{"id": "DEBIAN:DSA-3088-1:6F9C5", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3088-1] qemu-kvm security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3088-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 04, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nCVE ID : CVE-2014-8106\n\nPaolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu-kvm, a full\nvirtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6+deb7u6.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-12-04T13:45:15", "modified": "2014-12-04T13:45:15", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00278.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2014-8106"], "type": "debian", "lastseen": "2019-05-30T02:21:44", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-8106"]}, {"type": "centos", "idList": ["CESA-2015:0867", "CESA-2015:0349"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0349", "ELSA-2015-0867"]}, {"type": "redhat", "idList": ["RHSA-2015:0624", "RHSA-2015:0867", "RHSA-2015:0891", "RHSA-2015:0349", "RHSA-2015:0795", "RHSA-2015:0643", "RHSA-2015:0868"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3087-1:AADD9"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14003", "SECURITYVULNS:DOC:31478"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3088.NASL", "REDHAT-RHSA-2015-0867.NASL", "SUSE_SU-2015-0349-1.NASL", "ORACLELINUX_ELSA-2015-0867.NASL", "CENTOS_RHSA-2015-0867.NASL", "FEDORA_2015-1886.NASL", "UBUNTU_USN-2439-1.NASL", "DEBIAN_DSA-3087.NASL", "SL_20150421_QEMU_KVM_ON_SL6_X.NASL", "REDHAT-RHSA-2015-0868.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121323", "OPENVAS:703088", "OPENVAS:1361412562310105258", "OPENVAS:1361412562310882173", "OPENVAS:703087", "OPENVAS:1361412562310703088", "OPENVAS:1361412562310869238", "OPENVAS:1361412562310703087", "OPENVAS:1361412562310871359", "OPENVAS:1361412562310123130"]}, {"type": "ubuntu", "idList": ["USN-2439-1"]}, {"type": "gentoo", "idList": ["GLSA-201412-37"]}, {"type": "fedora", "idList": ["FEDORA:4C485604E838", "FEDORA:327666015E56", "FEDORA:6D23360762AF", "FEDORA:EACF360879A8", "FEDORA:EBA7060877F8"]}, {"type": "f5", "idList": ["SOL63519101", "F5:K63519101"]}, {"type": "suse", "idList": ["SUSE-SU-2017:0718-1", "SUSE-SU-2017:0647-1", "SUSE-SU-2017:0582-1"]}], "modified": "2019-05-30T02:21:44", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-05-30T02:21:44", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "qemu-kvm_1.1.2+dfsg-6+deb7u6_all.deb", "packageName": "qemu-kvm", "packageVersion": "1.1.2+dfsg-6+deb7u6"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:14:35", "description": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.", "edition": 6, "cvss3": {}, "published": "2014-12-08T16:59:00", "title": "CVE-2014-8106", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8106"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:qemu:qemu:2.1.2", "cpe:/a:qemu:qemu:2.1.1", "cpe:/a:qemu:qemu:2.1.0"], "id": "CVE-2014-8106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8106", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:25:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0867\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space with\nattacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033120.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0867.html", "edition": 3, "modified": "2015-04-22T09:45:47", "published": "2015-04-22T09:45:47", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033120.html", "id": "CESA-2015:0867", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106", "CVE-2014-3640", "CVE-2014-7815", "CVE-2014-7840"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0349\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux\non AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A privileged\nguest user could use this flaw to write outside of VRAM-allocated buffer\nboundaries in the host's QEMU process address space with attacker-provided data.\n(CVE-2014-8106)\n\nAn uninitialized data structure use flaw was found in the way the\nset_pixel_format() function sanitized the value of bits_per_pixel. An attacker\nable to access a guest's VNC console could use this flaw to crash the guest.\n(CVE-2014-7815)\n\nIt was found that certain values that were read when loading RAM during\nmigration were not validated. A user able to alter the savevm data (either on\nthe disk or over the wire during migration) could use either of these flaws to\ncorrupt QEMU process memory on the (destination) host, which could potentially\nresult in arbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-7840)\n\nA NULL pointer dereference flaw was found in the way QEMU handled UDP packets\nwith a source port and address of 0 when QEMU's user networking was in use. A\nlocal guest user could use this flaw to crash the guest. (CVE-2014-3640)\n\nRed Hat would like to thank James Spadaro of Cisco for reporting CVE-2014-7815,\nand Xavier Mehrenberger and Stephane Duverger of Airbus for reporting\nCVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini of Red Hat,\nand the CVE-2014-7840 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nBug fixes:\n\n* The KVM utility executed demanding routing update system calls every time it\nperformed an MSI vector mask/unmask operation. Consequently, guests running\nlegacy systems such as Red Hat Enterprise Linux 5 could, under certain\ncircumstances, experience significant slowdown. Now, the routing system calls\nduring mask/unmask operations are skipped, and the performance of legacy guests\nis now more consistent. (BZ#1098976)\n\n* Due to a bug in the Internet Small Computer System Interface (iSCSI) driver, a\nqemu-kvm process terminated unexpectedly with a segmentation fault when the\n\"write same\" command was executed in guest mode under the iSCSI protocol. This\nupdate fixes the bug, and the \"write same\" command now functions in guest mode\nunder iSCSI as intended. (BZ#1083413)\n\n* The QEMU command interface did not properly handle resizing of cache memory\nduring guest migration, causing QEMU to terminate unexpectedly with a\nsegmentation fault. This update fixes the related code, and QEMU no longer\ncrashes in the described situation. (BZ#1066338)\n\nEnhancements:\n\n* The maximum number of supported virtual CPUs (vCPUs) in a KVM guest has been\nincreased to 240. This increases the number of virtual processing units that the\nuser can assign to the guest, and therefore improves its performance potential.\n(BZ#1134408)\n\n* Support for the 5th Generation Intel Core processors has been added to the\nQEMU hypervisor, the KVM kernel code, and the libvirt API. This allows KVM\nguests to use the following instructions and features: ADCX, ADOX, RDSFEED,\nPREFETCHW, and supervisor mode access prevention (SMAP). (BZ#1116117)\n\n* The \"dump-guest-memory\" command now supports crash dump compression. This\nmakes it possible for users who cannot use the \"virsh dump\" command to require\nless hard disk space for guest crash dumps. In addition, saving a compressed\nguest crash dump frequently takes less time than saving a non-compressed one.\n(BZ#1157798)\n\n* This update introduces support for flight recorder tracing, which uses\nSystemTap to automatically capture qemu-kvm data while the guest machine is\nrunning. For detailed instructions on how to configure and use flight recorder\ntracing, see the Virtualization Deployment and Administration Guide, linked to\nin the References section below. (BZ#1088112)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007973.html\n\n**Affected packages:**\nlibcacard\nlibcacard-devel\nlibcacard-tools\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0349.html", "edition": 3, "modified": "2015-03-17T13:29:43", "published": "2015-03-17T13:29:43", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/007973.html", "id": "CESA-2015:0349", "title": "libcacard, qemu security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM, in\nenvironments managed by Red Hat Enterprise Linux OpenStack Platform.\n\nIt was found that the Cirrus blit region checks were insufficient.\nA privileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.\n", "modified": "2018-03-19T16:26:56", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0643", "href": "https://access.redhat.com/errata/RHSA-2015:0643", "type": "redhat", "title": "(RHSA-2015:0643) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM, in\nenvironments managed by Red Hat Enterprise Linux OpenStack Platform.\n\nIt was found that the Cirrus blit region checks were insufficient.\nA privileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.\n", "modified": "2018-03-19T16:26:42", "published": "2015-04-09T04:00:00", "id": "RHSA-2015:0795", "href": "https://access.redhat.com/errata/RHSA-2015:0795", "type": "redhat", "title": "(RHSA-2015:0795) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM in environments\nmanaged by Red Hat Enterprise Virtualization Manager.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.\n", "modified": "2018-06-07T08:59:41", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0868", "href": "https://access.redhat.com/errata/RHSA-2015:0868", "type": "redhat", "title": "(RHSA-2015:0868) Important: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM, in\nenvironments managed by Red Hat Enterprise Linux OpenStack Platform.\n\nIt was found that the Cirrus blit region checks were insufficient.\nA privileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once all\nvirtual machines have shut down, start them again for this update to take\neffect.", "modified": "2018-06-07T02:47:55", "published": "2015-04-28T09:25:42", "id": "RHSA-2015:0891", "href": "https://access.redhat.com/errata/RHSA-2015:0891", "type": "redhat", "title": "(RHSA-2015:0891) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space with\nattacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0867", "href": "https://access.redhat.com/errata/RHSA-2015:0867", "type": "redhat", "title": "(RHSA-2015:0867) Important: qemu-kvm security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3640", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM, in\nenvironments managed by Red Hat Enterprise Virtualization Manager.\n\nIt was found that the Cirrus blit region checks were insufficient.\nA privileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nAn uninitialized data structure use flaw was found in the way the\nset_pixel_format() function sanitized the value of bits_per_pixel.\nAn attacker able to access a guest's VNC console could use this flaw to\ncrash the guest. (CVE-2014-7815)\n\nIt was found that certain values that were read when loading RAM during\nmigration were not validated. A user able to alter the savevm data (either\non the disk or over the wire during migration) could use either of these\nflaws to corrupt QEMU process memory on the (destination) host, which could\npotentially result in arbitrary code execution on the host with the\nprivileges of the QEMU process. (CVE-2014-7840)\n\nA NULL pointer dereference flaw was found in the way QEMU handled UDP\npackets with a source port and address of 0 when QEMU's user networking was\nin use. A local guest user could use this flaw to crash the guest.