[SECURITY] Fedora 25 Update: xen-4.7.3-4.fc25

2017-09-16T03:24:28

Description

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	25	xen	4.7.3

{"id": "FEDORA:A1CFA61C5F3E", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: xen-4.7.3-4.fc25", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "published": "2017-09-16T03:24:28", "modified": "2017-09-16T03:24:28", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BOC4V47PNNEIZKIK3YWSMOJYB45QJ2QU/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-10664", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330"], "immutableFields": [], "lastseen": "2020-12-21T08:17:54", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2017:1206", "CESA-2017:1430", "CESA-2017:2445"]}, {"type": "citrix", "idList": ["CTX225941"]}, {"type": "cve", "idList": ["CVE-2017-10664", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-5579", "CVE-2017-6505", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330", "CVE-2020-11742"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1035-1:07CB0", "DEBIAN:DLA-1070-1:8671F", "DEBIAN:DLA-1071-1:8836E", "DEBIAN:DLA-1132-1:8FF21", "DEBIAN:DLA-1132-1:FB7F1", "DEBIAN:DLA-1497-1:58644", "DEBIAN:DLA-1599-1:F7408", "DEBIAN:DLA-939-1:F1DD6", "DEBIAN:DSA-3920-1:E2BE6", "DEBIAN:DSA-3969-1:F2748"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10664", "DEBIANCVE:CVE-2017-12135", "DEBIANCVE:CVE-2017-12136", "DEBIANCVE:CVE-2017-12137", "DEBIANCVE:CVE-2017-12855", "DEBIANCVE:CVE-2017-5579", "DEBIANCVE:CVE-2017-6505", "DEBIANCVE:CVE-2017-7718", "DEBIANCVE:CVE-2017-8309", "DEBIANCVE:CVE-2017-8379", "DEBIANCVE:CVE-2017-9330", "DEBIANCVE:CVE-2020-11742"]}, {"type": "fedora", "idList": ["FEDORA:0C2AA601D733", "FEDORA:27D37605EEF8", "FEDORA:37FD06094912", "FEDORA:6315F608DDDD", "FEDORA:90AC860560A5", "FEDORA:94A16601DA57", "FEDORA:DCF136075DA1", "FEDORA:DD2496077DDC", "FEDORA:E655260321A8"]}, {"type": "gentoo", "idList": ["GLSA-201702-28", "GLSA-201706-03", "GLSA-201801-14"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2017-5579/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-1206.NASL", "CENTOS_RHSA-2017-1430.NASL", "CENTOS_RHSA-2017-2445.NASL", "CITRIX_XENSERVER_CTX225941.NASL", "DEBIAN_DLA-1035.NASL", "DEBIAN_DLA-1070.NASL", "DEBIAN_DLA-1071.NASL", "DEBIAN_DLA-1132.NASL", "DEBIAN_DLA-1497.NASL", "DEBIAN_DLA-1599.NASL", "DEBIAN_DLA-939.NASL", "DEBIAN_DSA-3920.NASL", "DEBIAN_DSA-3969.NASL", "EULEROS_SA-2017-1118.NASL", "EULEROS_SA-2017-1119.NASL", "EULEROS_SA-2017-1223.NASL", "EULEROS_SA-2017-1224.NASL", "EULEROS_SA-2018-1247.NASL", "EULEROS_SA-2019-1405.NASL", "EULEROS_SA-2019-1444.NASL", "EULEROS_SA-2019-1633.NASL", "EULEROS_SA-2019-2227.NASL", "EULEROS_SA-2019-2431.NASL", "EULEROS_SA-2020-1430.NASL", "EULEROS_SA-2020-1573.NASL", "EULEROS_SA-2020-1647.NASL", "EULEROS_SA-2021-1057.NASL", "FEDORA_2017-01925DBA3C.NASL", "FEDORA_2017-374389C196.NASL", "FEDORA_2017-908F063BB6.NASL", "FEDORA_2017-B7F1197C23.NASL", "FEDORA_2017-B8FA8E1A13.NASL", "FEDORA_2017-ED735463E3.NASL", "FEDORA_2017-F336BA205D.NASL", "FEDORA_2017-F941184DB1.NASL", "GENTOO_GLSA-201702-28.NASL", "GENTOO_GLSA-201706-03.NASL", "GENTOO_GLSA-201801-14.NASL", "NEWSTART_CGSL_NS-SA-2019-0108_QEMU-KVM.NASL", "OPENSUSE-2017-1022.NASL", "OPENSUSE-2017-1023.NASL", "OPENSUSE-2017-1072.NASL", "OPENSUSE-2017-1249.NASL", "OPENSUSE-2017-563.NASL", "OPENSUSE-2017-799.NASL", "OPENSUSE-2017-822.NASL", "ORACLELINUX_ELSA-2017-1206.NASL", "ORACLELINUX_ELSA-2017-1430.NASL", "ORACLELINUX_ELSA-2017-2445.NASL", "ORACLEVM_OVMSA-2017-0101.NASL", "ORACLEVM_OVMSA-2017-0142.NASL", "ORACLEVM_OVMSA-2017-0148.NASL", "ORACLEVM_OVMSA-2017-0149.NASL", "ORACLEVM_OVMSA-2017-0153.NASL", "ORACLEVM_OVMSA-2018-0238.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "REDHAT-RHSA-2017-1205.NASL", "REDHAT-RHSA-2017-1206.NASL", "REDHAT-RHSA-2017-1430.NASL", "REDHAT-RHSA-2017-1431.NASL", "REDHAT-RHSA-2017-2390.NASL", "REDHAT-RHSA-2017-2392.NASL", "REDHAT-RHSA-2017-2445.NASL", "SL_20170509_QEMU_KVM_ON_SL6_X.NASL", "SL_20170613_QEMU_KVM_ON_SL7_X.NASL", "SL_20170815_QEMU_KVM_ON_SL7_X.NASL", "SUSE_SU-2017-0570-1.NASL", "SUSE_SU-2017-0582-1.NASL", "SUSE_SU-2017-0647-1.NASL", "SUSE_SU-2017-1143-1.NASL", "SUSE_SU-2017-1145-1.NASL", "SUSE_SU-2017-1146-1.NASL", "SUSE_SU-2017-1147-1.NASL", "SUSE_SU-2017-1148-1.NASL", "SUSE_SU-2017-1715-1.NASL", "SUSE_SU-2017-1742-1.NASL", "SUSE_SU-2017-1770-1.NASL", "SUSE_SU-2017-1774-1.NASL", "SUSE_SU-2017-1795-1.NASL", "SUSE_SU-2017-1812-1.NASL", "SUSE_SU-2017-2319-1.NASL", "SUSE_SU-2017-2326-1.NASL", "SUSE_SU-2017-2327-1.NASL", "SUSE_SU-2017-2327-2.NASL", "SUSE_SU-2017-2339-1.NASL", "SUSE_SU-2017-2416-1.NASL", "SUSE_SU-2017-2450-1.NASL", "SUSE_SU-2017-2541-1.NASL", "SUSE_SU-2017-2936-1.NASL", "SUSE_SU-2017-2946-1.NASL", "SUSE_SU-2017-2963-1.NASL", "SUSE_SU-2017-2969-1.NASL", "SUSE_SU-2017-3084-1.NASL", "SUSE_SU-2020-14444-1.NASL", "UBUNTU_USN-3261-1.NASL", "UBUNTU_USN-3289-1.NASL", "UBUNTU_USN-3414-1.NASL", "UBUNTU_USN-3414-2.NASL", "VIRTUOZZO_VZLSA-2017-1206.NASL", "VIRTUOZZO_VZLSA-2017-1430.NASL", "XEN_SERVER_XSA-230.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140303", "OPENVAS:1361412562310703920", "OPENVAS:1361412562310703969", "OPENVAS:1361412562310843132", "OPENVAS:1361412562310843172", "OPENVAS:1361412562310843303", "OPENVAS:1361412562310843314", "OPENVAS:1361412562310851551", "OPENVAS:1361412562310851577", "OPENVAS:1361412562310851580", "OPENVAS:1361412562310851610", "OPENVAS:1361412562310851613", "OPENVAS:1361412562310851620", "OPENVAS:1361412562310851641", "OPENVAS:1361412562310871812", "OPENVAS:1361412562310871828", "OPENVAS:1361412562310871878", "OPENVAS:1361412562310872586", "OPENVAS:1361412562310872665", "OPENVAS:1361412562310872918", "OPENVAS:1361412562310873308", "OPENVAS:1361412562310873313", "OPENVAS:1361412562310873335", "OPENVAS:1361412562310873378", "OPENVAS:1361412562310874435", "OPENVAS:1361412562310874616", "OPENVAS:1361412562310882712", "OPENVAS:1361412562310882732", "OPENVAS:1361412562310890939", "OPENVAS:1361412562310891035", "OPENVAS:1361412562310891070", "OPENVAS:1361412562310891071", "OPENVAS:1361412562310891132", "OPENVAS:1361412562310891497", "OPENVAS:1361412562310891599", "OPENVAS:1361412562311220171118", "OPENVAS:1361412562311220171119", "OPENVAS:1361412562311220171223", "OPENVAS:1361412562311220171224", "OPENVAS:1361412562311220181247", "OPENVAS:1361412562311220191405", "OPENVAS:1361412562311220191444", "OPENVAS:1361412562311220192227", "OPENVAS:1361412562311220192431", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201573", "OPENVAS:1361412562311220201647", "OPENVAS:703920"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1206", "ELSA-2017-1430", "ELSA-2017-2445", "ELSA-2018-0816", "ELSA-2018-2162", "ELSA-2018-4285", "ELSA-2018-4289", "ELSA-2019-4585", "ELSA-2019-4630", "ELSA-2021-9034"]}, {"type": "redhat", "idList": ["RHSA-2017:0980", "RHSA-2017:0981", "RHSA-2017:0982", "RHSA-2017:0983", "RHSA-2017:0984", "RHSA-2017:0988", "RHSA-2017:1205", "RHSA-2017:1206", "RHSA-2017:1430", "RHSA-2017:1431", "RHSA-2017:1441", "RHSA-2017:2390", "RHSA-2017:2392", "RHSA-2017:2408", "RHSA-2017:2445", "RHSA-2017:3466", "RHSA-2017:3470", "RHSA-2017:3471", "RHSA-2017:3472", "RHSA-2017:3473", "RHSA-2017:3474"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12135", "RH:CVE-2017-12136", "RH:CVE-2017-12137", "RH:CVE-2017-12855", "RH:CVE-2017-5579", "RH:CVE-2017-6505", "RH:CVE-2017-7718", "RH:CVE-2017-8309", "RH:CVE-2017-8379", "RH:CVE-2017-9330", "RH:CVE-2020-11742"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1221-1", "OPENSUSE-SU-2017:1826-1", "OPENSUSE-SU-2017:1872-1", "OPENSUSE-SU-2017:2394-1", "OPENSUSE-SU-2017:2398-1", "OPENSUSE-SU-2017:2513-1", "OPENSUSE-SU-2017:2941-1", "SUSE-SU-2017:0570-1", "SUSE-SU-2017:0582-1", "SUSE-SU-2017:0647-1", "SUSE-SU-2017:1143-1", "SUSE-SU-2017:1145-1", "SUSE-SU-2017:1146-1", "SUSE-SU-2017:1147-1", "SUSE-SU-2017:1148-1", "SUSE-SU-2017:1715-1", "SUSE-SU-2017:1742-1", "SUSE-SU-2017:1770-1", "SUSE-SU-2017:1774-1", "SUSE-SU-2017:1795-1", "SUSE-SU-2017:1812-1", "SUSE-SU-2017:2319-1", "SUSE-SU-2017:2326-1", "SUSE-SU-2017:2327-1", "SUSE-SU-2017:2327-2", "SUSE-SU-2017:2339-1", "SUSE-SU-2017:2416-1", "SUSE-SU-2017:2450-1", "SUSE-SU-2017:2541-1", "SUSE-SU-2017:2936-1", "SUSE-SU-2017:2946-1", "SUSE-SU-2017:2963-1", "SUSE-SU-2017:2969-1", "SUSE-SU-2017:3084-1"]}, {"type": "ubuntu", "idList": ["USN-3261-1", "USN-3289-1", "USN-3414-1", "USN-3414-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10664", "UB:CVE-2017-12135", "UB:CVE-2017-12136", "UB:CVE-2017-12137", "UB:CVE-2017-12855", "UB:CVE-2017-5579", "UB:CVE-2017-7718", "UB:CVE-2017-8309", "UB:CVE-2017-8379", "UB:CVE-2017-9330"]}, {"type": "xen", "idList": ["XSA-226", "XSA-227", "XSA-228", "XSA-230", "XSA-318"]}]}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2017:1206", "CESA-2017:1430", "CESA-2017:2445"]}, {"type": "citrix", "idList": ["CTX225941"]}, {"type": "cve", "idList": ["CVE-2017-10664", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-5579", "CVE-2017-7718"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1035-1:07CB0", "DEBIAN:DLA-1070-1:8671F", "DEBIAN:DLA-1071-1:8836E", "DEBIAN:DLA-1132-1:FB7F1", "DEBIAN:DLA-939-1:F1DD6", "DEBIAN:DSA-3920-1:E2BE6", "DEBIAN:DSA-3969-1:F2748"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10664", "DEBIANCVE:CVE-2017-5579", "DEBIANCVE:CVE-2017-7718", "DEBIANCVE:CVE-2017-8309", "DEBIANCVE:CVE-2017-8379", "DEBIANCVE:CVE-2017-9330"]}, {"type": "fedora", "idList": ["FEDORA:37FD06094912", "FEDORA:6315F608DDDD", "FEDORA:90AC860560A5", "FEDORA:94A16601DA57", "FEDORA:DCF136075DA1", "FEDORA:DD2496077DDC", "FEDORA:E655260321A8"]}, {"type": "gentoo", "idList": ["GLSA-201702-28"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2017-5579/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-1206.NASL", "CENTOS_RHSA-2017-2445.NASL", "CITRIX_XENSERVER_CTX225941.NASL", "DEBIAN_DLA-1035.NASL", "DEBIAN_DLA-1132.NASL", "DEBIAN_DSA-3920.NASL", "EULEROS_SA-2017-1118.NASL", "EULEROS_SA-2017-1119.NASL", "FEDORA_2017-B8FA8E1A13.NASL", "FEDORA_2017-F336BA205D.NASL", "FEDORA_2017-F941184DB1.NASL", "GENTOO_GLSA-201702-28.NASL", "OPENSUSE-2017-563.NASL", "OPENSUSE-2017-799.NASL", "OPENSUSE-2017-822.NASL", "ORACLELINUX_ELSA-2017-1206.NASL", "ORACLELINUX_ELSA-2017-2445.NASL", "ORACLEVM_OVMSA-2017-0101.NASL", "REDHAT-RHSA-2017-1206.NASL", "REDHAT-RHSA-2017-2390.NASL", "REDHAT-RHSA-2017-2445.NASL", "SL_20170509_QEMU_KVM_ON_SL6_X.NASL", "SL_20170815_QEMU_KVM_ON_SL7_X.NASL", "SUSE_SU-2017-0570-1.NASL", "SUSE_SU-2017-1143-1.NASL", "SUSE_SU-2017-1145-1.NASL", "SUSE_SU-2017-1146-1.NASL", "SUSE_SU-2017-1147-1.NASL", "SUSE_SU-2017-1148-1.NASL", "SUSE_SU-2017-1742-1.NASL", "SUSE_SU-2017-1770-1.NASL", "SUSE_SU-2017-1774-1.NASL", "SUSE_SU-2017-1795-1.NASL", "SUSE_SU-2017-1812-1.NASL", "VIRTUOZZO_VZLSA-2017-1206.NASL", "VIRTUOZZO_VZLSA-2017-1430.NASL", "XEN_SERVER_XSA-230.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843172", "OPENVAS:1361412562310851551", "OPENVAS:1361412562310851577", "OPENVAS:1361412562310851580", "OPENVAS:1361412562310871812", "OPENVAS:1361412562310871828", "OPENVAS:1361412562310872918", "OPENVAS:1361412562310882712", "OPENVAS:1361412562310882732", "OPENVAS:703920"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1206", "ELSA-2017-2445"]}, {"type": "redhat", "idList": ["RHSA-2017:0982", "RHSA-2017:0983", "RHSA-2017:0988", "RHSA-2017:2390", "RHSA-2017:2445"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11742"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1221-1", "OPENSUSE-SU-2017:1826-1", "OPENSUSE-SU-2017:1872-1", "SUSE-SU-2017:0570-1", "SUSE-SU-2017:1143-1", "SUSE-SU-2017:1145-1", "SUSE-SU-2017:1146-1", "SUSE-SU-2017:1147-1", "SUSE-SU-2017:1148-1", "SUSE-SU-2017:1770-1", "SUSE-SU-2017:1774-1", "SUSE-SU-2017:1795-1", "SUSE-SU-2017:1812-1"]}, {"type": "ubuntu", "idList": ["USN-3289-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10664", "UB:CVE-2017-12135", "UB:CVE-2017-12136", "UB:CVE-2017-12137", "UB:CVE-2017-12855", "UB:CVE-2017-5579", "UB:CVE-2017-7718", "UB:CVE-2017-8309", "UB:CVE-2017-8379", "UB:CVE-2017-9330"]}, {"type": "xen", "idList": ["XSA-226", "XSA-227", "XSA-228", "XSA-230"]}]}, "exploitation": null, "vulnersScore": 5.6}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "xen", "packageVersion": "4.7.3", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2019-05-29T18:34:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-16T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-ed735463e3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-5579", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-10664", "CVE-2017-12136"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873378", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ed735463e3_xen_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-ed735463e3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873378\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-16 07:45:27 +0200 (Sat, 16 Sep 2017)\");\n script_cve_id(\"CVE-2017-9330\", \"CVE-2017-10664\", \"CVE-2017-8309\", \"CVE-2017-8379\",\n \"CVE-2017-5579\", \"CVE-2017-7718\", \"CVE-2017-12135\", \"CVE-2017-12137\",\n \"CVE-2017-12136\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-ed735463e3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ed735463e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOC4V47PNNEIZKIK3YWSMOJYB45QJ2QU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.3~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-25T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-f336ba205d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-5579", "CVE-2017-12137", "CVE-2017-12136"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f336ba205d_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-f336ba205d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873308\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-25 08:19:51 +0200 (Fri, 25 Aug 2017)\");\n script_cve_id(\"CVE-2017-5579\", \"CVE-2017-7718\", \"CVE-2017-12135\", \"CVE-2017-12137\",\n \"CVE-2017-12136\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-f336ba205d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f336ba205d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGXBHFQZ4H4OUIX3RIOIJ22FHUBY27JG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.1~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:2394-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12855", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-10664", "CVE-2017-12136", "CVE-2017-11434"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851610", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851610\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-09 07:20:05 +0200 (Sat, 09 Sep 2017)\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\",\n \"CVE-2017-12137\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:2394-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a\n malicious guest to crash the host or potentially escalate\n privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for\n privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows\n a malicious guest administrator to crash the host or escalate their\n privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP\n options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to\n potentially leaking sensitive information (XSA-230 bsc#1052686.\n\n These non-security issues were fixed:\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after\n the save using xl stack\n\n - bsc#1035231: Migration of HVM domU did not use superpages on destination\n dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2394-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.0_11~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:2398-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12855", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-10664", "CVE-2017-12136", "CVE-2017-11434", "CVE-2016-9603"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851613", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851613", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851613\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-09 07:20:39 +0200 (Sat, 09 Sep 2017)\");\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\",\n \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:2398-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen to version 4.7.3 fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a\n malicious guest to crash the host or potentially escalate\n privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for\n privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows\n a malicious guest administrator to crash the host or escalate their\n privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP\n options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to\n potentially leaking sensitive information (XSA-230 CVE-2017-12855).\n\n These non-security issues were fixed:\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after\n the save using xl stack\n\n - bsc#1035231: Migration of HVM domU did not use superpages on destination\n dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd\n\n - bsc#1037840: Xen-detect always showed HVM for PV guests\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2398-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.3_03~11.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:29:52", "description": "A number of security vulnerabilities have been identified in Citrix XenServer that may allow a\n malicious administrator of a guest VM to compromise the host.", "cvss3": {}, "published": "2017-08-16T00:00:00", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX225941)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12855", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12136", "CVE-2017-12134"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310140303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140303", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX225941)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140303\");\n script_version(\"2020-04-02T13:53:24+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-16 09:04:44 +0700 (Wed, 16 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-12134\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX225941)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n script_tag(name:\"summary\", value:\"A number of security vulnerabilities have been identified in Citrix XenServer that may allow a\n malicious administrator of a guest VM to compromise the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2017-12134: (High) linux: Fix Xen block IO merge-ability calculation.\n\n - CVE-2017-12135: (Medium) multiple problems with transitive grants.\n\n - CVE-2017-12136: (High) grant_table: Race conditions with maptrack free list handling.\n\n - CVE-2017-12137: (High) x86: PV privilege escalation via map_grant_ref.\n\n - CVE-2017-12855: (Low) grant_table: possibly premature clearing of GTF_writing / GTF_reading.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"affected\", value:\"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX225941\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E004', 'XS72E005');\npatches['7.1.0'] = make_list('XS71E013', 'XS71E014');\npatches['7.0.0'] = make_list('XS70E039', 'XS70E040');\npatches['6.5.0'] = make_list('XS65ESP1059', 'XS65ESP1060');\npatches['6.2.0'] = make_list('XS62ESP1063');\npatches['6.0.2'] = make_list('XS602ECC047');\n\ncitrix_xenserver_check_report_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-b8fa8e1a13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8379", "CVE-2017-8309"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_b8fa8e1a13_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-b8fa8e1a13\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873313\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-27 07:14:33 +0200 (Sun, 27 Aug 2017)\");\n script_cve_id(\"CVE-2017-8309\", \"CVE-2017-8379\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-b8fa8e1a13\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b8fa8e1a13\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCDKFYIVA6JGLNBGA6NGM3C2Q3BUFQ53\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.1~7.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for qemu USN-3289-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-7377", "CVE-2017-8309"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843172", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qemu USN-3289-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843172\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-17 06:54:41 +0200 (Wed, 17 May 2017)\");\n script_cve_id(\"CVE-2017-7377\", \"CVE-2017-8086\", \"CVE-2017-7718\", \"CVE-2017-7980\",\n \"CVE-2017-8309\", \"CVE-2017-8379\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3289-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Li Qiang discovered that QEMU incorrectly\n handled VirtFS directory sharing. A privileged attacker inside the guest could\n use this issue to cause QEMU to crash, resulting in a denial of service.\n (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled\n the Cirrus VGA device. A privileged attacker inside the guest could use this\n issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7718)\n Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA\n device when being used with a VNC connection. A privileged attacker inside the\n guest could use this issue to cause QEMU to crash, resulting in a denial of\n service, or possibly execute arbitrary code on the host. In the default\n installation, when QEMU is used with libvirt, attackers would be isolated by the\n libvirt AppArmor profile. (CVE-2017-7980) Jiang Xin discovered that QEMU\n incorrectly handled the audio subsystem. A privileged attacker inside the guest\n could use this issue to cause QEMU to crash, resulting in a denial of service.