{"id": "FEDORA:B93A9606730B", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 24 Update: xen-4.6.4-4.fc24", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "published": "2016-12-23T13:51:19", "modified": "2016-12-23T13:51:19", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-9637", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9818", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922", "CVE-2016-9932"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "fedora", "idList": ["FEDORA:96CED60CA522", "FEDORA:3D25F60BA90D", "FEDORA:B9F69605DCC4", "FEDORA:96EDD607628D"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872304", "OPENVAS:13614125623101140113", "OPENVAS:1361412562310871729", "OPENVAS:1361412562310851499", "OPENVAS:1361412562310872184", "OPENVAS:1361412562310872282", "OPENVAS:1361412562310872166", "OPENVAS:1361412562310851522", "OPENVAS:1361412562310872169", "OPENVAS:1361412562310882613"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-764.NASL", "GENTOO_GLSA-201701-49.NASL", "FEDORA_2016-CC2916DCF4.NASL", "SUSE_SU-2017-0571-1.NASL", "DEBIAN_DLA-765.NASL", "OPENSUSE-2017-329.NASL", "XEN_SERVER_XSA-200.NASL", "FEDORA_2016-BCBAE0781F.NASL", "GENTOO_GLSA-201612-56.NASL", "FEDORA_2016-1B868C23A9.NASL"]}, {"type": "cve", "idList": ["CVE-2016-9913", "CVE-2016-9932", "CVE-2016-9817", "CVE-2016-9921", "CVE-2016-9915", "CVE-2016-9816", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9922", "CVE-2016-9818"]}, {"type": "citrix", "idList": ["CTX219378", "CTX219136"]}, {"type": "gentoo", "idList": ["GLSA-201701-49", "GLSA-201612-56"]}, {"type": "debian", "idList": ["DEBIAN:DLA-964-1:19E02", "DEBIAN:DLA-1270-1:33BEE", "DEBIAN:DSA-3847-1:1358E", "DEBIAN:DLA-764-1:07A0F", "DEBIAN:DLA-765-1:ABFD9"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1135-1", "SUSE-SU-2016:3207-1", "SUSE-SU-2017:0661-1", "SUSE-SU-2016:3221-1", "SUSE-SU-2017:0571-1", "OPENSUSE-SU-2017:0665-1", "SUSE-SU-2017:0718-1", "SUSE-SU-2016:3241-1", "SUSE-SU-2017:0127-1", "OPENSUSE-SU-2017:0194-1"]}, {"type": "freebsd", "idList": ["80A897A2-C1A6-11E6-AE1B-002590263BF5"]}, {"type": "xen", "idList": ["XSA-200", "XSA-199"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2963"]}, {"type": "centos", "idList": ["CESA-2016:2963"]}, {"type": "redhat", "idList": ["RHSA-2016:2963"]}, {"type": "ubuntu", "idList": ["USN-3261-1"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 5.8}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "24", "arch": "any", "packageName": "xen", "packageVersion": "4.6.4", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9818", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2016-12-19T01:27:21", "published": "2016-12-19T01:27:21", "id": "FEDORA:3D25F60BA90D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: xen-4.5.5-5.fc23", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922", "CVE-2016-9932"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2016-12-19T23:25:44", "published": "2016-12-19T23:25:44", "id": "FEDORA:B9F69605DCC4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.1-5.fc25", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10028", "CVE-2016-6836", "CVE-2016-7909", "CVE-2016-7994", "CVE-2016-8577", "CVE-2016-8578", "CVE-2016-8668", "CVE-2016-8669", "CVE-2016-8909", "CVE-2016-8910", "CVE-2016-9101", "CVE-2016-9102", "CVE-2016-9103", "CVE-2016-9104", "CVE-2016-9105", "CVE-2016-9106", "CVE-2016-9381", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2017-01-25T20:23:25", "published": "2017-01-25T20:23:25", "id": "FEDORA:96EDD607628D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: qemu-2.6.2-6.fc24", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10028", "CVE-2016-6836", "CVE-2016-7909", "CVE-2016-7994", "CVE-2016-8577", "CVE-2016-8578", "CVE-2016-8668", "CVE-2016-8669", "CVE-2016-8909", "CVE-2016-9101", "CVE-2016-9102", "CVE-2016-9103", "CVE-2016-9104", "CVE-2016-9105", "CVE-2016-9106", "CVE-2016-9381", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2017-01-20T18:11:06", "published": "2017-01-20T18:11:06", "id": "FEDORA:96CED60CA522", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: qemu-2.7.1-2.fc25", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9932", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-26T00:00:00", "id": "OPENVAS:1361412562310872184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872184", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-bcbae0781f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-bcbae0781f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872184\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-26 06:03:41 +0100 (Mon, 26 Dec 2016)\");\n script_cve_id(\"CVE-2016-9932\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\",\n \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9637\",\n \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-bcbae0781f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-bcbae0781f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTUTHSETSKEL5RS2HA3FWRYANKYMNOXJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.6.4~4.