\n(CVE-2014-3640)\n\nRed Hat would like to thank James Spadaro of Cisco for reporting\nCVE-2014-7815, and Xavier Mehrenberger and Stephane Duverger of Airbus for\nreporting CVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini\nof Red Hat, and the CVE-2014-7840 issue was discovered by Michael S.\nTsirkin of Red Hat.\n\nThis update provides the enhanced version of the qemu-kvm-rhev packages for\nRed Hat Enterprise Virtualization (RHEV) Hypervisor, which also fixes\nseveral bugs and adds various enhancements.\n\nAll Red Hat Enterprise Virtualization users with deployed virtualization\nhosts are advised to install these updated packages, which add this\nenhancement. After installing this update, shut down all running virtual\nmachines. Once all virtual machines have shut down, start them again for\nthis update to take effect.", "modified": "2018-04-25T15:53:00", "published": "2015-03-05T14:19:16", "id": "RHSA-2015:0624", "href": "https://access.redhat.com/errata/RHSA-2015:0624", "type": "redhat", "title": "(RHSA-2015:0624) Important: qemu-kvm-rhev security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3640", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux\non AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A privileged\nguest user could use this flaw to write outside of VRAM-allocated buffer\nboundaries in the host's QEMU process address space with attacker-provided data.\n(CVE-2014-8106)\n\nAn uninitialized data structure use flaw was found in the way the\nset_pixel_format() function sanitized the value of bits_per_pixel. An attacker\nable to access a guest's VNC console could use this flaw to crash the guest.\n(CVE-2014-7815)\n\nIt was found that certain values that were read when loading RAM during\nmigration were not validated. A user able to alter the savevm data (either on\nthe disk or over the wire during migration) could use either of these flaws to\ncorrupt QEMU process memory on the (destination) host, which could potentially\nresult in arbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-7840)\n\nA NULL pointer dereference flaw was found in the way QEMU handled UDP packets\nwith a source port and address of 0 when QEMU's user networking was in use. A\nlocal guest user could use this flaw to crash the guest. (CVE-2014-3640)\n\nRed Hat would like to thank James Spadaro of Cisco for reporting CVE-2014-7815,\nand Xavier Mehrenberger and Stephane Duverger of Airbus for reporting\nCVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini of Red Hat,\nand the CVE-2014-7840 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nBug fixes:\n\n* The KVM utility executed demanding routing update system calls every time it\nperformed an MSI vector mask/unmask operation. Consequently, guests running\nlegacy systems such as Red Hat Enterprise Linux 5 could, under certain\ncircumstances, experience significant slowdown. Now, the routing system calls\nduring mask/unmask operations are skipped, and the performance of legacy guests\nis now more consistent. (BZ#1098976)\n\n* Due to a bug in the Internet Small Computer System Interface (iSCSI) driver, a\nqemu-kvm process terminated unexpectedly with a segmentation fault when the\n\"write same\" command was executed in guest mode under the iSCSI protocol. This\nupdate fixes the bug, and the \"write same\" command now functions in guest mode\nunder iSCSI as intended. (BZ#1083413)\n\n* The QEMU command interface did not properly handle resizing of cache memory\nduring guest migration, causing QEMU to terminate unexpectedly with a\nsegmentation fault. This update fixes the related code, and QEMU no longer\ncrashes in the described situation. (BZ#1066338)\n\nEnhancements:\n\n* The maximum number of supported virtual CPUs (vCPUs) in a KVM guest has been\nincreased to 240. This increases the number of virtual processing units that the\nuser can assign to the guest, and therefore improves its performance potential.\n(BZ#1134408)\n\n* Support for the 5th Generation Intel Core processors has been added to the\nQEMU hypervisor, the KVM kernel code, and the libvirt API. This allows KVM\nguests to use the following instructions and features: ADCX, ADOX, RDSFEED,\nPREFETCHW, and supervisor mode access prevention (SMAP). (BZ#1116117)\n\n* The \"dump-guest-memory\" command now supports crash dump compression. This\nmakes it possible for users who cannot use the \"virsh dump\" command to require\nless hard disk space for guest crash dumps. In addition, saving a compressed\nguest crash dump frequently takes less time than saving a non-compressed one.\n(BZ#1157798)\n\n* This update introduces support for flight recorder tracing, which uses\nSystemTap to automatically capture qemu-kvm data while the guest machine is\nrunning. For detailed instructions on how to configure and use flight recorder\ntracing, see the Virtualization Deployment and Administration Guide, linked to\nin the References section below. (BZ#1088112)\n", "modified": "2018-04-12T03:33:32", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0349", "href": "https://access.redhat.com/errata/RHSA-2015:0349", "type": "redhat", "title": "(RHSA-2015:0349) Important: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "[0.12.1.2-2.448.el6_6.2]\n- kvm-cirrus-fix-blit-region-check.patch [bz#1170571]\n- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1170571]\n- Resolves: bz#1170571\n (CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks [rhel-6.6.z])\n[0.12.1.2-2.448.el6_6.1]\n- kvm-net-Forbid-dealing-with-packets-when-VM-is-not-run_2.patch [bz#970103]\n- kvm-virtio-net-drop-assert-on-vm-stop.patch [bz#970103]\n- kvm-migration-set-speed-to-maximum-during-last-stage_2.patch [bz#970103]\n- kvm-migration-only-call-append-when-there-is-something_2.patch [bz#970103]\n- kvm-migration-Only-call-memmove-when-there-is-anything-t.patch [bz#970103]\n- kvm-migration-remove-not-needed-ram_save_remaining-fun_2.patch [bz#970103]\n- kvm-migration-move-bandwidth-calculation-to-inside-sta_2.patch [bz#970103]\n- kvm-migration-Don-t-calculate-bandwidth-when-last-cycl_2.patch [bz#970103]\n- kvm-buffered_flush-return-errors.patch [bz#970103]\n- kvm-bandwidth_limit-standarize-in-size_t.patch [bz#970103]\n- kvm-fix-bz-1196970.patch [bz#1196970]\n- Resolves: bz#1196970\n (Migrate status is failed after migrate_cancel.)\n- Resolves: bz#970103\n (Downtime during live migration of busy VM is much higher than migration_downtime in vdsm.conf)", "edition": 4, "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "ELSA-2015-0867", "href": "http://linux.oracle.com/errata/ELSA-2015-0867.html", "title": "qemu-kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4536", "CVE-2013-4542", "CVE-2014-0223", "CVE-2014-8106", "CVE-2014-2894", "CVE-2013-4527", "CVE-2013-4535", "CVE-2014-0222", "CVE-2014-3640", "CVE-2013-6399", "CVE-2013-4541", "CVE-2014-0182", "CVE-2013-4149", "CVE-2013-4148", "CVE-2014-7815", "CVE-2014-3461", "CVE-2014-7840", "CVE-2013-4151", "CVE-2014-3615", "CVE-2013-4529", "CVE-2014-5263", "CVE-2013-4150"], "description": "[1.5.3-86.el7]\n- kvm-vfio-pci-Fix-interrupt-disabling.patch [bz#1180942]\n- kvm-cirrus-fix-blit-region-check.patch [bz#1169456]\n- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1169456]\n- Resolves: bz#1169456\n (CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks [rhel-7.1])\n- Resolves: bz#1180942\n (qemu core dumped when unhotplug gpu card assigned to guest)\n[1.5.3-85.el7]\n- kvm-block-delete-cow-block-driver.patch [bz#1175325]\n- Resolves: bz#1175325\n (Delete cow block driver)\n[1.5.3-84.el7]\n- kvm-qemu-iotests-Test-case-for-backing-file-deletion.patch [bz#1002493]\n- kvm-qemu-iotests-Add-sample-image-and-test-for-VMDK-vers.patch [bz#1134237]\n- kvm-vmdk-Check-VMFS-extent-line-field-number.patch [bz#1134237]\n- kvm-qemu-iotests-Introduce-_unsupported_imgopts.patch [bz#1002493]\n- kvm-qemu-iotests-Add-_unsupported_imgopts-for-vmdk-subfo.patch [bz#1002493]\n- kvm-vmdk-Fix-big-flat-extent-IO.patch [bz#1134241]\n- kvm-vmdk-Check-for-overhead-when-opening.patch [bz#1134251]\n- kvm-block-vmdk-add-basic-.bdrv_check-support.patch [bz#1134251]\n- kvm-qemu-iotest-Make-077-raw-only.patch [bz#1134237]\n- kvm-qemu-iotests-Don-t-run-005-on-vmdk-split-formats.patch [bz#1002493]\n- kvm-vmdk-extract-vmdk_read_desc.patch [bz#1134251]\n- kvm-vmdk-push-vmdk_read_desc-up-to-caller.patch [bz#1134251]\n- kvm-vmdk-do-not-try-opening-a-file-as-both-image-and-des.patch [bz#1134251]\n- kvm-vmdk-correctly-propagate-errors.patch [bz#1134251]\n- kvm-block-vmdk-do-not-report-file-offset-for-compressed-.patch [bz#1134251]\n- kvm-vmdk-Fix-d-and-lld-to-PRI-in-format-strings.patch [bz#1134251]\n- kvm-vmdk-Fix-x-to-PRIx32-in-format-strings-for-cid.patch [bz#1134251]\n- kvm-qemu-img-Convert-by-cluster-size-if-target-is-compre.patch [bz#1134283]\n- kvm-vmdk-Implement-.bdrv_write_compressed.patch [bz#1134283]\n- kvm-vmdk-Implement-.bdrv_get_info.patch [bz#1134283]\n- kvm-qemu-iotests-Test-converting-to-streamOptimized-from.patch [bz#1134283]\n- kvm-vmdk-Fix-local_err-in-vmdk_create.patch [bz#1134283]\n- kvm-fpu-softfloat-drop-INLINE-macro.patch [bz#1002493]\n- kvm-block-New-bdrv_nb_sectors.patch [bz#1002493]\n- kvm-vmdk-Optimize-cluster-allocation.patch [bz#1002493]\n- kvm-vmdk-Handle-failure-for-potentially-large-allocation.patch [bz#1002493]\n- kvm-vmdk-Use-bdrv_nb_sectors-where-sectors-not-bytes-are.patch [bz#1002493]\n- kvm-vmdk-fix-vmdk_parse_extents-extent_file-leaks.patch [bz#1002493]\n- kvm-vmdk-fix-buf-leak-in-vmdk_parse_extents.patch [bz#1002493]\n- kvm-vmdk-Fix-integer-overflow-in-offset-calculation.patch [bz#1002493]\n- kvm-migration-fix-parameter-validation-on-ram-load-CVE-2.patch [bz#1163078]\n- Resolves: bz#1002493\n (qemu-img convert rate about 100k/second from qcow2/raw to vmdk format on nfs system file)\n- Resolves: bz#1134237\n (Opening malformed VMDK description file should fail)\n- Resolves: bz#1134241\n (QEMU fails to correctly read/write on VMDK with big flat extent)\n- Resolves: bz#1134251\n (Opening an obviously truncated VMDK image should fail)\n- Resolves: bz#1134283\n (qemu-img convert from ISO to streamOptimized fails)\n- Resolves: bz#1163078\n (CVE-2014-7840 qemu-kvm: qemu: insufficient parameter validation during ram load [rhel-7.1])\n[1.5.3-83.el7]\n- kvm-xhci-add-sanity-checks-to-xhci_lookup_uport.patch [bz#1074219]\n- kvm-Revert-Build-ceph-rbd-only-for-rhev.patch [bz#1140742]\n- kvm-Revert-rbd-Only-look-for-qemu-specific-copy-of-librb.patch [bz#1140742]\n- kvm-Revert-rbd-link-and-load-librbd-dynamically.patch [bz#1140742]\n- kvm-spec-Enable-rbd-driver-add-dependency.patch [bz#1140742]\n- Resolves: bz#1074219\n (qemu core dump when install a RHEL.7 guest(xhci) with migration)\n- Resolves: bz#1140742\n (Enable native support for Ceph)\n[1.5.3-82.el7]\n- kvm-hw-pci-fixed-error-flow-in-pci_qdev_init.patch [bz#1046007]\n- kvm-hw-pci-fixed-hotplug-crash-when-using-rombar-0-with-.patch [bz#1046007]\n- Resolves: bz#1046007\n (qemu-kvm aborted when hot plug PCI device to guest with romfile and rombar=0)\n[1.5.3-81.el7]\n- kvm-migration-static-variables-will-not-be-reset-at-seco.patch [bz#1071776]\n- kvm-vfio-pci-Add-debug-config-options-to-disable-MSI-X-K.patch [bz#1098976]\n- kvm-vfio-correct-debug-macro-typo.patch [bz#1098976]\n- kvm-vfio-pci-Fix-MSI-X-debug-code.patch [bz#1098976]\n- kvm-vfio-pci-Fix-MSI-X-masking-performance.patch [bz#1098976]\n- kvm-vfio-Fix-MSI-X-vector-expansion.patch [bz#1098976]\n- kvm-vfio-Don-t-cache-MSIMessage.patch [bz#1098976]\n- Resolves: bz#1071776\n (Migration 'expected downtime' does not refresh after reset to a new value)\n- Resolves: bz#1098976\n (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)\n[1.5.3-80.el7]\n- kvm-dump-RHEL-specific-fix-for-CPUState-bug-introduced-b.patch [bz#1161563]\n- kvm-dump-guest-memory-Check-for-the-correct-return-value.patch [bz#1157798]\n- kvm-dump-const-qualify-the-buf-of-WriteCoreDumpFunction.patch [bz#1157798]\n- kvm-dump-add-argument-to-write_elfxx_notes.patch [bz#1157798]\n- kvm-dump-add-API-to-write-header-of-flatten-format.patch [bz#1157798]\n- kvm-dump-add-API-to-write-vmcore.patch [bz#1157798]\n- kvm-dump-add-API-to-write-elf-notes-to-buffer.patch [bz#1157798]\n- kvm-dump-add-support-for-lzo-snappy.patch [bz#1157798]\n- kvm-RPM-spec-build-qemu-kvm-with-lzo-and-snappy-enabled-.patch [bz#1157798]\n- kvm-dump-add-members-to-DumpState-and-init-some-of-them.