\n (CVE-2017-8309) Jiang Xin discovered that QEMU incorrectly handled the input\n subsystem. A privileged attacker inside the guest could use this issue to cause\n QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu\n 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-8379)\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3289-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3289-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-3ubuntu2.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.6.1+dfsg-0ubuntu5.5\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-13T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-eb69078020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-15597", "CVE-2018-10472", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2017-15595", "CVE-2017-9524"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_eb69078020_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-eb69078020\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-13 05:45:06 +0200 (Sun, 13 May 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\",\n \"CVE-2017-13672\", \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\",\n \"CVE-2017-14319\", \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\",\n \"CVE-2017-11334\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\",\n \"CVE-2017-7718\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\",\n \"CVE-2017-12855\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-eb69078020\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-eb69078020\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTBUMHXXYEU5ST4CRY3CHNJZUII77XCT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-28T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-7cd077ddd3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-15595", "CVE-2017-9524"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7cd077ddd3_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-7cd077ddd3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874616\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-28 05:53:47 +0200 (Mon, 28 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\",\n \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17044\",\n \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\",\n \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\",\n \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\", \"CVE-2017-13672\",\n \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\", \"CVE-2017-14319\",\n \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\", \"CVE-2017-11334\",\n \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\", \"CVE-2017-7718\",\n \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-7cd077ddd3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7cd077ddd3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFPXZZ4KQ6AGMTQLMLDRU2CQ4SRCPWK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:12:13", "description": "Multiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests\nbased on the Quick Emulator(Qemu).\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img.\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu-kvm (DLA-1071-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6505", "CVE-2017-8309", "CVE-2017-10664", "CVE-2017-11434"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891071", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891071\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-6505\", \"CVE-2017-8309\");\n script_name(\"Debian LTS: Security Advisory for qemu-kvm (DLA-1071-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00022.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests\nbased on the Quick Emulator(Qemu).\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img.\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T20:09:22", "description": "Multiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-1070-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6505", "CVE-2017-8309", "CVE-2017-10664", "CVE-2017-11434"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891070", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891070\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-6505\", \"CVE-2017-8309\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-1070-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00023.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6+deb7u23\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-04T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-b7f1197c23", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11334", "CVE-2017-9330", "CVE-2017-10664", "CVE-2017-9524"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_b7f1197c23_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2017-b7f1197c23\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873335\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-04 07:27:12 +0200 (Mon, 04 Sep 2017)\");\n script_cve_id(\"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\", \"CVE-2017-11334\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-b7f1197c23\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b7f1197c23\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DSQQPBXRMPDYNWMOKL5CZGR47LDG22S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.1~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-26T00:00:00", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-f941184db1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8112", "CVE-2017-7718", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-9330", "CVE-2017-7377", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-9060", "CVE-2017-10806", "CVE-2017-9310", "CVE-2016-9603"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f941184db1_qemu_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qemu FEDORA-2017-f941184db1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872918\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-26 07:33:04 +0200 (Wed, 26 Jul 2017)\");\n script_cve_id(\"CVE-2017-7718\", \"CVE-2016-9603\", \"CVE-2017-7377\", \"CVE-2017-7980\",\n \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\",\n \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9374\",\n \"CVE-2017-10806\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-f941184db1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f941184db1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBO4GN7KLLDD66JCIRPV4YS2EQFLOYLW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:37", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916\nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919\nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136\nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.", "cvss3": {}, "published": "2017-09-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3969-1 (xen - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3969.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3969-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703969\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n script_name(\"Debian Security Advisory DSA 3969-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-12 00:00:00 +0200 (Tue, 12 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3969.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916\nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919\nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136\nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-arm64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2017:2445-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871878", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2445-01_qemu-kvm.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for qemu-kvm RHSA-2017:2445-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871878\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 07:25:35 +0200 (Wed, 09 Aug 2017)\");\n script_cve_id(\"CVE-2017-10664\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2017:2445-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a\nfull virtualization solution for Linux on a variety of architectures. The qemu-kvm\npackage provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server\nsupport is vulnerable to a crash via a SIGPIPE signal. The crash can occur\nif a client aborts a connection due to any failure during negotiation or\nread operation. A remote user/process could use this flaw to crash the\nqemu-nbd server resulting in a DoS. (CVE-2017-10664)\");\n script_tag(name:\"affected\", value:\"qemu-kvm on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2445-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~141.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~141.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~1.5.3~141.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~141.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T18:47:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:1872-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-9374", "CVE-2017-8379", "CVE-2016-10029", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-6505", "CVE-2017-9330", "CVE-2017-7377", "CVE-2017-5579", "CVE-2017-8380", "CVE-2017-5973", "CVE-2017-8309", "CVE-2016-10028", "CVE-2017-5987", "CVE-2017-7471", "CVE-2016-9602", "CVE-2017-9373", "CVE-2016-9603"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851580", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851580\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 07:22:49 +0200 (Sun, 16 Jul 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-9602\", \"CVE-2016-9603\",\n \"CVE-2017-5579\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\",\n \"CVE-2017-7377\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\",\n \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\",\n \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9330\", \"CVE-2017-9373\",\n \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:1872-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042159).\n\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support\n allowed local guest OS privileged users to cause a denial of service\n (host memory consumption) by rapidly generating large keyboard events\n (bsc#1037334).\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037242).\n\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File\n System(9pfs) support, was vulnerable to an improper access control\n issue. It could occur while accessing virtfs metadata files in\n mapped-file security mode. A guest user could have used this flaw to\n escalate their privileges inside guest (bsc#1039495).\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in\n hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial\n of service (file descriptor or memory consumption) via vectors related\n to an already in-use fid (bsc#1032075).\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in\n hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a\n denial of service (memory consumption) via vectors involving the\n orig_value variable (bsc#1035950).\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in\n hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial\n of service (infinite loop and QEMU process crash) via vectors involving\n the transfer mode register during multi block transfer (bsc#1025311).\n\n - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c\n allowed local guest OS users to cause a denial of service (infinite\n loop) via vectors involving the number of link endpoint list descriptors\n (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a\n heap overflow in the device model process, potentially escalating their\n privileges to that of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors related to copy ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1872-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~31.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~31.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~31.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~31.3.6\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~31.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:1221-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2016-9603"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851551", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851551\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 06:54:06 +0200 (Wed, 10 May 2017)\");\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-7718\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:1221-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - A malicious 64-bit PV guest may be able to access all of system memory,\n allowing for all of privilege escalation, host crashes, and information\n leaks by placing a IRET hypercall in the middle of a multicall batch\n (XSA-213, bsc#1034843)\n\n - A malicious pair of guests may be able to access all of system memory,\n allowing for all of privilege escalation, host crashes, and information\n leaks because of a missing check when transferring pages via\n GNTTABOP_transfer (XSA-214, bsc#1034844).\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions\n (bsc#1034994).\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a\n heap overflow in the device model process, potentially escalating their\n privileges to that of the device model process (bsc#1028655)\n\n These non-security issues were fixed:\n\n - bsc#1029827: Additional xenstore patch\n\n - bsc#1036146: Xen VM dumped core to wrong path\n\n - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached\n CDRom\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1221-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.2_04~11.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171118", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1118\");\n script_version(\"2020-01-23T10:51:35+0000\");\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1118)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1118\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1118\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1118 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nAn out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~126.9.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:05", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171119", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1119\");\n script_version(\"2020-01-23T10:51:37+0000\");\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1119)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1119\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1119\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1119 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nAn out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~126.9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~126.9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~126.9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-13T00:00:00", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2017:1430-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2017:1430-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871828\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-13 12:59:30 +0200 (Tue, 13 Jun 2017)\");\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2017:1430-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full\n virtualization solution for Linux on a variety of architectures. The qemu-kvm\n package provides the user-space component for running virtual machines that use\n KVM. Security Fix(es): * An out-of-bounds r/w access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while\n copying VGA data via various bitblt functions. A privileged user inside a guest\n could use this flaw to crash the QEMU process or, potentially, execute arbitrary\n code on the host with privileges of the QEMU process. (CVE-2017-7980) * An\n out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator\n support. The vulnerability could occur while copying VGA data using bitblt\n functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside\n a guest could use this flaw to crash the QEMU process, resulting in denial of\n service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc)\n and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin\n (PSIRT Huawei Inc) for reporting CVE-2017-7718. Bug Fix(es): * Previously, guest\n virtual machines in some cases became unresponsive when the 'pty' back end of a\n serial device performed an irregular I/O communication. This update improves the\n handling of serial I/O on guests, which prevents the described problem from\n occurring. (BZ#1452332)\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1430-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-June/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~126.el7_3.9\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~126.el7_3.9\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~126.el7_3.9\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~1.5.3~126.el7_3.9\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~126.el7_3.9\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "description": "Check the version of qemu-img", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "CentOS Update for qemu-img CESA-2017:1430 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882732", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882732", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-img CESA-2017:1430 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882732\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 06:40:38 +0200 (Wed, 14 Jun 2017)\");\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-img CESA-2017:1430 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-img\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a\nfull virtualization solution for Linux on a variety of architectures.\nThe qemu-kvm package provides the user-space component for running virtual\nmachines that use KVM.\n\nSecurity Fix(es):\n\n * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA data\nvia various bitblt functions. A privileged user inside a guest could use\nthis flaw to crash the QEMU process or, potentially, execute arbitrary code\non the host with privileges of the QEMU process. (CVE-2017-7980)\n\n * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA\nEmulator support. The vulnerability could occur while copying VGA data\nusing bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A\nprivileged user inside a guest could use this flaw to crash the QEMU\nprocess, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo\n360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc)\nfor reporting CVE-2017-7718.\n\nBug Fix(es):\n\n * Previously, guest virtual machines in some cases became unresponsive when\nthe 'pty' back end of a serial device performed an irregular I/O\ncommunication. This update improves the handling of serial I/O on guests,\nwhich prevents the described problem from occurring. (BZ#1452332)\");\n script_tag(name:\"affected\", value:\"qemu-img on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1430\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022458.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~126.el7_3.9\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~126.el7_3.9\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~126.el7_3.9\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~126.el7_3.9\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-01925dba3c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5579", "CVE-2016-8667"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-01925dba3c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872586\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:40:53 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2016-8667\", \"CVE-2017-5579\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-01925dba3c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-01925dba3c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE2AECQV2NB5JMX4ZRUYCCE3E6FFNSKO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-13T00:00:00", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-374389c196", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5579", "CVE-2016-8667"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-374389c196\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872665\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-13 06:54:59 +0200 (Sat, 13 May 2017)\");\n script_cve_id(\"CVE-2016-8667\", \"CVE-2017-5579\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-374389c196\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-374389c196\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAETHKAAAN4F4PFFMM3YFS7D3HNWM2BE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~8.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-08-23T11:19:54", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-08-08T00:00:00", "id": "OPENVAS:703920", "href": "http://plugins.openvas.org/nasl.php?oid=703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 6873 2017-08-08 12:35:26Z teissa $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703920);\n script_version(\"$Revision: 6873 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-08 14:35:26 +0200 (Tue, 08 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:29", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310\nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\nDenial of service in qemu-nbd server.\n\nCVE-2017-10664\nDenial of service in qemu-nbd server.\n\nCVE-2017-10911\nInformation leak in Xen blkif response handling.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703920\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310\nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\nDenial of service in qemu-nbd server.\n\nCVE-2017-10664\nDenial of service in qemu-nbd server.\n\nCVE-2017-10911\nInformation leak in Xen blkif response handling.