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9932", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-20T00:00:00", "id": "OPENVAS:1361412562310872169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872169", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-1b868c23a9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-1b868c23a9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872169\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-20 06:00:50 +0100 (Tue, 20 Dec 2016)\");\n script_cve_id(\"CVE-2016-9932\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\",\n \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9913\",\n \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-1b868c23a9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1b868c23a9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7OVS6LN5Y35RH3ERTM3HS25TCWC4HQH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.1~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-19T00:00:00", "id": "OPENVAS:1361412562310872166", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872166", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-cc2916dcf4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-cc2916dcf4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872166\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-19 06:13:39 +0100 (Mon, 19 Dec 2016)\");\n script_cve_id(\"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\", \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9637\", \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-cc2916dcf4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-cc2916dcf4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBJRH37EFT37GXFTPXFFF6VA2QUNBKPB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.5.5~5.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:28:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-03-12T00:00:00", "id": "OPENVAS:1361412562310851522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851522", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:0665-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851522\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-12 05:48:22 +0100 (Sun, 12 Mar 2017)\");\n script_cve_id(\"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:0665-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation\n (bsc#1024834).\n\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004).\n\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0665-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.1_06~9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-12-21T00:00:00", "id": "OPENVAS:1361412562310871729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871729", "type": "openvas", "title": "RedHat Update for xen RHSA-2016:2963-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2016:2963-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871729\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-21 05:44:22 +0100 (Wed, 21 Dec 2016)\");\n script_cve_id(\"CVE-2016-9637\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for xen RHSA-2016:2963-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Xen is a virtual machine monitor\n\nSecurity Fix(es):\n\n * An out of bounds array access issue was found in the Xen virtual machine\nmonitor, built with the QEMU ioport support. It could occur while doing\nioport read/write operations, if guest was to supply a 32bit address\nparameter. A privileged guest user/process could use this flaw to\npotentially escalate their privileges on a host. (CVE-2016-9637)\n\nRed Hat would like to thank the Xen project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2963-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-December/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~148.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~148.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637"], "description": "Check the version of xen", "modified": "2019-03-08T00:00:00", "published": "2016-12-21T00:00:00", "id": "OPENVAS:1361412562310882613", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882613", "type": "openvas", "title": "CentOS Update for xen CESA-2016:2963 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2016:2963 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882613\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-21 05:44:51 +0100 (Wed, 21 Dec 2016)\");\n script_cve_id(\"CVE-2016-9637\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for xen CESA-2016:2963 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of xen\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Xen is a virtual machine monitor\n\nSecurity Fix(es):\n\n * An out of bounds array access issue was found in the Xen virtual machine\nmonitor, built with the QEMU ioport support. It could occur while doing\nioport read/write operations, if guest was to supply a 32bit address\nparameter. A privileged guest user/process could use this flaw to\npotentially escalate their privileges on a host. (CVE-2016-9637)\n\nRed Hat would like to thank the Xen project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"xen on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2963\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022181.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~148.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~148.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~148.