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump-header.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump_bitmap.patch [bz#1157798]\n- kvm-dump-add-APIs-to-operate-DataCache.patch [bz#1157798]\n- kvm-dump-add-API-to-write-dump-pages.patch [bz#1157798]\n- kvm-dump-Drop-qmp_dump_guest_memory-stub-and-build-for-a.patch [bz#1157798]\n- kvm-dump-make-kdump-compressed-format-available-for-dump.patch [bz#1157798]\n- kvm-Define-the-architecture-for-compressed-dump-format.patch [bz#1157798]\n- kvm-dump-add-query-dump-guest-memory-capability-command.patch [bz#1157798]\n- kvm-dump-Drop-pointless-error_is_set-DumpState-member-er.patch [bz#1157798]\n- kvm-dump-fill-in-the-flat-header-signature-more-pleasing.patch [bz#1157798]\n- kvm-dump-simplify-write_start_flat_header.patch [bz#1157798]\n- kvm-dump-eliminate-DumpState.page_shift-guest-s-page-shi.patch [bz#1157798]\n- kvm-dump-eliminate-DumpState.page_size-guest-s-page-size.patch [bz#1157798]\n- kvm-dump-select-header-bitness-based-on-ELF-class-not-EL.patch [bz#1157798]\n- kvm-dump-hoist-lzo_init-from-get_len_buf_out-to-dump_ini.patch [bz#1157798]\n- kvm-dump-simplify-get_len_buf_out.patch [bz#1157798]\n- kvm-rename-parse_enum_option-to-qapi_enum_parse-and-make.patch [bz#1087724]\n- kvm-qapi-introduce-PreallocMode-and-new-PreallocModes-fu.patch [bz#1087724]\n- kvm-raw-posix-Add-falloc-and-full-preallocation-option.patch [bz#1087724]\n- kvm-qcow2-Add-falloc-and-full-preallocation-option.patch [bz#1087724]\n- kvm-vga-fix-invalid-read-after-free.patch [bz#1161890]\n- kvm-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch [bz#1140618]\n- kvm-vnc-sanitize-bits_per_pixel-from-the-client.patch [bz#1157645]\n- kvm-spice-call-qemu_spice_set_passwd-during-init.patch [bz#1138639]\n- kvm-block-raw-posix-Try-both-FIEMAP-and-SEEK_HOLE.patch [bz#1160237]\n- kvm-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch [bz#1160237]\n- kvm-block-raw-posix-use-seek_hole-ahead-of-fiemap.patch [bz#1160237]\n- kvm-raw-posix-Fix-raw_co_get_block_status-after-EOF.patch [bz#1160237]\n- kvm-raw-posix-raw_co_get_block_status-return-value.patch [bz#1160237]\n- kvm-raw-posix-SEEK_HOLE-suffices-get-rid-of-FIEMAP.patch [bz#1160237]\n- kvm-raw-posix-The-SEEK_HOLE-code-is-flawed-rewrite-it.patch [bz#1160237]\n- Resolves: bz#1087724\n ([Fujitsu 7.1 FEAT]: qemu-img should use fallocate() system call for 'preallocation=full' option)\n- Resolves: bz#1138639\n (fail to login spice session with password + expire time)\n- Resolves: bz#1140618\n (Should replace 'qemu-system-i386' by '/usr/libexec/qemu-kvm' in manpage of qemu-kvm for our official qemu-kvm build)\n- Resolves: bz#1157645\n (CVE-2014-7815 qemu-kvm: qemu: vnc: insufficient bits_per_pixel from the client sanitization [rhel-7.1])\n- Resolves: bz#1157798\n ([FEAT RHEL7.1]: qemu: Support compression for dump-guest-memory command)\n- Resolves: bz#1160237\n (qemu-img convert intermittently corrupts output images)\n- Resolves: bz#1161563\n (invalid QEMU NOTEs in vmcore that is dumped for multi-VCPU guests)\n- Resolves: bz#1161890\n ([abrt] qemu-kvm: pixman_image_get_data(): qemu-kvm killed by SIGSEGV)\n[1.5.3-79.el7]\n- kvm-libcacard-link-against-qemu-error.o-for-error_report.patch [bz#1088176]\n- kvm-error-Add-error_abort.patch [bz#1088176]\n- kvm-blockdev-Fail-blockdev-add-with-encrypted-images.patch [bz#1088176]\n- kvm-blockdev-Fix-NULL-pointer-dereference-in-blockdev-ad.patch [bz#1088176]\n- kvm-qemu-iotests-Test-a-few-blockdev-add-error-cases.patch [bz#1088176]\n- kvm-block-Add-errp-to-bdrv_new.patch [bz#1088176]\n- kvm-qemu-img-Avoid-duplicate-block-device-IDs.patch [bz#1088176]\n- kvm-block-Catch-duplicate-IDs-in-bdrv_new.patch [bz#1088176]\n- kvm-qemu-img-Allow-source-cache-mode-specification.patch [bz#1138691]\n- kvm-qemu-img-Allow-cache-mode-specification-for-amend.patch [bz#1138691]\n- kvm-qemu-img-clarify-src_cache-option-documentation.patch [bz#1138691]\n- kvm-qemu-img-fix-rebase-src_cache-option-documentation.patch [bz#1138691]\n- kvm-qemu-img-fix-img_compare-flags-error-path.patch [bz#1138691]\n- kvm-ac97-register-reset-via-qom.patch [bz#1141667]\n- kvm-virtio-blk-Factor-common-checks-out-of-virtio_blk_ha.patch [bz#1085232]\n- kvm-virtio-blk-Bypass-error-action-and-I-O-accounting-on.patch [bz#1085232]\n- kvm-virtio-blk-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]\n- kvm-ide-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]\n- kvm-ide-only-constrain-read-write-requests-to-drive-size.patch [bz#1085232]\n- Resolves: bz#1085232\n (Ilegal guest requests on block devices pause the VM)\n- Resolves: bz#1088176\n (QEMU fail to check whether duplicate ID for block device drive using 'blockdev-add' to hotplug)\n- Resolves: bz#1138691\n (Allow qemu-img to bypass the host cache (check, compare, convert, rebase, amend))\n- Resolves: bz#1141667\n (Qemu crashed if reboot guest after hot remove AC97 sound device)\n[1.5.3-78.el7]\n- kvm-slirp-udp-fix-NULL-pointer-dereference-because-of-un.patch [bz#1144820]\n- kvm-hw-pci-fix-error-flow-in-pci-multifunction-init.patch [bz#1049734]\n- kvm-rhel-Drop-machine-type-pc-q35-rhel7.0.0.patch [bz#1111107]\n- kvm-virtio-scsi-Plug-memory-leak-on-virtio_scsi_push_eve.patch [bz#1088822]\n- kvm-virtio-scsi-Report-error-if-num_queues-is-0-or-too-l.patch [bz#1089606]\n- kvm-virtio-scsi-Fix-memory-leak-when-realize-failed.patch [bz#1089606]\n- kvm-virtio-scsi-Fix-num_queue-input-validation.patch [bz#1089606]\n- kvm-Revert-linux-aio-use-event-notifiers.patch [bz#1104748]\n- kvm-specfile-Require-glusterfs-api-3.6.patch [bz#1155518]\n- Resolves: bz#1049734\n (PCI: QEMU crash on illegal operation: attaching a function to a non multi-function device)\n- Resolves: bz#1088822\n (hot-plug a virtio-scsi disk via 'blockdev-add' always cause QEMU quit)\n- Resolves: bz#1089606\n (QEMU will not reject invalid number of queues (num_queues = 0) specified for virtio-scsi)\n- Resolves: bz#1104748\n (48% reduction in IO performance for KVM guest, io=native)\n- Resolves: bz#1111107\n (Remove Q35 machine type from qemu-kvm)\n- Resolves: bz#1144820\n (CVE-2014-3640 qemu-kvm: qemu: slirp: NULL pointer deref in sosendto() [rhel-7.1])\n- Resolves: bz#1155518\n (qemu-kvm: undefined symbol: glfs_discard_async)\n[1.5.3-77.el7]\n- kvm-seccomp-add-semctl-to-the-syscall-whitelist.patch [bz#1026314]\n- kvm-Revert-kvmclock-Ensure-proper-env-tsc-value-for-kvmc.patch [bz#1098602 bz#1130428]\n- kvm-Revert-kvmclock-Ensure-time-in-migration-never-goes-.patch [bz#1098602 bz#1130428]\n- kvm-Introduce-cpu_clean_all_dirty.patch [bz#1098602 bz#1130428]\n- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock.v2.patch [bz#1098602 bz#1130428]\n- kvm-kvmclock-Ensure-time-in-migration-never-goes-back.v2.patch [bz#1098602 bz#1130428]\n- Resolves: bz#1026314\n (BUG: qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')\n- Resolves: bz#1098602\n (kvmclock: Ensure time in migration never goes backward (backport))\n- Resolves: bz#1130428\n (After migration of RHEL7.1 guest with '-vga qxl', GUI console is hang)\n[1.5.3-76.el7]\n- kvm-usb-hcd-xhci-QOM-Upcast-Sweep.patch [bz#980747]\n- kvm-usb-hcd-xhci-QOM-parent-field-cleanup.patch [bz#980747]\n- kvm-uhci-egsm-fix.patch [bz#1046873]\n- kvm-usb-redir-fix-use-after-free.patch [bz#1046574 bz#1088116]\n- kvm-xhci-remove-leftover-debug-printf.patch [bz#980833]\n- kvm-xhci-add-tracepoint-for-endpoint-state-changes.patch [bz#980833]\n- kvm-xhci-add-port-to-slot_address-tracepoint.patch [bz#980833]\n- kvm-usb-parallelize-usb3-streams.patch [bz#1075846]\n- kvm-xhci-Init-a-transfers-xhci-slotid-and-epid-member-on.patch [bz#1075846]\n- kvm-xhci-Add-xhci_epid_to_usbep-helper-function.patch [bz#980833]\n- kvm-xhci-Fix-memory-leak-on-xhci_disable_ep.patch [bz#980833]\n- kvm-usb-Also-reset-max_packet_size-on-ep_reset.patch [bz#1075846]\n- kvm-usb-Fix-iovec-memleak-on-combined-packet-free.patch [bz#1075846]\n- kvm-usb-hcd-xhci-Remove-unused-sstreamsm-member-from-XHC.patch [bz#980747]\n- kvm-usb-hcd-xhci-Remove-unused-cancelled-member-from-XHC.patch [bz#980747]\n- kvm-usb-hcd-xhci-Report-completion-of-active-transfer-wi.patch [bz#980747]\n- kvm-usb-hcd-xhci-Update-endpoint-context-dequeue-pointer.patch [bz#980747]\n- kvm-xhci-Add-a-few-missing-checks-for-disconnected-devic.patch [bz#980833]\n- kvm-usb-Add-max_streams-attribute-to-endpoint-info.patch [bz#1111450]\n- kvm-usb-Add-usb_device_alloc-free_streams.patch [bz#1111450]\n- kvm-xhci-Call-usb_device_alloc-free_streams.patch [bz#980833]\n- kvm-uhci-invalidate-queue-on-device-address-changes.patch [bz#1111450]\n- kvm-xhci-iso-fix-time-calculation.patch [bz#949385]\n- kvm-xhci-iso-allow-for-some-latency.patch [bz#949385]\n- kvm-xhci-switch-debug-printf-to-tracepoint.patch [bz#980747]\n- kvm-xhci-use-DPRINTF-instead-of-fprintf-stderr.patch [bz#980833]\n- kvm-xhci-child-detach-fix.patch [bz#980833]\n- kvm-usb-add-usb_pick_speed.patch [bz#1075846]\n- kvm-xhci-make-port-reset-trace-point-more-verbose.patch [bz#980833]\n- kvm-usb-initialize-libusb_device-to-avoid-crash.patch [bz#1111450]\n- kvm-target-i386-get-CPL-from-SS.DPL.patch [bz#1097363]\n- kvm-trace-use-unique-Red-Hat-version-number-in-simpletra.patch [bz#1088112]\n- kvm-trace-add-pid-field-to-simpletrace-record.patch [bz#1088112]\n- kvm-simpletrace-add-support-for-trace-record-pid-field.patch [bz#1088112]\n- kvm-simpletrace-add-simpletrace.py-no-header-option.patch [bz#1088112]\n- kvm-trace-extract-stap_escape-function-for-reuse.patch [bz#1088112]\n- kvm-trace-add-tracetool-simpletrace_stap-format.patch [bz#1088112]\n- kvm-trace-install-simpletrace-SystemTap-tapset.patch [bz#1088112]\n- kvm-trace-install-trace-events-file.patch [bz#1088112]\n- kvm-trace-add-SystemTap-init-scripts-for-simpletrace-bri.patch [bz#1088112]\n- kvm-simpletrace-install-simpletrace.py.patch [bz#1088112]\n- kvm-trace-add-systemtap-initscript-README-file-to-RPM.patch [bz#1088112]\n- kvm-rdma-Fix-block-during-rdma-migration.patch [bz#1152969]\n- Resolves: bz#1046574\n (fail to passthrough the USB speaker redirected from usb-redir with xhci controller)\n- Resolves: bz#1046873\n (fail to be recognized the hotpluging usb-storage device with xhci controller in win2012R2 guest)\n- Resolves: bz#1075846\n (qemu-kvm core dumped when hotplug/unhotplug USB3.0 device multi times)\n- Resolves: bz#1088112\n ([Fujitsu 7.1 FEAT]:QEMU: capturing trace data all the time using ftrace-based tracing)\n- Resolves: bz#1088116\n (qemu crash when device_del usb-redir)\n- Resolves: bz#1097363\n (qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel 'Q95xx' host)\n- Resolves: bz#1111450\n (Guest crash when hotplug usb while disable virt_use_usb)\n- Resolves: bz#1152969\n (Qemu-kvm got stuck when migrate to wrong RDMA ip)\n- Resolves: bz#949385\n (passthrough USB speaker to win2012 guest fail to work well)\n- Resolves: bz#980747\n (flood with 'xhci: wrote doorbell while xHC stopped or paused' when redirected USB Webcam from usb-host with xHCI controller)\n- Resolves: bz#980833\n (xhci: FIXME: endpoint stopped w/ xfers running, data might be lost)\n[1.5.3-75.el7]\n- kvm-target-i386-Broadwell-CPU-model.patch [bz#1116117]\n- kvm-pc-Add-Broadwell-CPUID-compatibility-bits.patch [bz#1116117]\n- kvm-virtio-balloon-fix-integer-overflow-in-memory-stats-.patch [bz#1142290]\n- Resolves: bz#1116117\n ([Intel 7.1 FEAT] Broadwell new instructions support for KVM - qemu-kvm)\n- Resolves: bz#1142290\n (guest is stuck when setting balloon memory with large guest-stats-polling-interval)\n[1.5.3-74.el7]\n- kvm-ide-Add-wwn-support-to-IDE-ATAPI-drive.patch [bz#1131316]\n- kvm-vmdk-Allow-vmdk_create-to-work-with-protocol.patch [bz#1098086]\n- kvm-block-make-vdi-bounds-check-match-upstream.patch [bz#1098086]\n- kvm-vdi-say-why-an-image-is-bad.patch [bz#1098086]\n- kvm-block-do-not-abuse-EMEDIUMTYPE.patch [bz#1098086]\n- kvm-cow-correctly-propagate-errors.patch [bz#1098086]\n- kvm-block-Use-correct-width-in-format-strings.patch [bz#1098086]\n- kvm-vdi-remove-double-conversion.patch [bz#1098086]\n- kvm-block-vdi-Error-out-immediately-in-vdi_create.patch [bz#1098086]\n- kvm-vpc-Implement-.bdrv_has_zero_init.patch [bz#1098086]\n- kvm-block-vpc-use-QEMU_PACKED-for-on-disk-structures.patch [bz#1098086]\n- kvm-block-allow-bdrv_unref-to-be-passed-NULL-pointers.patch [bz#1098086]\n- kvm-block-vdi-use-block-layer-ops-in-vdi_create-instead-.patch [bz#1098086]\n- kvm-block-use-the-standard-ret-instead-of-result.patch [bz#1098086]\n- kvm-block-vpc-use-block-layer-ops-in-vpc_create-instead-.patch [bz#1098086]\n- kvm-block-iotest-update-084-to-test-static-VDI-image-cre.patch [bz#1098086]\n- kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925]\n- kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925]\n- kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925]\n- kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925]\n- Resolves: bz#1098086\n (RFE: Supporting creating vmdk/vdi/vpc format disk with protocols (glusterfs))\n- Resolves: bz#1122925\n (Maintain relative path to backing file image during live merge (block-commit))\n- Resolves: bz#1131316\n (fail to specify wwn for virtual IDE CD-ROM)\n[1.5.3-73.el7]\n- kvm-scsi-disk-fix-bug-in-scsi_block_new_request-introduc.patch [bz#1105880]\n- Resolves: bz#1105880\n (bug in scsi_block_new_request() function introduced by upstream commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8)\n[1.5.3-72.el7]\n- kvm-vbe-make-bochs-dispi-interface-return-the-correct-me.patch [bz#1139118]\n- kvm-vbe-rework-sanity-checks.patch [bz#1139118]\n- kvm-spice-display-add-display-channel-id-to-the-debug-me.patch [bz#1139118]\n- kvm-spice-make-sure-we-don-t-overflow-ssd-buf.patch [bz#1139118]\n- Resolves: bz#1139118\n (CVE-2014-3615 qemu-kvm: Qemu: crash when guest sets high resolution [rhel-7.1])\n[1.5.3-71.el7]\n- kvm-spice-move-qemu_spice_display_-from-spice-graphics-t.patch [bz#1054077]\n- kvm-spice-move-spice_server_vm_-start-stop-calls-into-qe.patch [bz#1054077]\n- kvm-spice-stop-server-for-qxl-hard-reset.patch [bz#1054077]\n- kvm-qemu-Adjust-qemu-wakeup.patch [bz#1064156]\n- kvm-vmstate_xhci_event-fix-unterminated-field-list.patch [bz#1122147]\n- kvm-vmstate_xhci_event-bug-compat-with-RHEL-7.0-RHEL-onl.patch [bz#1122147]\n- kvm-pflash_cfi01-write-flash-contents-to-bdrv-on-incomin.patch [bz#1139702]\n- kvm-ide-test-Add-enum-value-for-DEV.patch [bz#1123372]\n- kvm-ide-test-Add-FLUSH-CACHE-test-case.patch [bz#1123372]\n- kvm-ide-Fix-segfault-when-flushing-a-device-that-doesn-t.patch [bz#1123372]\n- kvm-IDE-Fill-the-IDENTIFY-request-consistently.patch [bz#852348]\n- kvm-ide-Add-resize-callback-to-ide-core.patch [bz#852348]\n- Resolves: bz#1054077\n (qemu crash when reboot win7 guest with spice display)\n- Resolves: bz#1064156\n ([qxl] The guest show black screen while resumed guest which managedsaved in pmsuspended status.)\n- Resolves: bz#1122147\n (CVE-2014-5263 vmstate_xhci_event: fix unterminated field list)\n- Resolves: bz#1123372\n (qemu-kvm crashed when doing iofuzz testing)\n- Resolves: bz#1139702\n (pflash (UEFI varstore) migration shortcut for libvirt [RHEL])\n- Resolves: bz#852348\n (fail to block_resize local data disk with IDE/AHCI disk_interface)\n[1.5.3-70.el7]\n- kvm-Enforce-stack-protector-usage.patch [bz#1064260]\n- kvm-pc-increase-maximal-VCPU-count-to-240.patch [bz#1134408]\n- kvm-gluster-Add-discard-support-for-GlusterFS-block-driv.patch [bz#1136534]\n- kvm-gluster-default-scheme-to-gluster-and-host-to-localh.patch [bz#1088150]\n- kvm-qdev-properties-system.c-Allow-vlan-or-netdev-for-de.patch [bz#996011]\n- kvm-vl-process-object-after-other-backend-options.patch [bz#1128095]\n- Resolves: bz#1064260\n (Handle properly --enable-fstack-protector option)\n- Resolves: bz#1088150\n (qemu-img coredumpd when try to create a gluster format image)\n- Resolves: bz#1128095\n (chardev 'chr0' isn't initialized when we try to open rng backend)\n- Resolves: bz#1134408\n ([HP 7.1 FEAT] Increase qemu-kvm's VCPU limit to 240)\n- Resolves: bz#1136534\n (glusterfs backend does not support discard)\n- Resolves: bz#996011\n (vlan and queues options cause core dumped when qemu-kvm process quit(or ctrl+c))\n[1.5.3-69.el7]\n- kvm-rdma-bug-fixes.patch [bz#1107821]\n- kvm-virtio-serial-report-frontend-connection-state-via-m.patch [bz#1122151]\n- kvm-char-report-frontend-open-closed-state-in-query-char.patch [bz#1122151]\n- kvm-acpi-fix-tables-for-no-hpet-configuration.patch [bz#1129552]\n- kvm-mirror-Fix-resource-leak-when-bdrv_getlength-fails.patch [bz#1130603]\n- kvm-blockjob-Add-block_job_yield.patch [bz#1130603]\n- kvm-mirror-Go-through-ready-complete-process-for-0-len-i.patch [bz#1130603]\n- kvm-qemu-iotests-Test-BLOCK_JOB_READY-event-for-0Kb-imag.patch [bz#1130603]\n- kvm-block-make-top-argument-to-block-commit-optional.patch [bz#1130603]\n- kvm-qemu-iotests-Test-0-length-image-for-mirror.patch [bz#1130603]\n- kvm-mirror-Fix-qiov-size-for-short-requests.patch [bz#1130603]\n- Resolves: bz#1107821\n (rdma migration: seg if destination isn't listening)\n- Resolves: bz#1122151\n (Pass close from qemu-ga)\n- Resolves: bz#1129552\n (backport 'acpi: fix tables for no-hpet configuration')\n- Resolves: bz#1130603\n (advertise active commit to libvirt)\n[1.5.3-68.el7]\n- kvm-virtio-net-Do-not-filter-VLANs-without-F_CTRL_VLAN.patch [bz#1065724]\n- kvm-virtio-net-add-vlan-receive-state-to-RxFilterInfo.patch [bz#1065724]\n- kvm-virtio-rng-check-return-value-of-virtio_load.patch [bz#1116941]\n- kvm-qapi-treat-all-negative-return-of-strtosz_suffix-as-.patch [bz#1074403]\n- Resolves: bz#1065724\n (rx filter incorrect when guest disables VLAN filtering)\n- Resolves: bz#1074403\n (qemu-kvm can not give any warning hint when set sndbuf with negative value)\n- Resolves: bz#1116941\n (Return value of virtio_load not checked in virtio_rng_load)\n[1.5.3-67.el7]\n- kvm-vl.c-Output-error-on-invalid-machine-type.patch [bz#990724]\n- kvm-migration-dump-vmstate-info-as-a-json-file-for-stati.patch [bz#1118707]\n- kvm-vmstate-static-checker-script-to-validate-vmstate-ch.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-dump1-and-dump2-fil.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-incompat-machine-types.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-version-error-in-ma.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-version-mismatch-inside.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-minimum_version_id-chec.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-section.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-field.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-last-field-in-a-.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-change-description-name.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Fields.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Description.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Description-insi.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-a-subsection.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-remove-Subsections.