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:11:42", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1132-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891132", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891132\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14318\", \"CVE-2017-14319\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1132-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn't\nverified which which may result in privilege escalation.\n\nCVE-2017-14317\n\nEric Chanudet discovered that a race conditions in cxenstored might\nresult in information leaks or privilege escalation.\n\nCVE-2017-14318\n\nMatthew Daley discovered that incorrect validation of\ngrants may result in a denial of service.\n\nCVE-2017-14319\n\nAndrew Cooper discovered that insufficient grant unmapping\nchecks may result in denial of service and privilege escalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-1444)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191444", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1444\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2016-9602\", \"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-14167\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\", \"CVE-2017-18043\", \"CVE-2017-5579\", \"CVE-2017-8284\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2018-10839\", \"CVE-2018-12617\", \"CVE-2018-7550\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-1444)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1444\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1444\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu' package(s) announced via the EulerOS-SA-2019-1444 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario. (CVE-2018-10839)\n\nqmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.(CVE-2018-12617)\n\nQemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. (CVE-2016-9602)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550)\n\nAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672)\n\nAn assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. (CVE-2017-13673)\n\nThe Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.(CVE-2017-15119)\n\nQEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-gpu-specs\", rpm:\"qemu-gpu-specs~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~2.8.1~30.027\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1405)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15124", "CVE-2017-15268", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-13673", "CVE-2017-5579", "CVE-2017-8284", "CVE-2016-9602", "CVE-2017-13672", "CVE-2018-7550", "CVE-2017-9373", "CVE-2017-18043"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191405", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1405\");\n script_version(\"2020-01-23T11:42:22+0000\");\n script_cve_id(\"CVE-2016-9602\", \"CVE-2017-13672\", \"CVE-2017-13673\", \"CVE-2017-14167\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\", \"CVE-2017-18043\", \"CVE-2017-5579\", \"CVE-2017-8284\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2018-10839\", \"CVE-2018-12617\", \"CVE-2018-7550\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:42:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:42:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1405)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1405\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1405\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2019-1405 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario. (CVE-2018-10839)\n\nqmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.(CVE-2018-12617)\n\nQemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. (CVE-2016-9602)\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550)\n\nAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672)\n\nAn assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. (CVE-2017-13673)\n\nThe Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.(CVE-2017-15119)\n\nQEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.025\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:08:43", "description": "Multiple vulnerabilities have been discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware based on Quick\nEmulator(Qemu). The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2016-9603\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the VNC\ndisplay driver support is vulnerable to a heap buffer overflow\nissue. It could occur when Vnc client attempts to update its\ndisplay after a vga operation is performed by a guest.\n\nA privileged user/process inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially leverage it to\nexecute arbitrary code on the host with privileges of the Qemu\nprocess.\n\nCVE-2017-7718\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds access issue. It could occur while\ncopying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_\nand/or cirrus_bitblt_rop_fwd_.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS.\n\nCVE-2017-7980\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds r/w access issues. It could occur\nwhile copying VGA data via various bitblt functions.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary code\non a host with privileges of Qemu process on the host.", "cvss3": {}, "published": "2018-01-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu-kvm (DLA-939-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980", "CVE-2016-9603"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890939", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890939\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-7718\", \"CVE-2017-7980\");\n script_name(\"Debian LTS: Security Advisory for qemu-kvm (DLA-939-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u21.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware based on Quick\nEmulator(Qemu). The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2016-9603\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the VNC\ndisplay driver support is vulnerable to a heap buffer overflow\nissue. It could occur when Vnc client attempts to update its\ndisplay after a vga operation is performed by a guest.\n\nA privileged user/process inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially leverage it to\nexecute arbitrary code on the host with privileges of the Qemu\nprocess.\n\nCVE-2017-7718\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds access issue. It could occur while\ncopying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_\nand/or cirrus_bitblt_rop_fwd_.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS.\n\nCVE-2017-7980\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds r/w access issues. It could occur\nwhile copying VGA data via various bitblt functions.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary code\non a host with privileges of Qemu process on the host.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:1826-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851577", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851577\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:54:54 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\",\n \"CVE-2017-10922\", \"CVE-2017-8309\", \"CVE-2017-9330\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:1826-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code\n allowed for information leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked information to\n other guests (XSA-220, bsc#1042923)\n\n These non-security issues were fixed:\n\n - bsc#1027519: Included various upstream patches\n\n - bsc#1035642: Ensure that rpmbuild works\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1826-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:35:23", "description": "Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains)\n\n----\n\nfull fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio:\nhost memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561)\n\n----\n\nQemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Fedora 25 : xen (2017-ed735463e3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-12134", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-ED735463E3.NASL", "href": "https://www.tenable.com/plugins/nessus/103342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ed735463e3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103342);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-12134\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-5579\", \"CVE-2017-7718\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-9330\");\n script_xref(name:\"FEDORA\", value:\"2017-ed735463e3\");\n\n script_name(english:\"Fedora 25 : xen (2017-ed735463e3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu: usb: ohci: infinite loop due to incorrect return value\n[CVE-2017-9330] (#1457698) Qemu: qemu-nbd: server breaks with SIGPIPE\nupon client abort [CVE-2017-10664] (#1466466) revised full fix for\nXSA-226 (regressed 32-bit Dom0 or backend domains)\n\n----\n\nfull fix for XSA-226, replacing workaround drop conflict of xendomain\nand libvirtd as can cause problems (#1398590) add-to-physmap error\npaths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio:\nhost memory leakage via capture buffer [CVE-2017-8309] (#1446521)\nQemu: input: host memory leakage via keyboard events [CVE-2017-8379]\n(#1446561)\n\n----\n\nQemu: serial: host memory leakage 16550A UART emulation\n[CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access\nissue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765)\nmultiple problems with transitive grants [XSA-226, CVE-2017-12135]\nx86: PV privilege escalation via map_grant_ref [XSA-227,\nCVE-2017-12137] grant_table: Race conditions with maptrack free list\nhandling [XSA-228, CVE-2017-12136] grant_table: possibly premature\nclearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed735463e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.3-4.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:50", "description": "Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-08-23T00:00:00", "type": "nessus", "title": "Fedora 26 : xen (2017-f336ba205d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12134", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-5579", "CVE-2017-7718"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-F336BA205D.NASL", "href": "https://www.tenable.com/plugins/nessus/102686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f336ba205d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102686);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-12134\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-5579\", \"CVE-2017-7718\");\n script_xref(name:\"FEDORA\", value:\"2017-f336ba205d\");\n\n script_name(english:\"Fedora 26 : xen (2017-f336ba205d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu: serial: host memory leakage 16550A UART emulation\n[CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access\nissue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765)\nmultiple problems with transitive grants [XSA-226, CVE-2017-12135]\nx86: PV privilege escalation via map_grant_ref [XSA-227,\nCVE-2017-12137] grant_table: Race conditions with maptrack free list\nhandling [XSA-228, CVE-2017-12136] grant_table: possibly premature\nclearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f336ba205d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-6.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:18", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686.\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 Security Update : xen (SUSE-SU-2017:2327-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2327-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2327-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102953);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"SUSE SLED12 Security Update : xen (SUSE-SU-2017:2327-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list\n handling allows a malicious guest administrator to crash\n the host or escalate their privilege to that of the host\n (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230 bsc#1052686.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12136/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172327-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?141c7e11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1437=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1437=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.0_11-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:52", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686.\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:2327-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2327-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2327-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104649);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:2327-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list\n handling allows a malicious guest administrator to crash\n the host or escalate their privilege to that of the host\n (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230 bsc#1052686.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12136/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172327-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0440dc7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1437=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.0_11-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.0_11-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:36", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686.\n\nThese non-security issues were fixed :\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack\n\n - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2017-1023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1023.NASL", "href": "https://www.tenable.com/plugins/nessus/103159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1023.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103159);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-1023)\");\n script_summary(english:\"Check for the openSUSE-2017-1023 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list\n handling allows a malicious guest administrator to crash\n the host or escalate their privilege to that of the host\n (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230 bsc#1052686.\n\nThese non-security issues were fixed :\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be\n restored after the save using xl stack\n\n - bsc#1035231: Migration of HVM domU did not use\n superpages on destination dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd\n block-dmmd\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055695\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-debugsource-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-devel-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-doc-html-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-debuginfo-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-debuginfo-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-4.9.0_11-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-debuginfo-4.9.0_11-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:27", "description": "This update for xen to version 4.7.3 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 CVE-2017-12855).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-10664", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2326-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102952", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2326-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102952);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen to version 4.7.3 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list\n handling allows a malicious guest administrator to crash\n the host or escalate their privilege to that of the host\n (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230 CVE-2017-12855).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12136/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172326-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?281dfc3b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1438=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1438=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1438=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1438=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.3_03-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.3_03-43.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:27", "description": "This update for xen to version 4.7.3 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 CVE-2017-12855).\n\nThese non-security issues were fixed :\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack \n\n - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd\n\n - bsc#1037840: Xen-detect always showed HVM for PV guests\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2017-1022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-10664", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-1022.NASL", "href": "https://www.tenable.com/plugins/nessus/103158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1022.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103158);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-1022)\");\n script_summary(english:\"Check for the openSUSE-2017-1022 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen to version 4.7.3 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-12136: Race conditions with maptrack free list\n handling allows a malicious guest administrator to crash\n the host or escalate their privilege to that of the host\n (XSA-228, bsc#1051789).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230 CVE-2017-12855).\n\nThese non-security issues were fixed :\n\n - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be\n restored after the save using xl stack \n\n - bsc#1035231: Migration of HVM domU did not use\n superpages on destination dom0\n\n - bsc#1002573: Optimized LVM functions in block-dmmd\n block-dmmd\n\n - bsc#1037840: Xen-detect always showed HVM for PV guests\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055695\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-debugsource-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-devel-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-debuginfo-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-debuginfo-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.3_03-11.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.3_03-11.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:52", "description": "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities.\n\nNote that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-08-18T00:00:00", "type": "nessus", "title": "Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12134", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2020-07-10T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-230.NASL", "href": "https://www.tenable.com/plugins/nessus/102585", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102585);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\n \"CVE-2017-12134\",\n \"CVE-2017-12135\",\n \"CVE-2017-12136\",\n \"CVE-2017-12137\",\n \"CVE-2017-12855\"\n );\n script_bugtraq_id(\n 100341,\n 100342,\n 100343,\n 100344,\n 100346\n );\n script_xref(name:\"IAVB\", value:\"2017-B-0108-S\");\n\n script_name(english:\"Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by multiple vulnerabilities.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-226.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-227.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-228.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-229.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-230.