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:47:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2016-9922", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-9103", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9102"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310851499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851499", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0194-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851499\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:15:38 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-9102\", \"CVE-2016-9103\", \"CVE-2016-9381\", \"CVE-2016-9776\",\n \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\", \"CVE-2016-9908\",\n \"CVE-2016-9911\", \"CVE-2016-9912\", \"CVE-2016-9913\", \"CVE-2016-9921\",\n \"CVE-2016-9922\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0194-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"qemu was updated to fix several issues.\n\n These security issues were fixed:\n\n - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in\n hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial\n of service (memory consumption and QEMU process crash) via a large\n number of Txattrcreate messages with the same fid number (bsc#1014256).\n\n - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed\n local guest OS administrators to obtain sensitive host heap memory\n information by reading xattribute values writing to them (bsc#1007454).\n\n - CVE-2016-9381: Improper processing of shared rings allowing guest\n administrators take over the qemu process, elevating their privilege to\n that of the qemu process (bsc#1009109)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285).\n\n - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could\n have used this flaw to leak contents of the host memory (bsc#1013767).\n\n - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while updating the cursor data in\n update_cursor_data_virgl. A guest user/process could have used this flaw\n to leak host memory bytes, resulting in DoS for the host (bsc#1013764).\n\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109).\n\n - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have\n used this flaw to leak contents of the host memory (bsc#1014514).\n\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111).\n\n - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while destroying gpu resource object in\n 'virtio_gpu_resource_destroy'. A guest user/process co ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0194-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~26.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8577", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-8668", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-8578", "CVE-2016-9912", "CVE-2016-8669", "CVE-2016-9103", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-7994", "CVE-2016-8909", "CVE-2016-9921", "CVE-2016-9104", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9106", "CVE-2016-9102", "CVE-2016-7909", "CVE-2016-9105", "CVE-2016-6836"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-21T00:00:00", "id": "OPENVAS:1361412562310872282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872282", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-b953d4d3a4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-b953d4d3a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872282\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-21 05:44:03 +0100 (Sat, 21 Jan 2017)\");\n script_cve_id(\"CVE-2016-6836\", \"CVE-2016-7909\", \"CVE-2016-7994\", \"CVE-2016-8577\",\n\t\t\"CVE-2016-8578\", \"CVE-2016-8668\", \"CVE-2016-8669\", \"CVE-2016-8909\",\n\t\t\"CVE-2016-9101\", \"CVE-2016-9103\", \"CVE-2016-9102\", \"CVE-2016-9104\",\n\t\t\"CVE-2016-9105\", \"CVE-2016-9106\", \"CVE-2016-9381\", \"CVE-2016-9921\",\n\t\t\"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\",\n\t\t\"CVE-2016-9911\", \"CVE-2016-9913\", \"CVE-2016-10028\", \"CVE-2016-9908\",\n\t\t\"CVE-2016-9912\", \"CVE-2016-9922\", \"CVE-2016-9914\", \"CVE-2016-9915\",\n\t\t\"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-b953d4d3a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b953d4d3a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P2MMLAOGAYXF3BJW7266UZLPLFAXJRS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8577", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-8668", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-8578", "CVE-2016-9912", "CVE-2016-8669", "CVE-2016-9103", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-8910", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-7994", "CVE-2016-8909", "CVE-2016-9921", "CVE-2016-9104", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9106", "CVE-2016-9102", "CVE-2016-7909", "CVE-2016-9105", "CVE-2016-6836"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-26T00:00:00", "id": "OPENVAS:1361412562310872304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872304", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-12394e2cc7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-12394e2cc7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872304\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-26 05:46:11 +0100 (Thu, 26 Jan 2017)\");\n script_cve_id(\"CVE-2016-6836\", \"CVE-2016-7909\", \"CVE-2016-7994\", \"CVE-2016-8577\",\n\t\t\"CVE-2016-8578\", \"CVE-2016-8668\", \"CVE-2016-8669\", \"CVE-2016-8910\",\n\t\t\"CVE-2016-8909\", \"CVE-2016-9101\", \"CVE-2016-9103\", \"CVE-2016-9102\",\n\t\t\"CVE-2016-9104\", \"CVE-2016-9105\", \"CVE-2016-9106\", \"CVE-2016-9381\",\n\t\t\"CVE-2016-9921\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\",\n\t\t\"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9913\", \"CVE-2016-10028\",\n\t\t\"CVE-2016-9908\", \"CVE-2016-9912\", \"CVE-2016-9922\", \"CVE-2016-9914\",\n\t\t\"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-12394e2cc7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-12394e2cc7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZR6TVHCSVY76P44HEPPSZLBWWKTNM4V7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~6.