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-substructure-for-us.patch [bz#1118707]\n- kvm-tests-vmstate-static-checker-add-size-mismatch-insid.patch [bz#1118707]\n- kvm-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch [bz#1116728]\n- kvm-block-Improve-driver-whitelist-checks.patch [bz#999789]\n- kvm-vmdk-Fix-format-specific-information-create-type-for.patch [bz#1029271]\n- kvm-virtio-pci-Report-an-error-when-msix-vectors-init-fa.patch [bz#1095645]\n- kvm-scsi-Report-error-when-lun-number-is-in-use.patch [bz#1096576]\n- kvm-util-Split-out-exec_dir-from-os_find_datadir.patch [bz#1017685]\n- kvm-rules.mak-fix-obj-to-a-real-relative-path.patch [bz#1017685]\n- kvm-rules.mak-allow-per-object-cflags-and-libs.patch [bz#1017685]\n- kvm-block-use-per-object-cflags-and-libs.patch [bz#1017685]\n- kvm-vmdk-Fix-creating-big-description-file.patch [bz#1039791]\n- Resolves: bz#1017685\n (Gluster etc. should not be a dependency of vscclient and libcacard)\n- Resolves: bz#1029271\n (Format specific information (create type) was wrong when create it specified subformat='streamOptimized')\n- Resolves: bz#1039791\n (qemu-img creates truncated VMDK image with subformat=twoGbMaxExtentFlat)\n- Resolves: bz#1095645\n (vectors of virtio-scsi-pci will be 0 when set vectors>=129)\n- Resolves: bz#1096576\n (QEMU core dumped when boot up two scsi-hd disk on the same virtio-scsi-pci controller in Intel host)\n- Resolves: bz#1116728\n (Backport qemu_bh_schedule() race condition fix)\n- Resolves: bz#1118707\n (VMstate static checker: backport -dump-vmstate feature to export json-encoded vmstate info)\n- Resolves: bz#990724\n (qemu-kvm failing when invalid machine type is provided)\n- Resolves: bz#999789\n (qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk)\n[1.5.3-66.el7]\n- kvm-xhci-fix-overflow-in-usb_xhci_post_load.patch [bz#1074219]\n- kvm-migration-qmp_migrate-keep-working-after-syntax-erro.patch [bz#1086598]\n- kvm-seccomp-add-shmctl-mlock-and-munlock-to-the-syscall-.patch [bz#1026314]\n- kvm-exit-when-no-kvm-and-vcpu-count-160.patch [bz#1076326]\n- kvm-Disallow-outward-migration-while-awaiting-incoming-m.patch [bz#1086987]\n- kvm-block-Ignore-duplicate-or-NULL-format_name-in-bdrv_i.patch [bz#1088695 bz#1093983]\n- kvm-block-vhdx-account-for-identical-header-sections.patch [bz#1097020]\n- kvm-aio-Fix-use-after-free-in-cancellation-path.patch [bz#1095877]\n- kvm-scsi-disk-Improve-error-messager-if-can-t-get-versio.patch [bz#1021788]\n- kvm-scsi-Improve-error-messages-more.patch [bz#1021788]\n- kvm-memory-Don-t-call-memory_region_update_coalesced_ran.patch [bz#1096645]\n- kvm-kvmclock-Ensure-time-in-migration-never-goes-backwar.patch [bz#1098602]\n- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock_cu.patch [bz#1098602]\n- Resolves: bz#1021788\n (the error message 'scsi generic interface too old' is wrong more often than not)\n- Resolves: bz#1026314\n (qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')\n- Resolves: bz#1074219\n (qemu core dump when install a RHEL.7 guest(xhci) with migration)\n- Resolves: bz#1076326\n (qemu-kvm does not quit when booting guest w/ 161 vcpus and '-no-kvm')\n- Resolves: bz#1086598\n (migrate_cancel wont take effect on previouly wrong migrate -d cmd)\n- Resolves: bz#1086987\n (src qemu crashed when starting migration in inmigrate mode)\n- Resolves: bz#1088695\n (there are four 'gluster' in qemu-img supported format list)\n- Resolves: bz#1093983\n (there are three 'nbd' in qemu-img supported format list)\n- Resolves: bz#1095877\n (segmentation fault in qemu-kvm due to use-after-free of a SCSIGenericReq (host device pass-through))\n- Resolves: bz#1096645\n ([FJ7.0 Bug] RHEL7.0 guest attaching 150 or more virtio-blk disks fails to start up)\n- Resolves: bz#1097020\n ([RFE] qemu-img: Add/improve Disk2VHD tools creating VHDX images)\n- Resolves: bz#1098602\n (kvmclock: Ensure time in migration never goes backward (backport))\n[1.5.3-65.el7]\n- kvm-Allow-mismatched-virtio-config-len.patch [bz#1113009]\n- Resolves: bz#1113009\n (Migration failed with virtio-blk from RHEL6.5.0 host to RHEL7.0 host)\n[1.5.3-64.el7]\n- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1098976]\n- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1098976]\n- Resolves: bz#1098976\n (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)\n[1.5.3-63.el7]\n- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch [bz#1038914]\n- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1052093]\n- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1052093]\n- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1066338]\n- kvm-Provide-init-function-for-ram-migration.patch [bz#1066338]\n- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1066338]\n- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1066338]\n- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1074913]\n- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095678]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch [bz#1095690]\n- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095685]\n- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095695]\n- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095738]\n- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095742]\n- kvm-virtio-validate-config_len-on-load.patch [bz#1095783]\n- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095766]\n- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095766]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095747]\n- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095747]\n- kvm-vmstate-reduce-code-duplication.patch [bz#1095716]\n- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095716]\n- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095716]\n- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095707]\n- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch [bz#1095716]\n- kvm-usb-fix-up-post-load-checks.patch [bz#1096829]\n- kvm-qcow-correctly-propagate-errors.patch [bz#1097230]\n- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097230]\n- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097230]\n- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097230]\n- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097237]\n- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097237]\n- Resolves: bz#1038914\n (Guest can't receive any character transmitted from host after hot unplugging virtserialport then hot plugging again)\n- Resolves: bz#1052093\n (qcow2 corruptions (leaked clusters after installing a rhel7 guest using virtio_scsi))\n- Resolves: bz#1066338\n (Reduce the migrate cache size during migration causes qemu segment fault)\n- Resolves: bz#1074913\n (migration can not finish with 1024k 'remaining ram' left after hotunplug 4 nics)\n- Resolves: bz#1095678\n (CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid state load [rhel-7.1])\n- Resolves: bz#1095685\n (CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on load [rhel-7.1])\n- Resolves: bz#1095690\n (CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on invalid state load [rhel-7.1])\n- Resolves: bz#1095695\n (CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on invalid state load [rhel-7.1])\n- Resolves: bz#1095707\n (CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095716\n (CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095738\n (CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming migration [rhel-7.1])\n- Resolves: bz#1095742\n (CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid state load [rhel-7.1])\n- Resolves: bz#1095747\n (CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load [rhel-7.1])\n- Resolves: bz#1095766\n (CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient validation of num_sg when mapping [rhel-7.1])\n- Resolves: bz#1095783\n (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.1])\n- Resolves: bz#1096829\n (CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.1])\n- Resolves: bz#1097230\n (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-7.1])\n- Resolves: bz#1097237\n (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-7.1])\n[1.5.3-62.el7]\n- kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094285]\n- Resolves: bz#1094285\n (Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.)\n[1.5.3-61.el7]\n- kvm-iscsi-fix-indentation.patch [bz#1083413]\n- kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1083413]\n- kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1083413]\n- kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1083413]\n- kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1083413]\n- kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1083413]\n- kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1083413]\n- kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1083413]\n- kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1083413]\n- kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [bz#1027565]\n- kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1085701]\n- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087980]\n- Resolves: bz#1027565\n (fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host)\n- Resolves: bz#1083413\n (qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400))\n- Resolves: bz#1085701\n (Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device)\n- Resolves: bz#1087980\n (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.1])", "edition": 72, "modified": "2015-03-11T00:00:00", "published": "2015-03-11T00:00:00", "id": "ELSA-2015-0349", "href": "http://linux.oracle.com/errata/ELSA-2015-0349.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3087-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 04, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2014-8106\n\nPaolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu, a fast processor\nemulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to\nthose of the qemu host process.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6a+deb7u6.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-12-04T13:44:41", "published": "2014-12-04T13:44:41", "id": "DEBIAN:DSA-3087-1:AADD9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00277.html", "title": "[SECURITY] [DSA 3087-1] qemu security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-8106"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3087-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nDecember 04, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : qemu\r\nCVE ID : CVE-2014-8106\r\n\r\nPaolo Bonzini of Red Hat discovered that the blit region checks were\r\ninsufficient in the Cirrus VGA emulator in qemu, a fast processor\r\nemulator. A privileged guest user could use this flaw to write into qemu\r\naddress space on the host, potentially escalating their privileges to\r\nthose of the qemu host process.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 1.1.2+dfsg-6a+deb7u6.\r\n\r\nWe recommend that you upgrade your qemu packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5\r\nZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I\r\nDd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP\r\nPRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4\r\nArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX\r\npAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk\r\noooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB\r\nIxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/\r\nRhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I\r\nUv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG\r\nnGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15\r\nB49r56dZcgZVzKzI8Zix\r\n=uUu3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-12-08T00:00:00", "published": "2014-12-08T00:00:00", "id": "SECURITYVULNS:DOC:31478", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31478", "title": "[SECURITY] [DSA 3087-1] qemu security update", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-3689", "CVE-2014-0146", "CVE-2014-0223", "CVE-2014-8106", "CVE-2014-0144", "CVE-2014-0222", "CVE-2014-3640", "CVE-2014-0145", "CVE-2014-7815", "CVE-2014-0143", "CVE-2014-0147", "CVE-2014-3615", "CVE-2014-0142"], "description": "Multiple memory corruptions, DoS, information leakage.", "edition": 1, "modified": "2014-12-08T00:00:00", "published": "2014-12-08T00:00:00", "id": "SECURITYVULNS:VULN:14003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14003", "title": "qemu multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T09:48:51", "description": "Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu, a fast processor\nemulator. A privileged guest user could use this flaw to write into\nqemu address space on the host, potentially escalating their\nprivileges to those of the qemu host process.", "edition": 17, "published": "2014-12-05T00:00:00", "title": "Debian DSA-3087-1 : qemu - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2014-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3087.NASL", "href": "https://www.tenable.com/plugins/nessus/79728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3087. