (Max Reitz) \n- iotest: Fix filtering order in 226 (Max Reitz) \n- iotests: remove LUKS support from test 226 (John Snow) \n- qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) \n- block: Fix typos in comments (found by codespell) (Stefan Weil) \n- qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) \n- hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) \n- hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) \n- target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) \n- hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) \n- hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) \n- monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) \n- qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) \n- po: Dont include comments with location (Stefan Weil) \n- linux-user/ppc: Implement swapcontext syscall (Richard Henderson) \n- linux-user: fix ELF load alignment error (Laurent Vivier) \n- tap: fix memory leak on success to create a tap device (Yunjian Wang) \n- e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) \n- tcg/aarch64: limit mul_vec size (Alex Bennee) \n- spike: Fix crash when introspecting the device (Alistair Francis) \n- riscv_hart: Fix crash when introspecting the device (Alistair Francis) \n- virt: Fix crash when introspecting the device (Alistair Francis) \n- sifive_u: Fix crash when introspecting the device (Alistair Francis) \n- sifive_e: Fix crash when introspecting the device (Alistair Francis) \n- tracing: Use double-dash spelling for trace option (Yaowei Bai) \n- throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) \n- s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) \n- Update version for v3.0.0-rc1 release (Peter Maydell) \n- Document command line options with single dash (BALATON Zoltan) \n- opts: remove redundant check for NULL parameter (Daniel P. Berrange) \n- i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) \n- i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) \n- hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) \n- hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) \n- hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) \n- hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) \n- hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) \n- hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) \n- hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) \n- hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) \n- hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) \n- hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) \n- hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) \n- hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) \n- hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) \n- hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) \n- hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) \n- hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) \n- qom/object: Add a new function object_initialize_child() (Thomas Huth) \n- qga: fix file descriptor leak (Paolo Bonzini) \n- qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) \n- accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) \n- accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) \n- bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) \n- hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) \n- hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) \n- hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) \n- aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) \n- target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) \n- virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) \n- qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) \n- hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) \n- PC Chipset: Improve serial divisor calculation (Calvin Lee) \n- vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) \n- hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) \n- hyperv: rename vcpu_id to vp_index (Roman Kagan) \n- accel: Fix typo and grammar in comment (Stefan Weil) \n- dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) \n- monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) \n- MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) \n- qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) \n- cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) \n- qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) \n- sm501: Fix warning about unreachable code (BALATON Zoltan) \n- sam460ex: Correct use after free error (BALATON Zoltan) \n- etsec: fix IRQ (un)masking (Michael Davidsaver) \n- ppc/xics: fix ICP reset path (Greg Kurz) \n- spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) \n- sm501: Update screen on frame buffer address change (BALATON Zoltan) \n- Zero out the hosts 'msg_control' buffer (Jonas Schievink) \n- linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) \n- linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) \n- linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) \n- docs: Grammar and spelling fixes (Ville Skytte) \n- qemu-img: align result of is_allocated_sectors (Peter Lieven) \n- scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) \n- iotests: add test 226 for file driver types (John Snow) \n- file-posix: specify expected filetypes (John Snow) \n- iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) \n- iotests: 153: Fix dead code (Fam Zheng) \n- ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) \n- seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) \n- vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) \n- monitor: fix double-free of request error (Marc-Andre Lureau) \n- error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) \n- s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda)\n[12:2.11.1-2.el7]\n- hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753]\n- qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753]\n- pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753]\n- block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106]\n- Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106]\n- block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106]\n- block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106]\n- block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106]\n- aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106]\n- qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300]\n- multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550}\n- CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030}\n- vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858}\n- keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795]\n- qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337]\n[12:2.11.1-1.el7]\n- BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04\n- Update qemu.spec version for 2.11.1", "edition": 70, "modified": "2018-11-20T00:00:00", "published": "2018-11-20T00:00:00", "id": "ELSA-2018-4285", "href": "http://linux.oracle.com/errata/ELSA-2018-4285.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-22T17:08:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2018-19489", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2018-16867", "CVE-2017-15038", "CVE-2018-20125", "CVE-2018-16847", "CVE-2018-20126", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2018-20216", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2018-18849", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858", "CVE-2018-20124"], "description": "[15:3.1.0-1.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 29216704]\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]\n- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]\n- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]\n- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}\n- pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}\n- pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}\n- pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}\n- pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}\n- rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- i386: Add 'stibp' flag name (Eduardo Habkost) \n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]\n- Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)", "edition": 3, "modified": "2019-03-15T00:00:00", "published": "2019-03-15T00:00:00", "id": "ELSA-2019-4585", "href": "http://linux.oracle.com/errata/ELSA-2019-4585.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-22T17:15:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2018-19489", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2018-12126", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2018-16867", "CVE-2017-15038", "CVE-2018-20125", "CVE-2018-16847", "CVE-2018-20126", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2019-8934", "CVE-2018-12127", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2018-20216", "CVE-2019-6778", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815", "CVE-2017-10806", "CVE-2019-5008", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2019-3812", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2019-6501", "CVE-2018-3639", "CVE-2019-11091", "CVE-2018-7858", "CVE-2018-20124", "CVE-2018-12130"], "description": "[15:3.1.0-3.el7]\n- x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as\n fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}\n {CVE-2018-12130} {CVE-2019-11091}\n[15:3.1.0-2.el7]\n- x86: Add mds feature (Karl Heubaum) \n- e1000: Never increment the RX undersize count register (Chris Kenna) \n- qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562]\n- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548]\n- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548]\n- parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548]\n- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]\n- Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}\n- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815}\n- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824}\n- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}\n- scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501}\n- slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}\n[15:3.1.0-1.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 29216704]\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]\n- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]\n- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]\n- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}\n- pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}\n- pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}\n- pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}\n- pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}\n- rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- i386: Add 'stibp' flag name (Eduardo Habkost) \n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]\n- Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4630", "href": "http://linux.oracle.com/errata/ELSA-2019-4630.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