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:30:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9932", "CVE-2016-10025", "CVE-2016-10024"], "description": "Security vulnerabilities have been identified in Citrix XenServer that may allow malicious\n code running within a guest VM to read a small part of hypervisor memory and allow privileged-mode code running within a guest\n VM to hang or crash the host.", "modified": "2020-04-02T00:00:00", "published": "2017-01-03T00:00:00", "id": "OPENVAS:13614125623101140113", "href": "http://plugins.openvas.org/nasl.php?oid=13614125623101140113", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX219378)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX219378)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.1140113\");\n script_cve_id(\"CVE-2016-9932\", \"CVE-2016-10024\", \"CVE-2016-10025\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"2020-04-02T13:53:24+0000\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX219378)\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX219378\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"Security vulnerabilities have been identified in Citrix XenServer that may allow malicious\n code running within a guest VM to read a small part of hypervisor memory and allow privileged-mode code running within a guest\n VM to hang or crash the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2016-9932 (Low): x86 CMPXCHG8B emulation fails to ignore operand size override\n\n - CVE-2016-10024 (Medium): x86 PV guests may be able to mask interrupts\n\n - CVE-2016-10025 (Low): missing NULL pointer check in VMFUNC emulation\");\n\n script_tag(name:\"affected\", value:\"These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-03 10:14:13 +0100 (Tue, 03 Jan 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\nif( ! hotfixes = get_kb_item(\"xenserver/patches\") )\n exit( 0 );\n\npatches = make_array();\n\npatches['7.0.0'] = make_list( 'XS70E023' );\npatches['6.5.0'] = make_list( 'XS65ESP1046' );\npatches['6.2.0'] = make_list( 'XS62ESP1054' );\npatches['6.0.2'] = make_list( 'XS602ECC039' );\n\ncitrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );\n\nexit( 99 );\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:14:44", "description": "x86 CMPXCHG8B emulation fails to ignore operand size override\n[XSA-200, CVE-2016-9932] (#1404262)\n\n----\n\nARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\nCVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide\nby zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921,\nCVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks\n(#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-12-27T00:00:00", "title": "Fedora 24 : xen (2016-bcbae0781f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9922", "CVE-2016-9932", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "modified": "2016-12-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-BCBAE0781F.NASL", "href": "https://www.tenable.com/plugins/nessus/96113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-bcbae0781f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96113);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9637\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\", \"CVE-2016-9818\", \"CVE-2016-9913\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9932\");\n script_xref(name:\"FEDORA\", value:\"2016-bcbae0781f\");\n\n script_name(english:\"Fedora 24 : xen (2016-bcbae0781f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86 CMPXCHG8B emulation fails to ignore operand size override\n[XSA-200, CVE-2016-9932] (#1404262)\n\n----\n\nARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\nCVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide\nby zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921,\nCVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks\n(#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-bcbae0781f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"xen-4.6.4-4.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:14:49", "description": "ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\nCVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide\nby zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921,\nCVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks\n(#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-12-20T00:00:00", "title": "Fedora 23 : xen (2016-cc2916dcf4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9922", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "modified": "2016-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-CC2916DCF4.NASL", "href": "https://www.tenable.com/plugins/nessus/96025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-cc2916dcf4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96025);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9637\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\", \"CVE-2016-9818\", \"CVE-2016-9913\", \"CVE-2016-9921\", \"CVE-2016-9922\");\n script_xref(name:\"FEDORA\", value:\"2016-cc2916dcf4\");\n\n script_name(english:\"Fedora 23 : xen (2016-cc2916dcf4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\nCVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide\nby zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921,\nCVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks\n(#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc2916dcf4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"xen-4.5.5-5.