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79728);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_xref(name:\"DSA\", value:\"3087\");\n\n script_name(english:\"Debian DSA-3087-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu, a fast processor\nemulator. A privileged guest user could use this flaw to write into\nqemu address space on the host, potentially escalating their\nprivileges to those of the qemu host process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6+deb7u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:36:35", "description": "Updated qemu-kvm-rhev packages that fix one security issue and one bug\nare now available for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM in environments managed by Red Hat Enterprise Virtualization\nManager.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address\nspace with attacker-provided data. (CVE-2014-8106)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.", "edition": 30, "published": "2015-04-24T00:00:00", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2015:0868)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "id": "REDHAT-RHSA-2015-0868.NASL", "href": "https://www.tenable.com/plugins/nessus/83048", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0868. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83048);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_xref(name:\"RHSA\", value:\"2015:0868\");\n\n script_name(english:\"RHEL 6 : qemu-kvm-rhev (RHSA-2015:0868)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix one security issue and one bug\nare now available for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM in environments managed by Red Hat Enterprise Virtualization\nManager.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of\nVRAM-allocated buffer boundaries in the host's QEMU process address\nspace with attacker-provided data. (CVE-2014-8106)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8106\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0868\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-rhev-0.12.1.2-2.448.el6_6.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-0.12.1.2-2.448.el6_6.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:48:45", "description": "It was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis update also fixes the following bug :\n\n - Previously, the effective downtime during the last phase\n of a live migration would sometimes be much higher than\n the maximum downtime specified by 'migration_downtime'\n in vdsm.conf. This problem has been corrected. The value\n of 'migration_downtime' is now honored and the migration\n is aborted if the downtime cannot be achieved.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.", "edition": 15, "published": "2015-04-22T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2015-04-22T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo"], "id": "SL_20150421_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82989);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8106\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis update also fixes the following bug :\n\n - Previously, the effective downtime during the last phase\n of a live migration would sometimes be much higher than\n the maximum downtime specified by 'migration_downtime'\n in vdsm.conf. This problem has been corrected. The value\n of 'migration_downtime' is now honored and the migration\n is aborted if the downtime cannot be achieved.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=2294\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5131a6ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:25", "description": " - Fix qemu_bh_schedule race condition (bz #1165315)\n\n - CVE-2014-8106: cirrus: insufficient blit region checks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-02-18T00:00:00", "title": "Fedora 20 : qemu-1.6.2-13.fc20 (2015-1886)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2015-02-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qemu", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-1886.NASL", "href": "https://www.tenable.com/plugins/nessus/81393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1886.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81393);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_xref(name:\"FEDORA\", value:\"2015-1886\");\n\n script_name(english:\"Fedora 20 : qemu-1.6.2-13.fc20 (2015-1886)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix qemu_bh_schedule race condition (bz #1165315)\n\n - CVE-2014-8106: cirrus: insufficient blit region checks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169454\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150080.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee98c16\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qemu-1.6.2-13.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:52", "description": "Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu-kvm, a full\nvirtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host,\npotentially escalating their privileges to those of the qemu host\nprocess.", "edition": 16, "published": "2014-12-05T00:00:00", "title": "Debian DSA-3088-1 : qemu-kvm - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2014-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-kvm", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3088.NASL", "href": "https://www.tenable.com/plugins/nessus/79729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3088. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79729);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_xref(name:\"DSA\", value:\"3088\");\n\n script_name(english:\"Debian DSA-3088-1 : qemu-kvm - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu-kvm, a full\nvirtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host,\npotentially escalating their privileges to those of the qemu host\nprocess.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3088\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu-kvm packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6+deb7u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-06T13:44:44", "description": "An updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 30, "published": "2015-04-22T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2015:0867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2015-04-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0867.NASL", "href": "https://www.tenable.com/plugins/nessus/82986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0867. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82986);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_bugtraq_id(71477);\n script_xref(name:\"RHSA\", value:\"2015:0867\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2015:0867)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8106\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0867\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:08", "description": "An updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 29, "published": "2015-04-23T00:00:00", "title": "CentOS 6 : qemu-kvm (CESA-2015:0867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2015-04-23T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-guest-agent", "p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm-tools"], "id": "CENTOS_RHSA-2015-0867.NASL", "href": "https://www.tenable.com/plugins/nessus/83000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0867 and \n# CentOS Errata and Security Advisory 2015:0867 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83000);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_bugtraq_id(71477);\n script_xref(name:\"RHSA\", value:\"2015:0867\");\n\n script_name(english:\"CentOS 6 : qemu-kvm (CESA-2015:0867)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021082.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59908081\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8106\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:49:54", "description": "From Red Hat Security Advisory 2015:0867 :\n\nAn updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 26, "published": "2015-04-22T00:00:00", "title": "Oracle Linux 6 : qemu-kvm (ELSA-2015-0867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "modified": "2015-04-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-guest-agent", "p-cpe:/a:oracle:linux:qemu-kvm"], "id": "ORACLELINUX_ELSA-2015-0867.NASL", "href": "https://www.tenable.com/plugins/nessus/82982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0867 and \n# Oracle Linux Security Advisory ELSA-2015-0867 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82982);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8106\");\n script_bugtraq_id(71477);\n script_xref(name:\"RHSA\", value:\"2015:0867\");\n\n script_name(english:\"Oracle Linux 6 : qemu-kvm (ELSA-2015-0867)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0867 :\n\nAn updated qemu-kvm package that fixes one security issue and one bug\nis now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space\nwith attacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug :\n\n* Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.448.el6_6.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.448.el6_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:22:22", "description": "QEMU was updated to fix various bugs and security issues.\n\nFollowing security issues were fixed: CVE-2014-8106: Heap-based buffer\noverflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU\nallowed local guest users to execute arbitrary code via vectors\nrelated to blit regions.\n\n - CVE-2014-7840: The host_from_stream_offset function in\n arch_init.c in QEMU, when loading RAM during migration,\n allowed remote attackers to execute arbitrary code via a\n crafted (1) offset or (2) length value in savevm data.\n\nAlso a bug was fixed where qemu-img convert could occasionaly corrupt\nimages. (bsc#908380)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:0349-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106", "CVE-2014-7840"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2015-0349-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0349-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83686);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7840\", \"CVE-2014-8106\");\n script_bugtraq_id(71477, 71658);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:0349-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"QEMU was updated to fix various bugs and security issues.