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12137\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\n# XSA-226\nfixes['4.5']['fixed_ver'] = '4.5.5';\nfixes['4.5']['fixed_ver_display'] = '4.5.5 (changeset c5b0fe5)';\nfixes['4.5']['affected_ver_regex'] = '^4\\\\.5\\\\.';\nfixes['4.5']['affected_changesets'] = make_list(\"136ff4e\", \"42c8ba5\",\n \"d38489d\", \"df59014\", \"3217129\", \"4964e86\", \"c079597\", \"6ec173b\",\n \"a373456\", \"0780e81\", \"e5ef76d\", \"25eaa86\", \"ae02360\", \"5597df9\",\n \"c5de05e\", \"773094e\", \"e39a248\", \"7b3712a\", \"be35327\", \"8825df1\",\n \"d7e3725\", \"6eb61e4\", \"b1fcfed\", \"5779d6a\", \"afdd77e\", \"c18367a\",\n \"7b7fd80\", \"b30e165\", \"62ef9b2\", \"8071724\", \"235b5d5\", \"a28b99d\",\n \"ff294fc\", \"bc01e2d\", \"da50922\", \"386cc94\", \"139960f\", \"ec3ddd6\",\n \"988929a\", \"1c48dff\", \"20d4248\", \"9610422\", \"cd76cd3\", \"455fd66\",\n \"b820c31\", \"ac3d8bc\", \"cde86fc\", \"1678521\", \"83cb2db\", \"43d06ef\",\n \"2b17bf4\", \"1a2bda5\", \"0bd7faf\", \"e3426e2\", \"37281bc\", \"27be856\",\n \"bdf3ef1\", \"cc325c0\", \"8e7b84d\", \"387b8ae\", \"34fbae7\", \"1530da2\",\n \"274a1f6\", \"b679cfa\", \"877b760\", \"cfe165d\", \"84e4e56\", \"e4ae4b0\");\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset b4660b4)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"1ac8162\", \"747df3c\",\n \"5ae011e\", \"f974d32\", \"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.4';\nfixes['4.7']['fixed_ver_display'] = '4.7.4-pre (changeset 5151257)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"c9f3ca0\", \"e873251\",\n \"8aebf85\", \"c362cde\", \"fece08a\");\n\nfixes['4.8']['fixed_ver'] = '4.8.2';\nfixes['4.8']['fixed_ver_display'] = '4.8.2-pre (changeset 236263f)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"5c10e0e\", \"5afb94c\",\n \"f5211ce\", \"877591c\", \"460cd3b\", \"1e6c88f\", \"55cf609\", \"079550e\",\n \"f6f543f\", \"a332ac1\", \"1a147b5\", \"8652908\", \"1e40f87\", \"7dd85eb\",\n \"24809e0\", \"8d3dafb\", \"aedaa82\", \"a75d7ad\", \"125a3a9\", \"b859653\",\n \"429ad0d\", \"1959b49\", \"670bb9d\", \"270b9f8\", \"50ee10e\", \"e5da3cc\",\n \"982d477\", \"ca71eb3\", \"c7dab25\", \"ca97409\", \"a4bca7c\", \"fe5bbfd\",\n \"cb99078\", \"e1bcfb1\", \"2d37e90\", \"c427a81\", \"125e4d4\", \"9e6b2dd\",\n \"52d8380\", \"5026eb5\", \"e5ec23e\", \"79d2d5c\", \"b7d2c0f\", \"d584144\",\n \"d721af1\", \"72808a8\", \"173eb93\", \"d29cb49\", \"98cefcc\", \"e91a24c\",\n \"de1318b\", \"4057c6e\", \"834ea87\", \"efd2ff9\", \"19ad7c0\", \"1780c26\",\n \"8f6d1f9\", \"957dc0e\", \"12b1425\", \"a782d9d\");\n\nfixes['4.9']['fixed_ver'] = '4.9.1';\nfixes['4.9']['fixed_ver_display'] = '4.9.1-pre (changeset 9bf14bb)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"c57b1f9\", \"6b147fd\",\n \"0e186e3\", \"afc5ebf\", \"266fc0e\", \"4698106\", \"f4f02f1\", \"0fada05\",\n \"ab4eb6c\", \"b29ecc7\", \"a11d14b\", \"107401e\", \"1b7834a\");\n\n\n# XSA-227\nfixes['4.5']['fixed_ver'] = '4.5.5';\nfixes['4.5']['fixed_ver_display'] = '4.5.5 (changeset df59014)';\nfixes['4.5']['affected_ver_regex'] = '^4\\\\.5\\\\.';\nfixes['4.5']['affected_changesets'] = make_list(\"3217129\", \"4964e86\",\n \"c079597\", \"6ec173b\", \"a373456\", \"0780e81\", \"e5ef76d\", \"25eaa86\",\n \"ae02360\", \"5597df9\", \"c5de05e\", \"773094e\", \"e39a248\", \"7b3712a\",\n \"be35327\", \"8825df1\", \"d7e3725\", \"6eb61e4\", \"b1fcfed\", \"5779d6a\",\n \"afdd77e\", \"c18367a\", \"7b7fd80\", \"b30e165\", \"62ef9b2\", \"8071724\",\n \"235b5d5\", \"a28b99d\", \"ff294fc\", \"bc01e2d\", \"da50922\", \"386cc94\",\n \"139960f\", \"ec3ddd6\", \"988929a\", \"1c48dff\", \"20d4248\", \"9610422\",\n \"cd76cd3\", \"455fd66\", \"b820c31\", \"ac3d8bc\", \"cde86fc\", \"1678521\",\n \"83cb2db\", \"43d06ef\", \"2b17bf4\", \"1a2bda5\", \"0bd7faf\", \"e3426e2\",\n \"37281bc\", \"27be856\", \"bdf3ef1\", \"cc325c0\", \"8e7b84d\", \"387b8ae\",\n \"34fbae7\", \"1530da2\", \"274a1f6\", \"b679cfa\", \"877b760\", \"cfe165d\",\n \"84e4e56\", \"e4ae4b0\");\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 3300ad3)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.3';\nfixes['4.7']['fixed_ver_display'] = '4.7.3 (changeset 767f6d2)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"4fbfa34\");\n\nfixes['4.8']['fixed_ver'] = '4.8.2';\nfixes['4.8']['fixed_ver_display'] = '4.8.2-pre (changeset 460cd3b)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"1e6c88f\", \"55cf609\",\n \"079550e\", \"f6f543f\", \"a332ac1\", \"1a147b5\", \"8652908\", \"1e40f87\",\n \"7dd85eb\", \"24809e0\", \"8d3dafb\", \"aedaa82\", \"a75d7ad\", \"125a3a9\",\n \"b859653\", \"429ad0d\", \"1959b49\", \"670bb9d\", \"270b9f8\", \"50ee10e\",\n \"e5da3cc\", \"982d477\", \"ca71eb3\", \"c7dab25\", \"ca97409\", \"a4bca7c\",\n \"fe5bbfd\", \"cb99078\", \"e1bcfb1\", \"2d37e90\", \"c427a81\", \"125e4d4\",\n \"9e6b2dd\", \"52d8380\", \"5026eb5\", \"e5ec23e\", \"79d2d5c\", \"b7d2c0f\",\n \"d584144\", \"d721af1\", \"72808a8\", \"173eb93\", \"d29cb49\", \"98cefcc\",\n \"e91a24c\", \"de1318b\", \"4057c6e\", \"834ea87\", \"efd2ff9\", \"19ad7c0\",\n \"1780c26\", \"8f6d1f9\", \"957dc0e\", \"12b1425\", \"a782d9d\");\n\nfixes['4.9']['fixed_ver'] = '4.9.1';\nfixes['4.9']['fixed_ver_display'] = '4.9.1-pre (changeset 4698106)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"f4f02f1\", \"0fada05\",\n \"ab4eb6c\", \"b29ecc7\", \"a11d14b\", \"107401e\", \"1b7834a\");\n\n# XSA-228\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset f974d32)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.4';\nfixes['4.7']['fixed_ver_display'] = '4.7.4-pre (changeset c362cde)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"fece08a\");\n\nfixes['4.8']['fixed_ver'] = '4.8.2';\nfixes['4.8']['fixed_ver_display'] = '4.8.2-pre (changeset 877591c)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"460cd3b\", \"1e6c88f\",\n \"55cf609\", \"079550e\", \"f6f543f\", \"a332ac1\", \"1a147b5\", \"8652908\",\n \"1e40f87\", \"7dd85eb\", \"24809e0\", \"8d3dafb\", \"aedaa82\", \"a75d7ad\",\n \"125a3a9\", \"b859653\", \"429ad0d\", \"1959b49\", \"670bb9d\", \"270b9f8\",\n \"50ee10e\", \"e5da3cc\", \"982d477\", \"ca71eb3\", \"c7dab25\", \"ca97409\",\n \"a4bca7c\", \"fe5bbfd\", \"cb99078\", \"e1bcfb1\", \"2d37e90\", \"c427a81\",\n \"125e4d4\", \"9e6b2dd\", \"52d8380\", \"5026eb5\", \"e5ec23e\", \"79d2d5c\",\n \"b7d2c0f\", \"d584144\", \"d721af1\", \"72808a8\", \"173eb93\", \"d29cb49\",\n \"98cefcc\", \"e91a24c\", \"de1318b\", \"4057c6e\", \"834ea87\", \"efd2ff9\",\n \"19ad7c0\", \"1780c26\", \"8f6d1f9\", \"957dc0e\", \"12b1425\", \"a782d9d\");\n\nfixes['4.9']['fixed_ver'] = '4.9.1';\nfixes['4.9']['fixed_ver_display'] = '4.9.1-pre (changeset 266fc0e)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"4698106\", \"f4f02f1\",\n \"0fada05\", \"ab4eb6c\", \"b29ecc7\", \"a11d14b\", \"107401e\", \"1b7834a\");\n\n# XSA-230\nfixes['4.5']['fixed_ver'] = '4.5.5';\nfixes['4.5']['fixed_ver_display'] = '4.5.5 (changeset d38489d)';\nfixes['4.5']['affected_ver_regex'] = '^4\\\\.5\\\\.';\nfixes['4.5']['affected_changesets'] = make_list(\"df59014\", \"3217129\",\n \"4964e86\", \"c079597\", \"6ec173b\", \"a373456\", \"0780e81\", \"e5ef76d\",\n \"25eaa86\", \"ae02360\", \"5597df9\", \"c5de05e\", \"773094e\", \"e39a248\",\n \"7b3712a\", \"be35327\", \"8825df1\", \"d7e3725\", \"6eb61e4\", \"b1fcfed\",\n \"5779d6a\", \"afdd77e\", \"c18367a\", \"7b7fd80\", \"b30e165\", \"62ef9b2\",\n \"8071724\", \"235b5d5\", \"a28b99d\", \"ff294fc\", \"bc01e2d\", \"da50922\",\n \"386cc94\", \"139960f\", \"ec3ddd6\", \"988929a\", \"1c48dff\", \"20d4248\",\n \"9610422\", \"cd76cd3\", \"455fd66\", \"b820c31\", \"ac3d8bc\", \"cde86fc\",\n \"1678521\", \"83cb2db\", \"43d06ef\", \"2b17bf4\", \"1a2bda5\", \"0bd7faf\",\n \"e3426e2\", \"37281bc\", \"27be856\", \"bdf3ef1\", \"cc325c0\", \"8e7b84d\",\n \"387b8ae\", \"34fbae7\", \"1530da2\", \"274a1f6\", \"b679cfa\", \"877b760\",\n \"cfe165d\", \"84e4e56\", \"e4ae4b0\");\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 5ae011e)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"f974d32\", \"3300ad3\",\n \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.4';\nfixes['4.7']['fixed_ver_display'] = '4.7.4-pre (changeset 8aebf85)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"c362cde\", \"fece08a\");\n\nfixes['4.8']['fixed_ver'] = '4.8.2';\nfixes['4.8']['fixed_ver_display'] = '4.8.2-pre (changeset f5211ce)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"877591c\", \"460cd3b\",\n \"1e6c88f\", \"55cf609\", \"079550e\", \"f6f543f\", \"a332ac1\", \"1a147b5\",\n \"8652908\", \"1e40f87\", \"7dd85eb\", \"24809e0\", \"8d3dafb\", \"aedaa82\",\n \"a75d7ad\", \"125a3a9\", \"b859653\", \"429ad0d\", \"1959b49\", \"670bb9d\",\n \"270b9f8\", \"50ee10e\", \"e5da3cc\", \"982d477\", \"ca71eb3\", \"c7dab25\",\n \"ca97409\", \"a4bca7c\", \"fe5bbfd\", \"cb99078\", \"e1bcfb1\", \"2d37e90\",\n \"c427a81\", \"125e4d4\", \"9e6b2dd\", \"52d8380\", \"5026eb5\", \"e5ec23e\",\n \"79d2d5c\", \"b7d2c0f\", \"d584144\", \"d721af1\", \"72808a8\", \"173eb93\",\n \"d29cb49\", \"98cefcc\", \"e91a24c\", \"de1318b\", \"4057c6e\", \"834ea87\",\n \"efd2ff9\", \"19ad7c0\", \"1780c26\", \"8f6d1f9\", \"957dc0e\", \"12b1425\", \"a782d9d\");\n\nfixes['4.9']['fixed_ver'] = '4.9.1';\nfixes['4.9']['fixed_ver_display'] = '4.9.1-pre (changeset afc5ebf)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"266fc0e\", \"4698106\",\n \"f4f02f1\", \"0fada05\", \"ab4eb6c\", \"b29ecc7\", \"a11d14b\", \"107401e\", \"1b7834a\");\n\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path);\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:52", "description": "The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities as noted in the CTX225941 advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "Citrix XenServer Multiple Vulnerabilities (CTX225941)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12134", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2020-04-30T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX225941.NASL", "href": "https://www.tenable.com/plugins/nessus/102526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102526);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/30\");\n\n script_cve_id(\n \"CVE-2017-12134\",\n \"CVE-2017-12135\",\n \"CVE-2017-12136\",\n \"CVE-2017-12137\",\n \"CVE-2017-12855\"\n );\n script_bugtraq_id(\n 100343,\n 100344,\n 100346,\n 100341,\n 100342\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX225941)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer installed on the remote host is\nmissing a security hotfix. It is, therefore, affected by multiple\nvulnerabilities as noted in the CTX225941 advisory.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX225941\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12134\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2017/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\n# two hotfixes for each series\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC047\"; # CTX226371\n if (fix >!< patches) vuln = TRUE;\n\n}\nelse if (version =~ \"^6\\.2\\.0\")\n{\n fix = \"XS62ESP1063\"; # CTX226372\n if (fix >!< patches) vuln = TRUE;\n\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1059 and XS65ESP1060\"; # CTX226373 and CTX226376\n if (\"XS65ESP1059\" >!< patches && \"XS65ESP1060\" >!< patches) vuln = TRUE;\n\n}\nelse if (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix = \"XS70E039 and XS70E040\"; # CTX226374 and CTX226377\n if (\"XS70E039\" >!< patches && \"XS70E040\" >!< patches) vuln = TRUE;\n\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71E013 and XS71E014\"; # CTX226298 and CTX226299\n if (\"XS71E013\" >!< patches && \"XS71E014\" >!< patches && \"XS71ECU\" >!< patches) vuln = TRUE;\n\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E004 and XS72E005\"; # CTX226375 and CTX226375\n if (\"XS72E004\" >!< patches && \"XS72E005\" >!< patches) vuln = TRUE;\n\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:18", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - From: Jan Beulich Subject: gnttab: correct pin status fixup for copy Regardless of copy operations only setting GNTPIN_hst*, GNTPIN_dev* also need to be taken into account when deciding whether to clear\n _GTF_[read,writ]ing. At least for consistency with code elsewhere the read part better doesn't use any mask at all. This is XSA-230. (CVE-2017-12855)\n\n - From: Andrew Cooper Subject: grant_table: Default to v1, and disallow transitive grants The reference counting and locking discipline for transitive grants is broken.\n Their use is therefore declared out of security support.\n This is XSA-226. Transitive grants are expected to be unconditionally available with grant table v2. Hiding transitive grants alone is an ABI breakage for the guest. Modern versions of Linux and the Windows PV drivers use grant table v1, but older versions did use v2. In principle, disabling gnttab v2 entirely is the safer way to cause guests to avoid using transitive grants. However, some older guests which defaulted to using gnttab v2 don't tolerate falling back from v2 to v1 over migrate. This patch introduces a new command line option to control grant table behaviour. One suboption allows a choice of the maximum grant table version Xen will allow the guest to use, and defaults to v2. A different suboption independently controls whether transitive grants can be used. The default case is:\n gnttab=max_ver:2 To disable gnttab v2 entirely, use:\n gnttab=max_ver:1 To allow gnttab v2 and transitive grants, use: gnttab=max_ver:2,transitive\n\n Conflict: docs/misc/xen-command-line.markdown (CVE-2017-12135)\n\n - Revert wrong fix for xsa226 [bug 26567225]\n\n - From 3aab881c7331cf93ffd8d2f2dd9adfd18ed4fc99 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Tue, 20 Jun 2017 19:18:54 +0100 Subject: [PATCH] x86/grant: Disallow misaligned PTEs Pagetable entries must be aligned to function correctly. Disallow attempts from the guest to have a grant PTE created at a misaligned address, which would result in corruption of the L1 table with largely-guest-controlled values. This is XSA-227 (CVE-2017-12137)\n\n - Prerequisite patch for xsa227-4.5.patch There is no macro ASSERT_UNREACHABLE before OVM3.4 which is needed by xsa227-4.5.patch This chunk is picked from upstream commit cacdb0faaa121ac8f792d5bd34cc6bc7c72d21da (CVE-2017-12137)\n\n - From: Jan Beulich Subject: gnttab: don't use possibly unbounded tail calls There is no guarantee that the compiler would actually translate them to branches instead of calls, so only ones with a known recursion limit are okay :\n\n - __release_grant_for_copy can call itself only once, as\n __acquire_grant_for_copy won't permit use of multi-level transitive grants,\n\n - __acquire_grant_for_copy is fine to call itself with the last argument false, as that prevents further recursion,\n\n - __acquire_grant_for_copy must not call itself to recover from an observed change to the active entry's pin count This is XSA-226. (CVE-2017-12135)\n\n - From 69549b08eb9bd3a525c07a97d952673a3d02c76a Mon Sep 17 00:00:00 2001 From: Annie Li Date: Fri, 7 Jul 2017 14:36:08 -0400 Subject: [PATCH] xen: increase default max grant frames and max maptrack frames Commit 9dfba034e increase default max grant frames to 128 which is still not enough when the guest has more cpus and vbd/vif devices, so set it to 256. Also the default max maptrack frames needs to be increased accordingly.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : xen (OVMSA-2017-0148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0148.NASL", "href": "https://www.tenable.com/plugins/nessus/102906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0148.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102906);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"OracleVM 3.3 : xen (OVMSA-2017-0148)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - From: Jan Beulich Subject: gnttab: correct pin status\n fixup for copy Regardless of copy operations only\n setting GNTPIN_hst*, GNTPIN_dev* also need to be taken\n into account when deciding whether to clear\n _GTF_[read,writ]ing. At least for consistency with code\n elsewhere the read part better doesn't use any mask at\n all. This is XSA-230. (CVE-2017-12855)\n\n - From: Andrew Cooper Subject: grant_table: Default to v1,\n and disallow transitive grants The reference counting\n and locking discipline for transitive grants is broken.\n Their use is therefore declared out of security support.\n This is XSA-226. Transitive grants are expected to be\n unconditionally available with grant table v2. Hiding\n transitive grants alone is an ABI breakage for the\n guest. Modern versions of Linux and the Windows PV\n drivers use grant table v1, but older versions did use\n v2. In principle, disabling gnttab v2 entirely is the\n safer way to cause guests to avoid using transitive\n grants. However, some older guests which defaulted to\n using gnttab v2 don't tolerate falling back from v2 to\n v1 over migrate. This patch introduces a new command\n line option to control grant table behaviour. One\n suboption allows a choice of the maximum grant table\n version Xen will allow the guest to use, and defaults to\n v2. A different suboption independently controls whether\n transitive grants can be used. The default case is:\n gnttab=max_ver:2 To disable gnttab v2 entirely, use:\n gnttab=max_ver:1 To allow gnttab v2 and transitive\n grants, use: gnttab=max_ver:2,transitive\n\n Conflict: docs/misc/xen-command-line.markdown\n (CVE-2017-12135)\n\n - Revert wrong fix for xsa226 [bug 26567225]\n\n - From 3aab881c7331cf93ffd8d2f2dd9adfd18ed4fc99 Mon Sep 17\n 00:00:00 2001 From: Andrew Cooper Date: Tue, 20 Jun 2017\n 19:18:54 +0100 Subject: [PATCH] x86/grant: Disallow\n misaligned PTEs Pagetable entries must be aligned to\n function correctly. Disallow attempts from the guest to\n have a grant PTE created at a misaligned address, which\n would result in corruption of the L1 table with\n largely-guest-controlled values. This is XSA-227\n (CVE-2017-12137)\n\n - Prerequisite patch for xsa227-4.5.patch There is no\n macro ASSERT_UNREACHABLE before OVM3.4 which is needed\n by xsa227-4.5.patch This chunk is picked from upstream\n commit cacdb0faaa121ac8f792d5bd34cc6bc7c72d21da\n (CVE-2017-12137)\n\n - From: Jan Beulich Subject: gnttab: don't use possibly\n unbounded tail calls There is no guarantee that the\n compiler would actually translate them to branches\n instead of calls, so only ones with a known recursion\n limit are okay :\n\n - __release_grant_for_copy can call itself only once, as\n __acquire_grant_for_copy won't permit use of multi-level\n transitive grants,\n\n - __acquire_grant_for_copy is fine to call itself with the\n last argument false, as that prevents further recursion,\n\n - __acquire_grant_for_copy must not call itself to recover\n from an observed change to the active entry's pin count\n This is XSA-226. (CVE-2017-12135)\n\n - From 69549b08eb9bd3a525c07a97d952673a3d02c76a Mon Sep 17\n 00:00:00 2001 From: Annie Li Date: Fri, 7 Jul 2017\n 14:36:08 -0400 Subject: [PATCH] xen: increase default\n max grant frames and max maptrack frames Commit\n 9dfba034e increase default max grant frames to 128 which\n is still not enough when the guest has more cpus and\n vbd/vif devices, so set it to 256. Also the default max\n maptrack frames needs to be increased accordingly.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000774.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4f463c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-4.3.0-55.el6.186.45\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-tools-4.3.0-55.el6.186.45\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:18", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: [PATCH] gnttab: don't use domain lock for serialization Instead use the affected domain's grant table lock, at once reducing the scopes during which locks are being held and hence allowing significantly better parallelism.\n\n Committed-by: Keir Fraser Conflict:\n xen/common/grant_table.c xen/arch/x86/mm.c\n\n - From: Jan Beulich Subject: gnttab: correct pin status fixup for copy Regardless of copy operations only setting GNTPIN_hst*, GNTPIN_dev* also need to be taken into account when deciding whether to clear\n _GTF_[read,writ]ing. At least for consistency with code elsewhere the read part better doesn't use any mask at all. This is XSA-230. (CVE-2017-12855)\n\n - From 3aab881c7331cf93ffd8d2f2dd9adfd18ed4fc99 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Tue, 20 Jun 2017 19:18:54 +0100 Subject: [PATCH] x86/grant: Disallow misaligned PTEs Pagetable entries must be aligned to function correctly. Disallow attempts from the guest to have a grant PTE created at a misaligned address, which would result in corruption of the L1 table with largely-guest-controlled values. This is XSA-227 (CVE-2017-12137)\n\n - Prerequisite patch for xsa227-4.5.patch There is no macro ASSERT_UNREACHABLE before OVM3.4 which is needed by xsa227-4.5.patch This chunk is picked from upstream commit cacdb0faaa121ac8f792d5bd34cc6bc7c72d21da (CVE-2017-12137)\n\n - From: Andrew Cooper Subject: grant_table: Default to v1, and disallow transitive grants The reference counting and locking discipline for transitive grants is broken.\n Their use is therefore declared out of security support.\n This is XSA-226. Transitive grants are expected to be unconditionally available with grant table v2. Hiding transitive grants alone is an ABI breakage for the guest. Modern versions of Linux and the Windows PV drivers use grant table v1, but older versions did use v2. In principle, disabling gnttab v2 entirely is the safer way to cause guests to avoid using transitive grants. However, some older guests which defaulted to using gnttab v2 don't tolerate falling back from v2 to v1 over migrate. This patch introduces a new command line option to control grant table behaviour. One suboption allows a choice of the maximum grant table version Xen will allow the guest to use, and defaults to v2. A different suboption independently controls whether transitive grants can be used. The default case is:\n gnttab=max_ver:2 To disable gnttab v2 entirely, use:\n gnttab=max_ver:1 To allow gnttab v2 and transitive grants, use: gnttab=max_ver:2,transitive\n\n Ignore the chunk for docs/misc/xen-command-line.markdown as no such file for OVM3.2 (CVE-2017-12135)\n\n - From 8aed1f12c4c087c5b31cbee8636b3d2d25efb363 Mon Sep 17 00:00:00 2001 From: Andres Lagar-Cavilla Date: Wed, 22 Aug 2012 22:27:50 +0100 Subject: [PATCH] Fix shared entry status for grant copy operation on paged-out g fn The unwind path was not clearing the shared entry status bits. This was BSOD-ing guests on network activity under certain configurations. Also: * sed the fixup method name to signal it's related to grant copy. * use atomic clear flag ops during fixup.\n\n Committed-by: Keir Fraser Conflict:\n xen/common/grant_table.c Prerequisite patch for XSA-226 fix (CVE-2017-12135)\n\n - From 69549b08eb9bd3a525c07a97d952673a3d02c76a Mon Sep 17 00:00:00 2001 From: Annie Li Date: Fri, 7 Jul 2017 14:36:08 -0400 Subject: [PATCH] xen: increase default max grant frames and max maptrack frames Commit 9dfba034e increase default max grant frames to 128 which is still not enough when the guest has more cpus and vbd/vif devices, so set it to 256. Also the default max maptrack frames needs to be increased accordingly.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : xen (OVMSA-2017-0149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2017-0149.NASL", "href": "https://www.tenable.com/plugins/nessus/102907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0149.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102907);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"OracleVM 3.2 : xen (OVMSA-2017-0149)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17\n 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012\n 09:22:17 +0100 Subject: [PATCH] gnttab: don't use domain\n lock for serialization Instead use the affected domain's\n grant table lock, at once reducing the scopes during\n which locks are being held and hence allowing\n significantly better parallelism.