\n\nFollowing security issues were fixed: CVE-2014-8106: Heap-based buffer\noverflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU\nallowed local guest users to execute arbitrary code via vectors\nrelated to blit regions.\n\n - CVE-2014-7840: The host_from_stream_offset function in\n arch_init.c in QEMU, when loading RAM during migration,\n allowed remote attackers to execute arbitrary code via a\n crafted (1) offset or (2) length value in savevm data.\n\nAlso a bug was fixed where qemu-img convert could occasionaly corrupt\nimages. (bsc#908380)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8106/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150349-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1190d265\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-88=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-88=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-debugsource-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-lang-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-kvm-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-kvm-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-tools-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:50", "description": "Updated qemu packages fix security vulnerabilities :\n\nDuring migration, the values read from migration stream during ram\nload are not validated. Especially offset in host_from_stream_offset()\nand also the length of the writes in the callers of the said function.\nA user able to alter the savevm data (either on the disk or over the\nwire during migration) could use either of these flaws to corrupt QEMU\nprocess memory on the (destination) host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process (CVE-2014-7840).\n\nPaolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu. A privileged guest\nuser could use this flaw to write into qemu address space on the host,\npotentially escalating their privileges to those of the qemu host\nprocess (CVE-2014-8106).", "edition": 24, "published": "2014-12-15T00:00:00", "title": "Mandriva Linux Security Advisory : qemu (MDVSA-2014:249)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106", "CVE-2014-7840"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:qemu", "p-cpe:/a:mandriva:linux:qemu-img"], "id": "MANDRIVA_MDVSA-2014-249.NASL", "href": "https://www.tenable.com/plugins/nessus/79994", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:249. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7840\", \"CVE-2014-8106\");\n script_bugtraq_id(71477, 71658);\n script_xref(name:\"MDVSA\", value:\"2014:249\");\n\n script_name(english:\"Mandriva Linux Security Advisory : qemu (MDVSA-2014:249)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu packages fix security vulnerabilities :\n\nDuring migration, the values read from migration stream during ram\nload are not validated. Especially offset in host_from_stream_offset()\nand also the length of the writes in the callers of the said function.\nA user able to alter the savevm data (either on the disk or over the\nwire during migration) could use either of these flaws to corrupt QEMU\nprocess memory on the (destination) host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process (CVE-2014-7840).\n\nPaolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu. A privileged guest\nuser could use this flaw to write into qemu address space on the host,\npotentially escalating their privileges to those of the qemu host\nprocess (CVE-2014-8106).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0525.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu and / or qemu-img packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"qemu-1.6.2-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"qemu-img-1.6.2-1.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-08-04T10:49:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm,\na full virtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.", "modified": "2017-07-20T00:00:00", "published": "2014-12-04T00:00:00", "id": "OPENVAS:703088", "href": "http://plugins.openvas.org/nasl.php?oid=703088", "type": "openvas", "title": "Debian Security Advisory DSA 3088-1 (qemu-kvm - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3088.nasl 6769 2017-07-20 09:56:33Z teissa $\n# Auto-generated from advisory DSA 3088-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703088);\n script_version(\"$Revision: 6769 $\");\n script_cve_id(\"CVE-2014-8106\");\n script_name(\"Debian Security Advisory DSA 3088-1 (qemu-kvm - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-20 11:56:33 +0200 (Thu, 20 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-04 00:00:00 +0100 (Thu, 04 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3088.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu-kvm on Debian Linux\");\n script_tag(name: \"insight\", value: \"Using KVM, one can run multiple virtual\nPCs, each running unmodified Linux or Windows images. Each virtual machine has\nprivate virtualized hardware: a network card, disk, graphics adapter, etc.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.1.2+dfsg-6+deb7u6.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name: \"summary\", value: \"Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm,\na full virtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast\nprocessor emulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to those of the\nqemu host process.", "modified": "2019-03-18T00:00:00", "published": "2014-12-04T00:00:00", "id": "OPENVAS:1361412562310703087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703087", "type": "openvas", "title": "Debian Security Advisory DSA 3087-1 (qemu - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3087.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 3087-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703087\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-8106\");\n script_name(\"Debian Security Advisory DSA 3087-1 (qemu - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-04 00:00:00 +0100 (Thu, 04 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3087.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.1.2+dfsg-6a+deb7u6.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name:\"summary\", value:\"Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast\nprocessor emulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to those of the\nqemu host process.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310871359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871359", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2015:0867-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2015:0867-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871359\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:22:30 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2014-8106\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2015:0867-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space with\nattacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug:\n\n * Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0867-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00055.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.448.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Oracle Linux Local Security Checks ELSA-2015-0867", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123130", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0867.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123130\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0867\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0867 - qemu-kvm security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0867\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0867.html\");\n script_cve_id(\"CVE-2014-8106\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-04T10:49:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast\nprocessor emulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to those of the\nqemu host process.", "modified": "2017-07-20T00:00:00", "published": "2014-12-04T00:00:00", "id": "OPENVAS:703087", "href": "http://plugins.openvas.org/nasl.php?oid=703087", "type": "openvas", "title": "Debian Security Advisory DSA 3087-1 (qemu - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3087.nasl 6769 2017-07-20 09:56:33Z teissa $\n# Auto-generated from advisory DSA 3087-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703087);\n script_version(\"$Revision: 6769 $\");\n script_cve_id(\"CVE-2014-8106\");\n script_name(\"Debian Security Advisory DSA 3087-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-20 11:56:33 +0200 (Thu, 20 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-04 00:00:00 +0100 (Thu, 04 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3087.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator:\ncurrently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze,\nMIPS, PowerPC, SH4, SPARC and x86-64 emulation. By using dynamic translation\nit achieves reasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.1.2+dfsg-6a+deb7u6.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast\nprocessor emulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to those of the\nqemu host process.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Check the version of qemu-guest-agent", "modified": "2019-03-08T00:00:00", "published": "2015-04-23T00:00:00", "id": "OPENVAS:1361412562310882173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882173", "type": "openvas", "title": "CentOS Update for qemu-guest-agent CESA-2015:0867 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2015:0867 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882173\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:33:46 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2014-8106\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2015:0867 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-guest-agent\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full\n virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nIt was found that the Cirrus blit region checks were insufficient. A\nprivileged guest user could use this flaw to write outside of VRAM-\nallocated buffer boundaries in the host's QEMU process address space with\nattacker-provided data. (CVE-2014-8106)\n\nThis issue was found by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bug:\n\n * Previously, the effective downtime during the last phase of a live\nmigration would sometimes be much higher than the maximum downtime\nspecified by 'migration_downtime' in vdsm.conf. This problem has been\ncorrected. The value of 'migration_downtime' is now honored and the\nmigration is aborted if the downtime cannot be achieved. (BZ#1142756)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0867\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021082.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106"], "description": "Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm,\na full virtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.", "modified": "2019-03-18T00:00:00", "published": "2014-12-04T00:00:00", "id": "OPENVAS:1361412562310703088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703088", "type": "openvas", "title": "Debian Security Advisory DSA 3088-1 (qemu-kvm - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3088.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 3088-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703088\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-8106\");\n script_name(\"Debian Security Advisory DSA 3088-1 (qemu-kvm - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-04 00:00:00 +0100 (Thu, 04 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3088.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.1.2+dfsg-6+deb7u6.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name:\"summary\", value:\"Paolo Bonzini of Red Hat discovered that\nthe blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm,\na full virtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-07T18:46:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106", "CVE-2014-7815", "CVE-2014-3615"], "description": "A number of security vulnerabilities have\n been identified in Citrix XenServer. These vulnerabilities could, if exploited,\n allow a malicious administrator of an HVM guest to compromise the host.", "modified": "2020-04-02T00:00:00", "published": "2015-04-17T00:00:00", "id": "OPENVAS:1361412562310105258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105258", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX200892)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX200892)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105258\");\n script_cve_id(\"CVE-2014-8106\", \"CVE-2014-7815\", \"CVE-2014-3615\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-02T13:53:24+0000\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX200892)\");\n\n script_xref(name:\"URL\", value:\"http://support.citrix.com/article/CTX200892\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"A number of security vulnerabilities have\n been identified in Citrix XenServer. These vulnerabilities could, if exploited,\n allow a malicious administrator of an HVM guest to compromise the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2014-8106 (High): Heap-based buffer overflow in the Cirrus VGA emulator\n\n - CVE-2014-7815 (Low): The set_pixel_format function in QEMU allows a denial of service (crash)\n\n - CVE-2014-3615 (Low): The VGA emulator in QEMU allows users to read memory\");\n\n script_tag(name:\"affected\", value:\"XenServer 6.5\n\n XenServer 6.2.0\n\n XenServer 6.1.0\n\n XenServer 6.0.2\n\n XenServer 6.0\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-04-17 14:24:28 +0200 (Fri, 17 Apr 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\nif( ! hotfixes = get_kb_item(\"xenserver/patches\") )\n exit( 0 );\n\npatches = make_array();\n\npatches['6.5.0'] = make_list( 'XS65E007' );\npatches['6.2.0'] = make_list( 'XS62ESP1021' );\npatches['6.1.0'] = make_list( 'XS61E051' );\npatches['6.0.2'] = make_list( 'XS602E042' );\npatches['6.0.0'] = make_list( 'XS60E046' );\n\ncitrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3689", "CVE-2014-8106", "CVE-2014-7840"], "description": "Gentoo Linux Local Security Checks GLSA 201412-37", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121323", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-37", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-37.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121323\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:20 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-37\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-37\");\n script_cve_id(\"CVE-2014-3689\", \"CVE-2014-7840\", \"CVE-2014-8106\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-37\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-emulation/qemu\", unaffected: make_list(\"ge 2.1.2-r2\"), vulnerable: make_list(\"lt 2.1.2-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8106", "CVE-2015-1779", "CVE-2014-7840"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-14T00:00:00", "id": "OPENVAS:1361412562310869238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869238", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2015-5482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2015-5482\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869238\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 07:16:44 +0200 (Tue, 14 Apr 2015)\");\n script_cve_id(\"CVE-2015-1779\", \"CVE-2014-8106\", \"CVE-2014-7840\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2015-5482\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5482\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.1.3~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:31", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8106", "CVE-2014-7840"], "description": "Michael S. Tsirkin discovered that QEMU incorrectly handled certain \nparameters during ram load while performing a migration. An attacker able \nto manipulate savevm data could use this issue to possibly execute \narbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, \nUbuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840)\n\nPaolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus \nVGA device. A malicious guest could possibly use this issue to write into \nmemory of the host, leading to privilege escalation. (CVE-2014-8106)", "edition": 5, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "USN-2439-1", "href": "https://ubuntu.com/security/notices/USN-2439-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3689", "CVE-2014-8106", "CVE-2014-7840"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer. \n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.1.2-r2\"", "modified": "2014-12-24T00:00:00", "published": "2014-12-24T00:00:00", "id": "GLSA-201412-37", "href": "https://security.gentoo.org/glsa/201412-37", "type": "gentoo", "title": "QEMU: Multiple Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7840", "CVE-2014-8106", "CVE-2015-1779"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-04-13T07:05:24", "published": "2015-04-13T07:05:24", "id": "FEDORA:EBA7060877F8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qemu-2.1.3-5.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7840", "CVE-2014-8106", "CVE-2015-1779", "CVE-2015-3456"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-05-17T06:38:09", "published": "2015-05-17T06:38:09", "id": "FEDORA:6D23360762AF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qemu-2.1.3-7.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7840", "CVE-2014-8106", "CVE-2015-1779", "CVE-2015-3456", "CVE-2015-4037"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-06-21T00:16:05", "published": "2015-06-21T00:16:05", "id": "FEDORA:327666015E56", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qemu-2.1.3-8.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-02-17T08:05:08", "published": "2015-02-17T08:05:08", "id": "FEDORA:EACF360879A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-13.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0150", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-2894", "CVE-2014-3461", "CVE-2014-3615", "CVE-2014-3640", "CVE-2014-3689", "CVE-2014-7815", "CVE-2014-7840", "CVE-2014-8106", "CVE-2015-3456"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2015-05-22T17:55:27", "published": "2015-05-22T17:55:27", "id": "FEDORA:4C485604E838", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qemu-1.6.2-14.fc20", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2016-11-09T00:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2014-8106", "CVE-2015-7504", "CVE-2015-7512", "CVE-2015-5279", "CVE-2007-1320", "CVE-2015-3209", "CVE-2015-5165"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-28T00:00:00", "published": "2016-02-16T00:00:00", "id": "SOL63519101", "href": "http://support.f5.com/kb/en-us/solutions/public/k/63/sol63519101.html", "type": "f5", "title": "SOL63519101 - Multiple QEMU vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-22T12:31:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-8106", "CVE-2015-7504", "CVE-2015-7512", "CVE-2015-5279", "CVE-2007-1320", "CVE-2015-3209", "CVE-2015-5165"], "description": "\nF5 Product Development has assigned IDs 572590, 572592, 572596, 572597, and 572599 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H63519101 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | vCMP \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP GTM | 11.0.0 - 11.6.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP PSM | 11.0.0 - 11.4.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WOM | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-11-16T00:00:00", "published": "2016-02-16T19:39:00", "id": "F5:K63519101", "href": "https://support.f5.com/csp/article/K63519101", "title": "Multiple QEMU vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-03-17T11:16:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2016-9932", "CVE-2016-10013", "CVE-2017-2615", "CVE-2016-10024", "CVE-2016-9921", "CVE-2017-2620", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain\n privileges by leveraging mishandling of SYSCALL singlestep during\n emulation (bsc#1016340).\n - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM\n guest OS users to obtain sensitive information from host stack memory\n via a &quot;supposedly-ignored&quot; operand size prefix (bsc#1012651).\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators\n to cause a denial of service (host hang or crash) by modifying the\n instruction stream asynchronously while performing certain kernel\n operations (bsc#1014298)\n\n This non-security issue was fixed:\n\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-03-17T12:10:10", "published": "2017-03-17T12:10:10", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00013.html", "id": "SUSE-SU-2017:0718-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-01T01:11:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-03-01T00:33:56", "published": "2017-03-01T00:33:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html", "id": "SUSE-SU-2017:0582-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-09T23:11:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV\n to SP4\n\n", "modified": "2017-03-10T00:07:36", "published": "2017-03-10T00:07:36", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00006.html", "id": "SUSE-SU-2017:0647-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}