\n\n Committed-by: Keir Fraser Conflict:\n xen/common/grant_table.c xen/arch/x86/mm.c\n\n - From: Jan Beulich Subject: gnttab: correct pin status\n fixup for copy Regardless of copy operations only\n setting GNTPIN_hst*, GNTPIN_dev* also need to be taken\n into account when deciding whether to clear\n _GTF_[read,writ]ing. At least for consistency with code\n elsewhere the read part better doesn't use any mask at\n all. This is XSA-230. (CVE-2017-12855)\n\n - From 3aab881c7331cf93ffd8d2f2dd9adfd18ed4fc99 Mon Sep 17\n 00:00:00 2001 From: Andrew Cooper Date: Tue, 20 Jun 2017\n 19:18:54 +0100 Subject: [PATCH] x86/grant: Disallow\n misaligned PTEs Pagetable entries must be aligned to\n function correctly. Disallow attempts from the guest to\n have a grant PTE created at a misaligned address, which\n would result in corruption of the L1 table with\n largely-guest-controlled values. This is XSA-227\n (CVE-2017-12137)\n\n - Prerequisite patch for xsa227-4.5.patch There is no\n macro ASSERT_UNREACHABLE before OVM3.4 which is needed\n by xsa227-4.5.patch This chunk is picked from upstream\n commit cacdb0faaa121ac8f792d5bd34cc6bc7c72d21da\n (CVE-2017-12137)\n\n - From: Andrew Cooper Subject: grant_table: Default to v1,\n and disallow transitive grants The reference counting\n and locking discipline for transitive grants is broken.\n Their use is therefore declared out of security support.\n This is XSA-226. Transitive grants are expected to be\n unconditionally available with grant table v2. Hiding\n transitive grants alone is an ABI breakage for the\n guest. Modern versions of Linux and the Windows PV\n drivers use grant table v1, but older versions did use\n v2. In principle, disabling gnttab v2 entirely is the\n safer way to cause guests to avoid using transitive\n grants. However, some older guests which defaulted to\n using gnttab v2 don't tolerate falling back from v2 to\n v1 over migrate. This patch introduces a new command\n line option to control grant table behaviour. One\n suboption allows a choice of the maximum grant table\n version Xen will allow the guest to use, and defaults to\n v2. A different suboption independently controls whether\n transitive grants can be used. The default case is:\n gnttab=max_ver:2 To disable gnttab v2 entirely, use:\n gnttab=max_ver:1 To allow gnttab v2 and transitive\n grants, use: gnttab=max_ver:2,transitive\n\n Ignore the chunk for docs/misc/xen-command-line.markdown\n as no such file for OVM3.2 (CVE-2017-12135)\n\n - From 8aed1f12c4c087c5b31cbee8636b3d2d25efb363 Mon Sep 17\n 00:00:00 2001 From: Andres Lagar-Cavilla Date: Wed, 22\n Aug 2012 22:27:50 +0100 Subject: [PATCH] Fix shared\n entry status for grant copy operation on paged-out g fn\n The unwind path was not clearing the shared entry status\n bits. This was BSOD-ing guests on network activity under\n certain configurations. Also: * sed the fixup method\n name to signal it's related to grant copy. * use atomic\n clear flag ops during fixup.\n\n Committed-by: Keir Fraser Conflict:\n xen/common/grant_table.c Prerequisite patch for XSA-226\n fix (CVE-2017-12135)\n\n - From 69549b08eb9bd3a525c07a97d952673a3d02c76a Mon Sep 17\n 00:00:00 2001 From: Annie Li Date: Fri, 7 Jul 2017\n 14:36:08 -0400 Subject: [PATCH] xen: increase default\n max grant frames and max maptrack frames Commit\n 9dfba034e increase default max grant frames to 128 which\n is still not enough when the guest has more cpus and\n vbd/vif devices, so set it to 256. Also the default max\n maptrack frames needs to be increased accordingly.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000775.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f5b6d94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-4.1.3-25.el5.223.82\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-devel-4.1.3-25.el5.223.82\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-tools-4.1.3-25.el5.223.82\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:22", "description": "This update for xen fixes the following issues :\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686).\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12855"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102954);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n\n script_name(english:\"SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230, bsc#1052686).\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue\n function in exec.c allowed local guest OS privileged\n users to cause a denial of service (out-of-bounds access\n and guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172339-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9990d583\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-xen-13259=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-xen-13259=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-xen-13259=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.105-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-libs-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-tools-domU-4.2.5_21-45.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.105-45.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:24", "description": "full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio:\nhost memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-28T00:00:00", "type": "nessus", "title": "Fedora 26 : xen (2017-b8fa8e1a13)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8309", "CVE-2017-8379"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-B8FA8E1A13.NASL", "href": "https://www.tenable.com/plugins/nessus/102796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b8fa8e1a13.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102796);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8309\", \"CVE-2017-8379\");\n script_xref(name:\"FEDORA\", value:\"2017-b8fa8e1a13\");\n\n script_name(english:\"Fedora 26 : xen (2017-b8fa8e1a13)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"full fix for XSA-226, replacing workaround drop conflict of xendomain\nand libvirtd as can cause problems (#1398590) add-to-physmap error\npaths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio:\nhost memory leakage via capture buffer [CVE-2017-8309] (#1446521)\nQemu: input: host memory leakage via keyboard events [CVE-2017-8379]\n(#1446561)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8fa8e1a13\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-7.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:36:04", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1742-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8309", "CVE-2017-9330"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1742-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1742-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101202);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8309\", \"CVE-2017-9330\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1742-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for\n informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their\n privileges to the privileges that XEN runs under\n (XSA-219, bsc#1042915)\n\n - Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n\n - Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate\n privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts\n allowing malicious guests to escape (XSA-224,\n bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171742-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6a7e843\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1087=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1087=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1087=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_06-42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.2_06-42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:35", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).\n\n - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675).\n\n - bsc#1052686: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:2319-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12137"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2319-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2319-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102913);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12137\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:2319-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-11334: The address_space_write_continue\n function in exec.c allowed local guest OS privileged\n users to cause a denial of service (out-of-bounds access\n and guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048920).\n\n - CVE-2017-10806: Stack-based buffer overflow in\n hw/usb/redirect.c allowed local guest OS users to cause\n a denial of service via vectors related to logging debug\n messages (bsc#1047675).\n\n - bsc#1052686: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172319-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92c38f46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1428=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1428=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1428=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.5.5_14-22.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.5.5_14-22.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-29T01:10:02", "description": "Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-7377, CVE-2017-8086)\n\nJiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7718)\n\nLi Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-7980)\n\nJiang Xin discovered that QEMU incorrectly handled the audio subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-8309)\n\nJiang Xin discovered that QEMU incorrectly handled the input subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04.\n(CVE-2017-8379).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : qemu vulnerabilities (USN-3289-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7377", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8309", "CVE-2017-8379"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:qemu-system", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3289-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100250", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3289-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100250);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-7377\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8309\", \"CVE-2017-8379\");\n script_xref(name:\"USN\", value:\"3289-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : qemu vulnerabilities (USN-3289-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Li Qiang discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-7377, CVE-2017-8086)\n\nJiangxin discovered that QEMU incorrectly handled the Cirrus VGA\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-7718)\n\nLi Qiang and Jiangxin discovered that QEMU incorrectly handled the\nCirrus VGA device when being used with a VNC connection. A privileged\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service, or possibly execute arbitrary code\non the host. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-7980)\n\nJiang Xin discovered that QEMU incorrectly handled the audio\nsubsystem. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-8309)\n\nJiang Xin discovered that QEMU incorrectly handled the input\nsubsystem. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04.\n(CVE-2017-8379).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3289-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-arm\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-mips\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-misc\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-ppc\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-sparc\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-x86\", pkgver:\"2.0.0+dfsg-2ubuntu1.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.8+dfsg-3ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-system / qemu-system-aarch64 / qemu-system-arm / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:36:12", "description": "This update for xen fixes the following security issues :\n\n - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : xen (SUSE-SU-2017:1715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8309", "CVE-2017-8905", "CVE-2017-9330"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-1715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1715-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101142);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\");\n\n script_name(english:\"SUSE SLES11 Security Update : xen (SUSE-SU-2017:1715-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following security issues :\n\n - blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from\n the host or other guests (XSA-216, bsc#1042863)\n\n - Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for\n informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their\n privileges to the privileges that XEN runs under\n (XSA-219, bsc#1042915)\n\n - Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate\n privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts\n allowing malicious guests to escape (XSA-224,\n bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171715-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba966bbf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-xen-13181=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-xen-13181=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-xen-13181=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-libs-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-tools-domU-4.2.5_21-44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:23", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686).\n\n - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278)\n\n - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281).\n\n - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14319"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2450-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2450-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103216);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14319\");\n\n script_name(english:\"SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue\n function in exec.c allowed local guest OS privileged\n users to cause a denial of service (out-of-bounds access\n and guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10806: Stack-based buffer overflow in\n hw/usb/redirect.c allowed local guest OS users to cause\n a denial of service via vectors related to logging debug\n messages (bsc#1047675).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230, bsc#1052686).\n\n - CVE-2017-14316: Missing bound check in function\n `alloc_heap_pages` for an internal array allowed\n attackers using crafted hypercalls to execute arbitrary\n code within Xen (XSA-231, bsc#1056278)\n\n - CVE-2017-14317: A race in cxenstored may have cause a\n double-free allowind for DoS of the xenstored daemon\n (XSA-233, bsc#1056281).\n\n - CVE-2017-14319: An error while handling grant mappings\n allowed malicious or buggy x86 PV guest to escalate its\n privileges or crash the hypervisor (XSA-234,\n bsc#1056282).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14319/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172450-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70bea784\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-xen-13281=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-xen-13281=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-xen-13281=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_22_3.0.101_108.7-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.4.4_22_3.0.101_108.7-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-kmp-default-4.4.4_22_3.0.101_108.7-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-libs-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-tools-domU-4.4.4_22-61.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-kmp-pae-4.4.4_22_3.0.101_108.7-61.9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:23", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).\n\n - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686).\n\n - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278)\n\n - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281).\n\n - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12135", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14319"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2541-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103412);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14319\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-12135: Unbounded recursion in grant table code\n allowed a malicious guest to crash the host or\n potentially escalate privileges/leak information\n (XSA-226, bsc#1051787).\n\n - CVE-2017-12137: Incorrectly-aligned updates to\n pagetables allowed for privilege escalation (XSA-227,\n bsc#1051788).\n\n - CVE-2017-11334: The address_space_write_continue\n function in exec.c allowed local guest OS privileged\n users to cause a denial of service (out-of-bounds access\n and guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048920).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049578).\n\n - CVE-2017-10806: Stack-based buffer overflow in\n hw/usb/redirect.c allowed local guest OS users to cause\n a denial of service via vectors related to logging debug\n messages (bsc#1047675).\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046637).\n\n - CVE-2017-12855: Premature clearing of GTF_writing /\n GTF_reading lead to potentially leaking sensitive\n information (XSA-230, bsc#1052686).\n\n - CVE-2017-14316: Missing bound check in function\n `alloc_heap_pages` for an internal array allowed\n attackers using crafted hypercalls to execute arbitrary\n code within Xen (XSA-231, bsc#1056278)\n\n - CVE-2017-14317: A race in cxenstored may have cause a\n double-free allowind for DoS of the xenstored daemon\n (XSA-233, bsc#1056281).\n\n - CVE-2017-14319: An error while handling grant mappings\n allowed malicious or buggy x86 PV guest to escalate its\n privileges or crash the hypervisor (XSA-234,\n bsc#1056282).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14319/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172541-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83112b17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1576=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1576=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_22_k3.12.61_52.89-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_22_k3.12.61_52.89-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_22-22.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.4.4_22-22.51.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:34", "description": "Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick Emulator(Qemu).\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img.\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-1071-1 : qemu-kvm security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11434", "CVE-2017-6505", "CVE-2017-8309"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:kvm", "p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:qemu-kvm-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/102805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1071-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102805);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-6505\", \"CVE-2017-8309\");\n\n script_name(english:\"Debian DLA-1071-1 : qemu-kvm security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86\nguests based on the Quick Emulator(Qemu).\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img.\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected kvm, qemu-kvm, and qemu-kvm-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:20", "description": "Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems :\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-1070-1 : qemu security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11434", "CVE-2017-6505", "CVE-2017-8309"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-keymaps", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-user", "p-cpe:/a:debian:debian_linux:qemu-user-static", "p-cpe:/a:debian:debian_linux:qemu-utils", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1070.NASL", "href": "https://www.tenable.com/plugins/nessus/102804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1070-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102804);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11434\", \"CVE-2017-6505\", \"CVE-2017-8309\");\n\n script_name(english:\"Debian DLA-1070-1 : qemu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\nCVE-2017-6505\n\nDenial of service via infinite loop in the USB OHCI emulation\n\nCVE-2017-8309\n\nDenial of service via VNC audio capture\n\nCVE-2017-10664\n\nDenial of service in qemu-nbd server, qemu-io and qemu-img\n\nCVE-2017-11434\n\nDenial of service via a crafted DHCP options string\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u23.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-keymaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:30", "description": "Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "Fedora 26 : xen (2017-b7f1197c23)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11334", "CVE-2017-9330", "CVE-2017-9524"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-B7F1197C23.NASL", "href": "https://www.tenable.com/plugins/nessus/102938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b7f1197c23.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102938);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11334\", \"CVE-2017-9330\", \"CVE-2017-9524\");\n script_xref(name:\"FEDORA\", value:\"2017-b7f1197c23\");\n\n script_name(english:\"Fedora 26 : xen (2017-b7f1197c23)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu: usb: ohci: infinite loop due to incorrect return value\n[CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client\nnon-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server\nbreaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466)\nQemu: exec: oob access during dma operation [CVE-2017-11334]\n(#1471640) revised full fix for XSA-226 (regressed 32-bit Dom0 or\nbackend domains)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b7f1197c23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-8.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:19", "description": "Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : xen (2017-908f063bb6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-11334", "CVE-2017-9330", "CVE-2017-9524"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-908F063BB6.NASL", "href": "https://www.tenable.com/plugins/nessus/105929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-908f063bb6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105929);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-11334\", \"CVE-2017-9330\", \"CVE-2017-9524\");\n script_xref(name:\"FEDORA\", value:\"2017-908f063bb6\");\n\n script_name(english:\"Fedora 27 : xen (2017-908f063bb6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu: usb: ohci: infinite loop due to incorrect return value\n[CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client\nnon-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server\nbreaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466)\nQemu: exec: oob access during dma operation [CVE-2017-11334]\n(#1471640) revised full fix for XSA-226 (regressed 32-bit Dom0 or\nbackend domains)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-908f063bb6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.0-9.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:46", "description": "- CVE-2017-7718: cirrus: OOB read access issue (bz #1443443)\n\n - CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040)\n\n - CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872)\n\n - CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372)\n\n - CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622)\n\n - CVE-2017-8309: audio: host memory lekage via capture buffer (bz #1446520)\n\n - CVE-2017-8379: input: host memory lekage via keyboard events (bz #1446560)\n\n - CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write (bz #1446578)\n\n - CVE-2017-9060: virtio-gpu: host memory leakage in Virtio GPU device (bz #1452598)\n\n - CVE-2017-9310: net: infinite loop in e1000e NIC emulation (bz #1452623)\n\n - CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value (bz #1457699)\n\n - CVE-2017-9374: usb: ehci host memory leakage during hotunplug (bz #1459137)\n\n - CVE-2017-10806: usb-redirect: stack-based buffer overflow in debug logging (bz #1468497)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Fedora 25 : 2:qemu (2017-f941184db1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-10806", "CVE-2017-7377", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9060", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9374"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:qemu", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-F941184DB1.NASL", "href": "https://www.tenable.com/plugins/nessus/102008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f941184db1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102008);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-10806\", \"CVE-2017-7377\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9374\");\n script_xref(name:\"FEDORA\", value:\"2017-f941184db1\");\n\n script_name(english:\"Fedora 25 : 2:qemu (2017-f941184db1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2017-7718: cirrus: OOB read access issue (bz\n #1443443)\n\n - CVE-2016-9603: cirrus: heap buffer overflow via vnc\n connection (bz #1432040)\n\n - CVE-2017-7377: 9pfs: fix file descriptor leak (bz\n #1437872)\n\n - CVE-2017-7980: cirrus: OOB r/w access issues in bitblt\n (bz #1444372)\n\n - CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2\n (bz #1445622)\n\n - CVE-2017-8309: audio: host memory lekage via capture\n buffer (bz #1446520)\n\n - CVE-2017-8379: input: host memory lekage via keyboard\n events (bz #1446560)\n\n - CVE-2017-8380: scsi: megasas: out-of-bounds read in\n megasas_mmio_write (bz #1446578)\n\n - CVE-2017-9060: virtio-gpu: host memory leakage in Virtio\n GPU device (bz #1452598)\n\n - CVE-2017-9310: net: infinite loop in e1000e NIC\n emulation (bz #1452623)\n\n - CVE-2017-9330: usb: ohci: infinite loop due to incorrect\n return value (bz #1457699)\n\n - CVE-2017-9374: usb: ehci host memory leakage during\n hotunplug (bz #1459137)\n\n - CVE-2017-10806: usb-redirect: stack-based buffer\n overflow in debug logging (bz #1468497)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f941184db1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"qemu-2.7.1-7.fc25\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:31", "description": "The remote host is affected by the vulnerability described in GLSA-201706-03 (QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker might cause a Denial of Service or gain escalated privileges from a guest VM.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-06-06T00:00:00", "type": "nessus", "title": "GLSA-201706-03 : QEMU: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-7377", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9060", "CVE-2017-9310", "CVE-2017-9330"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:qemu", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201706-03.NASL", "href": "https://www.tenable.com/plugins/nessus/100630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201706-03.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100630);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-7377\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\");\n script_xref(name:\"GLSA\", value:\"201706-03\");\n\n script_name(english:\"GLSA-201706-03 : QEMU: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201706-03\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker might cause a Denial of Service or gain escalated\n privileges from a guest VM.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201706-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QEMU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.9.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu\", unaffected:make_list(\"ge 2.9.0-r2\"), vulnerable:make_list(\"lt 2.9.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QEMU\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:30", "description": "An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* When using post-copy migration with the virtio Random Number Generator (RNG) device, virtio-rng continued generating data while the migration was already in post-copy mode. Consequently, the migration sometimes failed and the error message 'Failed to load virtio-rng:virtio' was displayed. The source code has been improved and the problem no longer occurs in the scenario described.\n(BZ#1450375)", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-16T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:1431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-1431.NASL", "href": "https://www.tenable.com/plugins/nessus/100833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1431. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100833);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-7718\");\n script_xref(name:\"RHSA\", value:\"2017:1431\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:1431)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor\nand Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA\ndata using bitblt functions (for example,\ncirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could\nuse this flaw to crash the QEMU process, resulting in denial of\nservice. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc.) for reporting\nCVE-2017-7718.\n\nBug Fix(es) :\n\n* When using post-copy migration with the virtio Random Number\nGenerator (RNG) device, virtio-rng continued generating data while the\nmigration was already in post-copy mode. Consequently, the migration\nsometimes failed and the error message 'Failed to load\nvirtio-rng:virtio' was displayed. The source code has been improved\nand the problem no longer occurs in the scenario described.\n(BZ#1450375)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7718\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1431\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.6.0-28.el7_3.10\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.6.0-28.el7_3.10\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.6.0-28.el7_3.10\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.10\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.6.0-28.el7_3.10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:51", "description": "From Red Hat Security Advisory 2017:2445 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2017-2445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2445.NASL", "href": "https://www.tenable.com/plugins/nessus/102347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2445 and \n# Oracle Linux Security Advisory ELSA-2017-2445 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102347);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-10664\");\n script_xref(name:\"RHSA\", value:\"2017:2445\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2017-2445)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2445 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD)\nServer support is vulnerable to a crash via a SIGPIPE signal. The\ncrash can occur if a client aborts a connection due to any failure\nduring negotiation or read operation. A remote user/process could use\nthis flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007117.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:01", "description": "An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:2390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/102157", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2390. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102157);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-10664\");\n script_xref(name:\"RHSA\", value:\"2017:2390\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:2390)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor\nand Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD)\nServer support is vulnerable to a crash via a SIGPIPE signal. The\ncrash can occur if a client aborts a connection due to any failure\nduring negotiation or read operation. A remote user/process could use\nthis flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2390\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:01", "description": "Security Fix(es) :\n\n - Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.\n (CVE-2017-10664)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170815_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102671);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-10664\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Quick Emulator (QEMU) built with the Network Block\n Device (NBD) Server support is vulnerable to a crash via\n a SIGPIPE signal. The crash can occur if a client aborts\n a connection due to any failure during negotiation or\n read operation. A remote user/process could use this\n flaw to crash the qemu-nbd server resulting in a DoS.\n (CVE-2017-10664)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=3130\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c19ff378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:46", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2017:2445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2445.NASL", "href": "https://www.tenable.com/plugins/nessus/102306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2445. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102306);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-10664\");\n script_xref(name:\"RHSA\", value:\"2017:2445\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2017:2445)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD)\nServer support is vulnerable to a crash via a SIGPIPE signal. The\ncrash can occur if a client aborts a connection due to any failure\nduring negotiation or read operation. A remote user/process could use\nthis flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2445\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:34", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : qemu-kvm (CESA-2017:2445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-kvm-common", "p-cpe:/a:centos:centos:qemu-kvm-tools", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2445.NASL", "href": "https://www.tenable.com/plugins/nessus/102763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2445 and \n# CentOS Errata and Security Advisory 2017:2445 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102763);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10664\");\n script_xref(name:\"RHSA\", value:\"2017:2445\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2017:2445)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD)\nServer support is vulnerable to a crash via a SIGPIPE signal. The\ncrash can occur if a client aborts a connection due to any failure\nduring negotiation or read operation. A remote user/process could use\nthis flaw to crash the qemu-nbd server resulting in a DoS.\n(CVE-2017-10664)\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e885e25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10664\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-28T13:52:51", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation.\n\n - CVE-2017-10915 Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation.\n\n - CVE-2017-10916 Andrew Cooper discovered an information leak in the handling of the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch.\n\n - CVE-2017-10917 Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service.\n\n - CVE-2017-10918 Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak.\n\n - CVE-2017-10919 Julien Grall discovered that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation.\n\n - CVE-2017-12135 Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation.\n\n - CVE-2017-12136 Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch.\n\n - CVE-2017-12137 Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation.\n\n - CVE-2017-12855 Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "Debian DSA-3969-1 : xen - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-15596"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3969.NASL", "href": "https://www.tenable.com/plugins/nessus/103146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3969. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103146);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-15596\");\n script_xref(name:\"DSA\", value:\"3969\");\n\n script_name(english:\"Debian DSA-3969-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912\n Jann Horn discovered that incorrectly handling of page\n transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914\n Jann Horn discovered that race conditions in grant\n handling might result in information leaks or privilege\n escalation.\n\n - CVE-2017-10915\n Andrew Cooper discovered that incorrect reference\n counting with shadow paging might result in privilege\n escalation.\n\n - CVE-2017-10916\n Andrew Cooper discovered an information leak in the\n handling of the Memory Protection Extensions (MPX) and\n Protection Key (PKU) CPU features. This only affects\n Debian stretch.\n\n - CVE-2017-10917\n Ankur Arora discovered a NULL pointer dereference in\n event polling, resulting in denial of service.\n\n - CVE-2017-10918\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in\n privilege escalation, denial of service or an\n information leak.\n\n - CVE-2017-10919\n Julien Grall discovered that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect,\n resulting in potential privilege escalation.\n\n - CVE-2017-12135\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of\n service and potentially privilege escalation.\n\n - CVE-2017-12136\n Ian Jackson discovered that race conditions in the\n allocator for grant mappings may result in denial of\n service or privilege escalation. This only affects\n Debian stretch.\n\n - CVE-2017-12137\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\n - CVE-2017-12855\n Jan Beulich discovered that incorrect grant status\n handling, thus incorrectly informing the guest that the\n grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of\n add-to-physmap operations on ARM may result in denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.1-1+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.1-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:03", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n\n - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-05T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : xen (SUSE-SU-2017:1770-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8905", "CVE-2017-9330", "CVE-2017-9374", "CVE-2017-9503"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-1770-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1770-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101224);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n\n script_name(english:\"SUSE SLES11 Security Update : xen (SUSE-SU-2017:1770-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from\n the host or other guests (XSA-216, bsc#1042863)\n\n - Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - Races in the grant table unmap code allowed for\n informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their\n privileges to the privileges that XEN runs under\n (XSA-219, bsc#1042915)\n\n - Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate\n privileges (XSA-222, bsc#1042931)\n\n - Grant table operations mishandled reference counts\n allowing malicious guests to escape (XSA-224,\n bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171770-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aad2bf2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-xen-13193=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-xen-13193=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-xen-13193=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_20_3.0.101_104-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.4.4_20_3.0.101_104-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-kmp-default-4.4.4_20_3.0.101_104-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-libs-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-tools-domU-4.4.4_20-60.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"xen-kmp-pae-4.4.4_20_3.0.101_104-60.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:35:44", "description": "Multiple vulnerabilities were found in qemu, a fast processor emulator :\n\n - CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation.\n\n - CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation.\n\n - CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation.\n\n - CVE-2017-9374 Denial of service via memory leak in USB EHCI emulation.\n\n - CVE-2017-10664 Denial of service in qemu-nbd server.\n\n - CVE-2017-10911 Information leak in Xen blkif response handling.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3920-1 : qemu - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10911", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3920.NASL", "href": "https://www.tenable.com/plugins/nessus/101985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3920. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101985);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\");\n script_xref(name:\"DSA\", value:\"3920\");\n\n script_name(english:\"Debian DSA-3920-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in qemu, a fast processor emulator\n:\n\n - CVE-2017-9310\n Denial of service via infinite loop in e1000e NIC\n emulation.\n\n - CVE-2017-9330\n Denial of service via infinite loop in USB OHCI\n emulation.\n\n - CVE-2017-9373\n Denial of service via memory leak in IDE AHCI emulation.\n\n - CVE-2017-9374\n Denial of service via memory leak in USB EHCI emulation.\n\n - CVE-2017-10664\n Denial of service in qemu-nbd server.\n\n - CVE-2017-10911\n Information leak in Xen blkif response handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3920\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the oldstable distribution (jessie), a separate DSA will be\nissued.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:2.8+dfsg-6+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"qemu\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-block-extra\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-kvm\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-arm\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-common\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-mips\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-misc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-x86\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user-static\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-utils\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:06", "description": "This update for qemu fixes several issues. These security issues were fixed :\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159).\n\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334).\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242).\n\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495).\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075).\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950).\n\n - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311).\n\n - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211).\n\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800).\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073).\n\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801).\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336).\n\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427).\n\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866).\n\n - Fix privilege escalation in TCG mode of QEMU. This is not considered a security issue by the upstream project, but is included as additional hardening (bsc#1030624)\n\n - Fix potential DoS in virtfs\n\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084, bsc#1016503)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081, bsc#1016504)\n\n - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10028", "CVE-2016-10029", "CVE-2016-9602", "CVE-2016-9603", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1774-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1774-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101227);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2017-5579\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042159).\n\n - CVE-2017-8379: Memory leak in the keyboard input event\n handlers support allowed local guest OS privileged users\n to cause a denial of service (host memory consumption)\n by rapidly generating large keyboard events\n (bsc#1037334).\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037242).\n\n - CVE-2017-7493: The VirtFS, host directory sharing via\n Plan 9 File System(9pfs) support, was vulnerable to an\n improper access control issue. It could occur while\n accessing virtfs metadata files in mapped-file security\n mode. A guest user could have used this flaw to escalate\n their privileges inside guest (bsc#1039495).\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate\n functions in hw/9pfs/9p.c allowed local guest OS\n privileged users to cause a denial of service (file\n descriptor or memory consumption) via vectors related to\n an already in-use fid (bsc#1032075).\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr\n function in hw/9pfs/9p-xattr.c allowed local guest OS\n privileged users to cause a denial of service (memory\n consumption) via vectors involving the orig_value\n variable (bsc#1035950).\n\n - CVE-2017-5973: A infinite loop while doing control\n transfer in xhci_kick_epctx allowed privileged user\n inside the guest to crash the host process resulting in\n DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks\n function in hw/sd/sdhci.c allowed local OS guest\n privileged users to cause a denial of service (infinite\n loop and QEMU process crash) via vectors involving the\n transfer mode register during multi block transfer\n (bsc#1025311).\n\n - CVE-2017-6505: The ohci_service_ed_list function in\n hw/usb/hcd-ohci.c allowed local guest OS users to cause\n a denial of service (infinite loop) via vectors\n involving the number of link endpoint list descriptors\n (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the\n Cirrus CLGD 54xx VGA Emulator support allowed privileged\n user inside guest to use this flaw to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code on a host with privileges of Qemu process\n on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036211).\n\n - CVE-2017-9375: The USB xHCI controller emulator support\n was vulnerable to an infinite recursive call loop issue,\n which allowed a privileged user inside guest to crash\n the Qemu process resulting in DoS (bsc#1042800).\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043073).\n\n - CVE-2017-9373: The IDE AHCI Emulation support was\n vulnerable to a host memory leakage issue, which allowed\n a privileged user inside guest to leak host memory\n resulting in DoS (bsc#1042801).\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to an out-of-bounds\n read access issue which allowed a privileged user inside\n guest to read host memory resulting in DoS\n (bsc#1037336).\n\n - CVE-2016-9602: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper link following issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1020427).\n\n - CVE-2017-7471: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper access control issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1034866).\n\n - Fix privilege escalation in TCG mode of QEMU. This is\n not considered a security issue by the upstream project,\n but is included as additional hardening (bsc#1030624)\n\n - Fix potential DoS in virtfs\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084, bsc#1016503)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081, bsc#1016504)\n\n - CVE-2017-5579: The 16550A UART serial device emulation\n support was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043296).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10028/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7493/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7980/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171774-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b04dc985\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1102=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1102=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1102=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-lang-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-kvm-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-kvm-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.6.2-41.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:18", "description": "This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159).\n\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334).\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242).\n\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495).\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075).\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950).\n\n - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311).\n\n - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211).\n\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800).\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073).\n\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801).\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336).\n\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427).\n\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866).\n\n - Fix privilege escalation in TCG mode of QEMU. This is not considered a security issue by the upstream project, but is included as additional hardening (bsc#1030624)\n\n - Fix potential DoS in virtfs\n\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084, bsc#1016503)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081, bsc#1016504)\n\n - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296).\n\nThis non-security issue was fixed :\n\n - Enable MONITOR/MWAIT support for guests (bsc#1031142)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : qemu (openSUSE-2017-822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10028", "CVE-2016-10029", "CVE-2016-9602", "CVE-2016-9603", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9503"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-822.NASL", "href": "https://www.tenable.com/plugins/nessus/101758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-822.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101758);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2017-5579\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2017-822)\");\n script_summary(english:\"Check for the openSUSE-2017-822 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042159).\n\n - CVE-2017-8379: Memory leak in the keyboard input event\n handlers support allowed local guest OS privileged users\n to cause a denial of service (host memory consumption)\n by rapidly generating large keyboard events\n (bsc#1037334).\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037242).\n\n - CVE-2017-7493: The VirtFS, host directory sharing via\n Plan 9 File System(9pfs) support, was vulnerable to an\n improper access control issue. It could occur while\n accessing virtfs metadata files in mapped-file security\n mode. A guest user could have used this flaw to escalate\n their privileges inside guest (bsc#1039495).\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate\n functions in hw/9pfs/9p.c allowed local guest OS\n privileged users to cause a denial of service (file\n descriptor or memory consumption) via vectors related to\n an already in-use fid (bsc#1032075).\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr\n function in hw/9pfs/9p-xattr.c allowed local guest OS\n privileged users to cause a denial of service (memory\n consumption) via vectors involving the orig_value\n variable (bsc#1035950).\n\n - CVE-2017-5973: A infinite loop while doing control\n transfer in xhci_kick_epctx allowed privileged user\n inside the guest to crash the host process resulting in\n DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks\n function in hw/sd/sdhci.c allowed local OS guest\n privileged users to cause a denial of service (infinite\n loop and QEMU process crash) via vectors involving the\n transfer mode register during multi block transfer\n (bsc#1025311).\n\n - CVE-2017-6505: The ohci_service_ed_list function in\n hw/usb/hcd-ohci.c allowed local guest OS users to cause\n a denial of service (infinite loop) via vectors\n involving the number of link endpoint list descriptors\n (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the\n Cirrus CLGD 54xx VGA Emulator support allowed privileged\n user inside guest to use this flaw to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code on a host with privileges of Qemu process\n on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036211).\n\n - CVE-2017-9375: The USB xHCI controller emulator support\n was vulnerable to an infinite recursive call loop issue,\n which allowed a privileged user inside guest to crash\n the Qemu process resulting in DoS (bsc#1042800).\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043073).\n\n - CVE-2017-9373: The IDE AHCI Emulation support was\n vulnerable to a host memory leakage issue, which allowed\n a privileged user inside guest to leak host memory\n resulting in DoS (bsc#1042801).\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to an out-of-bounds\n read access issue which allowed a privileged user inside\n guest to read host memory resulting in DoS\n (bsc#1037336).\n\n - CVE-2016-9602: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper link following issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1020427).\n\n - CVE-2017-7471: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper access control issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1034866).\n\n - Fix privilege escalation in TCG mode of QEMU. This is\n not considered a security issue by the upstream project,\n but is included as additional hardening (bsc#1030624)\n\n - Fix potential DoS in virtfs\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084, bsc#1016503)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081, bsc#1016504)\n\n - CVE-2017-5579: The 16550A UART serial device emulation\n support was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043296).\n\nThis non-security issue was fixed :\n\n - Enable MONITOR/MWAIT support for guests (bsc#1031142)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043296\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-debugsource-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ipxe-1.0.0-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-kvm-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-lang-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-2.6.2-31.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debuginfo-2.6.2-31.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debugsource-2.6.2-31.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-seabios-1.9.1-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-sgabios-8-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-testsuite-2.6.2-31.3.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-vgabios-1.9.1-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-debuginfo-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-31.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-31.3.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:46", "description": "This update for kvm fixes several issues. These security issues were fixed :\n\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427)\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674).\n\n - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902).\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334).\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585).\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122).\n\n - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n\n - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109)\n\n - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184)\n\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866)\n\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406)\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159)\n\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801)\n\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296)\n\n - Privilege escalation in TCG mode (bsc#1030624)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9602", "CVE-2016-9603", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-13672", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-6505", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8309", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9375", "CVE-2017-9503"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2963-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104494", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2963-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104494);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-5579\", \"CVE-2017-5973\", \"CVE-2017-6505\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8309\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9375\", \"CVE-2017-9503\");\n\n script_name(english:\"SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for kvm fixes several issues. These security issues were\nfixed :\n\n - CVE-2016-9602: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper link following issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1020427)\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028656)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed\n local guest OS users to cause a denial of service (QEMU\n process crash) via vectors related to logging debug\n messages (bsc#1047674).\n\n - CVE-2017-11334: The address_space_write_continue\n function allowed local guest OS privileged users to\n cause a denial of service (out-of-bounds access and\n guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048902).\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049381)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334).\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585).\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069).\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122).\n\n - CVE-2017-5579: The 16550A UART serial device emulation\n support was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021741)\n\n - CVE-2017-5973: A infinite loop while doing control\n transfer in xhci_kick_epctx allowed privileged user\n inside the guest to crash the host process resulting in\n DoS (bsc#1025109)\n\n - CVE-2017-6505: The ohci_service_ed_list function allowed\n local guest OS users to cause a denial of service\n (infinite loop) via vectors involving the number of link\n endpoint list descriptors (bsc#1028184)\n\n - CVE-2017-7471: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper access control issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1034866)\n\n - CVE-2017-7493: The VirtFS, host directory sharing via\n Plan 9 File System(9pfs) support, was vulnerable to an\n improper access control issue. It could occur while\n accessing virtfs metadata files in mapped-file security\n mode. A guest user could have used this flaw to escalate\n their privileges inside guest (bsc#1039495)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the\n Cirrus CLGD 54xx VGA Emulator support allowed privileged\n user inside guest to use this flaw to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code on a host with privileges of Qemu process\n on the host (bsc#1035406)\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr\n function in hw/9pfs/9p-xattr.c allowed local guest OS\n privileged users to cause a denial of service (memory\n consumption) via vectors involving the orig_value\n variable (bsc#1035950)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037242)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042159)\n\n - CVE-2017-9373: The IDE AHCI Emulation support was\n vulnerable to a host memory leakage issue, which allowed\n a privileged user inside guest to leak host memory\n resulting in DoS (bsc#1042801)\n\n - CVE-2017-9375: The USB xHCI controller emulator support\n was vulnerable to an infinite recursive call loop issue,\n which allowed a privileged user inside guest to crash\n the Qemu process resulting in DoS (bsc#1042800)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043296)\n\n - Privilege escalation in TCG mode (bsc#1030624)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7493/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7980/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172963-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66f57a3a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kvm-13342=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kvm-1.4.2-60.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-29T01:09:03", "description": "Security Fix(es) :\n\n - An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n - An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.\n (CVE-2017-7718)\n\nBug Fix(es) :\n\n - Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170613)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170613_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/100779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100779);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170613)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An out-of-bounds r/w access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The vulnerability\n could occur while copying VGA data via various bitblt\n functions. A privileged user inside a guest could use\n this flaw to crash the QEMU process or, potentially,\n execute arbitrary code on the host with privileges of\n the QEMU process. (CVE-2017-7980)\n\n - An out-of-bounds access issue was found in QEMU's Cirrus\n CLGD 54xx VGA Emulator support. The vulnerability could\n occur while copying VGA data using bitblt functions (for\n example, cirrus_bitblt_rop_fwd_transp_). A privileged\n user inside a guest could use this flaw to crash the\n QEMU process, resulting in denial of service.\n (CVE-2017-7718)\n\nBug Fix(es) :\n\n - Previously, guest virtual machines in some cases became\n unresponsive when the 'pty' back end of a serial device\n performed an irregular I/O communication. This update\n improves the handling of serial I/O on guests, which\n prevents the described problem from occurring.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=1955\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdfbf3f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-126.el7_3.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-29T01:09:16", "description": "From Red Hat Security Advisory 2017:1430 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring.\n(BZ#1452332)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2017-1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/100776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1430 and \n# Oracle Linux Security Advisory ELSA-2017-1430 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100776);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_xref(name:\"RHSA\", value:\"2017:1430\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2017-1430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:1430 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD\n54xx VGA Emulator support. The vulnerability could occur while copying\nVGA data via various bitblt functions. A privileged user inside a\nguest could use this flaw to crash the QEMU process or, potentially,\nexecute arbitrary code on the host with privileges of the QEMU\nprocess. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA\ndata using bitblt functions (for example,\ncirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could\nuse this flaw to crash the QEMU process, resulting in denial of\nservice. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang\n(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT\nHuawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive\nwhen the 'pty' back end of a serial device performed an irregular I/O\ncommunication. This update improves the handling of serial I/O on\nguests, which prevents the described problem from occurring.\n(BZ#1452332)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/006980.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-126.el7_3.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:11", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843)\n\n - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844).\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994).\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655)\n\nThese non-security issues were fixed :\n\n - bsc#1029827: Additional xenstore patch\n\n - bsc#1036146: Xen VM dumped core to wrong path\n\n - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom This update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-05-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2017-563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-7718"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-563.NASL", "href": "https://www.tenable.com/plugins/nessus/100086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-563.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100086);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-7718\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-563)\");\n script_summary(english:\"Check for the openSUSE-2017-563 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - A malicious 64-bit PV guest may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks by placing a IRET\n hypercall in the middle of a multicall batch (XSA-213,\n bsc#1034843)\n\n - A malicious pair of guests may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks because of a missing\n check when transfering pages via GNTTABOP_transfer\n (XSA-214, bsc#1034844).\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034994).\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028655)\n\nThese non-security issues were fixed :\n\n - bsc#1029827: Additional xenstore patch\n\n - bsc#1036146: Xen VM dumped core to wrong path\n\n - bsc#1022703: Prevent Xen HVM guest with OVMF to hang\n with unattached CDRom This update was imported from the\n SUSE:SLE-12-SP2:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036146\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-debugsource-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-devel-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-debuginfo-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-debuginfo-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.2_04-11.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.2_04-11.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-29T01:09:41", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring.\n(BZ#1452332)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2017:1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/100777", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1430. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100777);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_xref(name:\"RHSA\", value:\"2017:1430\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2017:1430)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD\n54xx VGA Emulator support. The vulnerability could occur while copying\nVGA data via various bitblt functions. A privileged user inside a\nguest could use this flaw to crash the QEMU process or, potentially,\nexecute arbitrary code on the host with privileges of the QEMU\nprocess. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA\ndata using bitblt functions (for example,\ncirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could\nuse this flaw to crash the QEMU process, resulting in denial of\nservice. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang\n(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT\nHuawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive\nwhen the 'pty' back end of a serial device performed an irregular I/O\ncommunication. This update improves the handling of serial I/O on\nguests, which prevents the described problem from occurring.\n(BZ#1452332)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7980\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1430\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-126.el7_3.9\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-126.el7_3.9\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-126.el7_3.9\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-126.el7_3.9\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-126.el7_3.9\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:03", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843)\n\n - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844).\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994).\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1143-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9603", "CVE-2017-7718"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1143-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99959);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-7718\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1143-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - A malicious 64-bit PV guest may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks by placing a IRET\n hypercall in the middle of a multicall batch (XSA-213,\n bsc#1034843)\n\n - A malicious pair of guests may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks because of a missing\n check when transfering pages via GNTTABOP_transfer\n (XSA-214, bsc#1034844).\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034994).\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028655)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7718/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171143-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93872939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-663=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-663=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-663=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_04-39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.2_04-39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-29T01:08:14", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring.\n(BZ#1452332)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:qemu-img", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-common", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/101479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101479);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-7718\",\n \"CVE-2017-7980\"\n );\n\n script_name(english:\"Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-1430)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD\n54xx VGA Emulator support. The vulnerability could occur while copying\nVGA data via various bitblt functions. A privileged user inside a\nguest could use this flaw to crash the QEMU process or, potentially,\nexecute arbitrary code on the host with privileges of the QEMU\nprocess. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA\ndata using bitblt functions (for example,\ncirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could\nuse this flaw to crash the QEMU process, resulting in denial of\nservice. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang\n(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT\nHuawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive\nwhen the 'pty' back end of a serial device performed an irregular I/O\ncommunication. This update improves the handling of serial I/O on\nguests, which prevents the described problem from occurring.\n(BZ#1452332)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1430.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75ad6a40\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-1430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-img / qemu-kvm / qemu-kvm-common / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-126.vl7.9\",\n \"qemu-kvm-1.5.3-126.vl7.9\",\n \"qemu-kvm-common-1.5.3-126.vl7.9\",\n \"qemu-kvm-tools-1.5.3-126.vl7.9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-29T01:09:15", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive when the 'pty' back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring.\n(BZ#1452332)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "CentOS 7 : qemu-kvm (CESA-2017:1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-kvm-common", "p-cpe:/a:centos:centos:qemu-kvm-tools", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/100770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1430 and \n# CentOS Errata and Security Advisory 2017:1430 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100770);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n script_xref(name:\"RHSA\", value:\"2017:1430\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2017:1430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD\n54xx VGA Emulator support. The vulnerability could occur while copying\nVGA data via various bitblt functions. A privileged user inside a\nguest could use this flaw to crash the QEMU process or, potentially,\nexecute arbitrary code on the host with privileges of the QEMU\nprocess. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx\nVGA Emulator support. The vulnerability could occur while copying VGA\ndata using bitblt functions (for example,\ncirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could\nuse this flaw to crash the QEMU process, resulting in denial of\nservice. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang\n(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT\nHuawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es) :\n\n* Previously, guest virtual machines in some cases became unresponsive\nwhen the 'pty' back end of a serial device performed an irregular I/O\ncommunication. This update improves the handling of serial I/O on\nguests, which prevents the described problem from occurring.\n(BZ#1452332)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022458.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa2f00b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7980\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-126.el7_3.9\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-126.el7_3.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-29T01:10:02", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035483).\n\n - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843)\n\n - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844).\n\n - Incorrect checks when handling exceptions allowed a malicious or buggy 64-bit PV guest to modify part of a physical memory page not belonging to it, potentially allowing for all of privilege escalation, host or other guest crashes, and information leaks (XSA-215, bsc#1034845)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1148-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1148-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1148-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99963);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7718\", \"CVE-2017-7980\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1148-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the\n Cirrus CLGD 54xx VGA Emulator support allowed privileged\n user inside guest to use this flaw to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code on a host with privileges of Qemu process\n on the host (bsc#1035483).\n\n - A malicious 64-bit PV guest may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks by placing a IRET\n hypercall in the middle of a multicall batch (XSA-213,\n bsc#1034843)\n\n - A malicious pair of guests may be able to access all of\n system memory, allowing for all of privilege escalation,\n host crashes, and information leaks because of a missing\n check when transfering pages via GNTTABOP_transfer\n (XSA-214, bsc#1034844).\n\n - Incorrect checks when handling exceptions allowed a\n malicious or buggy 64-bit PV guest to modify part of a\n physical memory page not belonging to it, potentially\n allowing for all of privilege escalation, host or other\n guest crashes, and information leaks (XSA-215,\n bsc#1034845)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034994).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7980/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171148-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?083410a5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-665=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-665=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_18_k3.12.61_52.69-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_18_k3.12.61_52.69-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_18-22.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.4.4_18-22.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-29T01:08:37", "description": "According to the versions of the qemu-kvm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.\n (CVE-2017-7718)\n\n - An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-img", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1118.NASL", "href": "https://www.tenable.com/plugins/nessus/101850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101850);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7718\",\n \"CVE-2017-7980\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1118)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The\n vulnerability could occur while copying VGA data using\n bitblt functions (for example,\n cirrus_bitblt_rop_fwd_transp_). A privileged user\n inside a guest could use this flaw to crash the QEMU\n process, resulting in denial of service.\n (CVE-2017-7718)\n\n - An out-of-bounds r/w access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The\n vulnerability could occur while copying VGA data via\n various bitblt functions. A privileged user inside a\n guest could use this flaw to crash the QEMU process or,\n potentially, execute arbitrary code on the host with\n privileges of the QEMU process. (CVE-2017-7980)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1118\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a2db438\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-126.9.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-30T00:51:36", "description": "According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.\n (CVE-2017-7718)\n\n - An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7718", "CVE-2017-7980"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/101851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101851);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7718\",\n \"CVE-2017-7980\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1119)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The\n vulnerability could occur while copying VGA data using\n bitblt functions (for example,\n cirrus_bitblt_rop_fwd_transp_). A privileged user\n inside a guest could use this flaw to crash the QEMU\n process, resulting in denial of service.\n (CVE-2017-7718)\n\n - An out-of-bounds r/w access issue was found in QEMU's\n Cirrus CLGD 54xx VGA Emulator support. The\n vulnerability could occur while copying VGA data via\n various bitblt functions. A privileged user inside a\n guest could use this flaw to crash the QEMU process or,\n potentially, execute arbitrary code on the host with\n privileges of the QEMU process. (CVE-2017-7980)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1119\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51dd6fe3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-126.9\",\n \"qemu-kvm-1.5.3-126.9\",\n \"qemu-kvm-common-1.5.3-126.9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:50", "description": "According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its assocated peripherals. As qemu-kvm requires no host kernel patches to run, it is safe and easy to use. Security Fix(es):Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.(CVE-2016-10155)Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.(CVE-2017-8309)Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.(CVE-2017-8379)hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.\n (CVE-2017-16845)The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.(CVE-2017-18030)Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.(CVE-2017-7471)An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure.\n This flaw affects versions of libslirp before 4.3.1.(CVE-2020-10756)The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.(CVE-2016-8667)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2019-1633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10155", "CVE-2016-8667", "CVE-2017-16845", "CVE-2017-18030", "CVE-2017-7471", "CVE-2017-8309", "CVE-2017-8379", "CVE-2020-10756"], "modified": "2021-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-kvm-tools", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1633.NASL", "href": "https://www.tenable.com/plugins/nessus/125585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125585);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/08\");\n\n script_cve_id(\n \"CVE-2016-10155\",\n \"CVE-2016-8667\",\n \"CVE-2017-16845\",\n \"CVE-2017-18030\",\n \"CVE-2017-7471\",\n \"CVE-2017-8309\",\n \"CVE-2017-8379\",\n \"CVE-2020-10756\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2019-1633)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - qemu-kvm is an open source virtualizer that provides\n hardware emulation for the KVM hypervisor. qemu-kvm\n acts as a virtual machine monitor together with the KVM\n kernel modules, and emulates the hardware for a full\n system such as a PC and its assocated peripherals. As\n qemu-kvm requires no host kernel patches to run, it is\n safe and easy to use. Security Fix(es):Memory leak in\n hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator)\n allows local guest OS privileged users to cause a\n denial of service (host memory consumption and QEMU\n process crash) via a large number of device unplug\n operations.(CVE-2016-10155)Memory leak in the\n audio/audio.c in QEMU (aka Quick Emulator) allows\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture.(CVE-2017-8309)Memory leak in the keyboard\n input event handlers support in QEMU (aka Quick\n Emulator) allows local guest OS privileged users to\n cause a denial of service (host memory consumption) by\n rapidly generating large keyboard\n events.(CVE-2017-8379)hw/input/ps2.c in Qemu does not\n validate 'rptr' and 'count' values during guest\n migration, leading to out-of-bounds access.\n (CVE-2017-16845)The cirrus_invalidate_region function\n in hw/display/cirrus_vga.c in Qemu allows local OS\n guest privileged users to cause a denial of service\n (out-of-bounds array access and QEMU process crash) via\n vectors related to negative pitch.(CVE-2017-18030)Quick\n Emulator (Qemu) built with the VirtFS, host directory\n sharing via Plan 9 File System (9pfs) support, is\n vulnerable to an improper access control issue. It\n could occur while accessing files on a shared host\n directory. A privileged user inside guest could use\n this flaw to access host file system beyond the shared\n folder and potentially escalating their privileges on a\n host.(CVE-2017-7471)An out-of-bounds read vulnerability\n was found in the SLiRP networking implementation of the\n QEMU emulator. This flaw occurs in the\n icmp6_send_echoreply() routine while replying to an\n ICMP echo request, also known as ping. This flaw allows\n a malicious guest to leak the contents of the host\n memory, resulting in possible information disclosure.\n This flaw affects versions of libslirp before\n 4.3.1.(CVE-2020-10756)The rc4030_write function in\n hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows\n local guest OS administrators to cause a denial of\n service (divide-by-zero error and QEMU process crash)\n via a large interval timer reload value.(CVE-2016-8667)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1633\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?187ee9d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7471\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-2.8.1-30.062\",\n \"qemu-kvm-2.8.1-30.062\",\n \"qemu-kvm-common-2.8.1-30.062\",\n \"qemu-kvm-tools-2.8.1-30.062\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:04", "description": "- Fix xen pv graphical display failure (bz #1350264)\n\n - CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876)\n\n - CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-05-16T00:00:00", "type": "nessus", "title": "Fedora 24 : 2:qemu (2017-374389c196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8667", "CVE-2017-5579"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:qemu", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-374389C196.NASL", "href": "https://www.tenable.com/plugins/nessus/100186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-374389c196.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100186);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8667\", \"CVE-2017-5579\");\n script_xref(name:\"FEDORA\", value:\"2017-374389c196\");\n\n script_name(english:\"Fedora 24 : 2:qemu (2017-374389c196)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix xen pv graphical display failure (bz #1350264)\n\n - CVE-2016-8667: dma: divide by zero error in\n set_next_tick (bz #1384876)\n\n - CVE-2017-5579: serial: fix memory leak in serial exit\n (bz #1416161)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-374389c196\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"qemu-2.6.2-8.fc24\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:37:35", "description": "- chardev data is dropped when host side closed (bz #1352977)\n\n - CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876)\n\n - IPv6 DNS problems in qemu user networking (bz #1401165)\n\n - Fix crash in qxl memslot_get_virt (bz #1405847)\n\n - CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161)\n\n - spec: Pull in ipxe/vgabios links via -common package (bz #1431403)\n\n - Clean up binfmt.d configuration files (bz #1394859)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/U

[SECURITY] Fedora 25 Update: xen-4.7.3-4.fc25

Description

Affected Package

Related