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:14:01", "description": "x86 CMPXCHG8B emulation fails to ignore operand size override\n[XSA-200, CVE-2016-9932] (#1404262)\n\n----\n\nARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2016-12-20T00:00:00", "title": "Fedora 25 : xen (2016-1b868c23a9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9932", "CVE-2016-9815", "CVE-2016-9921", "CVE-2016-9913"], "modified": "2016-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-1B868C23A9.NASL", "href": "https://www.tenable.com/plugins/nessus/95945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-1b868c23a9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95945);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9815\", \"CVE-2016-9913\", \"CVE-2016-9921\", \"CVE-2016-9932\");\n script_xref(name:\"FEDORA\", value:\"2016-1b868c23a9\");\n\n script_name(english:\"Fedora 25 : xen (2016-1b868c23a9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86 CMPXCHG8B emulation fails to ignore operand size override\n[XSA-200, CVE-2016-9932] (#1404262)\n\n----\n\nARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b868c23a9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.1-5.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T11:05:32", "description": "The remote host is affected by the vulnerability described in GLSA-201612-56\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could possibly execute arbitrary code with the\n privileges of the process, could gain privileges on the host system,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "title": "GLSA-201612-56 : Xen: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9378", "CVE-2016-9384", "CVE-2016-9932", "CVE-2016-9383", "CVE-2016-9815", "CVE-2016-9380", "CVE-2016-9816", "CVE-2016-9381", "CVE-2016-9382", "CVE-2016-10024", "CVE-2016-9379", "CVE-2016-9386", "CVE-2016-9385", "CVE-2016-9817", "CVE-2016-9377"], "modified": "2017-01-03T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-pvgrub", "p-cpe:/a:gentoo:linux:xen-tools"], "id": "GENTOO_GLSA-201612-56.NASL", "href": "https://www.tenable.com/plugins/nessus/96231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-56.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96231);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10024\", \"CVE-2016-9377\", \"CVE-2016-9378\", \"CVE-2016-9379\", \"CVE-2016-9380\", \"CVE-2016-9381\", \"CVE-2016-9382\", \"CVE-2016-9383\", \"CVE-2016-9384\", \"CVE-2016-9385\", \"CVE-2016-9386\", \"CVE-2016-9637\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\", \"CVE-2016-9818\", \"CVE-2016-9932\");\n script_xref(name:\"GLSA\", value:\"201612-56\");\n script_xref(name:\"IAVB\", value:\"2017-B-0008-S\");\n\n script_name(english:\"GLSA-201612-56 : Xen: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-56\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could possibly execute arbitrary code with the\n privileges of the process, could gain privileges on the host system,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-56\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Xen users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.7.1-r4'\n All Xen Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/xen-tools-4.7.1-r4'\n All Xen PvGrub users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/xen-pvgrub-4.7.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-pvgrub\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/xen\", unaffected:make_list(\"ge 4.7.1-r4\"), vulnerable:make_list(\"lt 4.7.1-r4\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-pvgrub\", unaffected:make_list(\"ge 4.7.1-r1\"), vulnerable:make_list(\"lt 4.7.1-r1\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-tools\", unaffected:make_list(\"ge 4.7.1-r4\"), vulnerable:make_list(\"lt 4.7.1-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:44:11", "description": "Multiple vulnerabilities have been found in qemu-kvm :\n\nCVE-2016-9911\n\nqemu-kvm built with the USB EHCI Emulation support is vulnerable to a\nmemory leakage issue. It could occur while processing packet data in\n'ehci_init_transfer'. A guest user/process could use this issue to\nleak host memory, resulting in DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to a divide by zero issue. It could occur while copying VGA\ndata when cirrus graphics mode was set to be VGA. A privileged user\ninside guest could use this flaw to crash the Qemu process instance on\nthe host, resulting in DoS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2016-12-27T00:00:00", "title": "Debian DLA-765-1 : qemu-kvm security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9922", "CVE-2016-9921", "CVE-2016-9911"], "modified": "2016-12-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:kvm", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:qemu-kvm-dbg"], "id": "DEBIAN_DLA-765.NASL", "href": "https://www.tenable.com/plugins/nessus/96100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-765-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96100);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9911\", \"CVE-2016-9921\", \"CVE-2016-9922\");\n\n script_name(english:\"Debian DLA-765-1 : qemu-kvm security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in qemu-kvm :\n\nCVE-2016-9911\n\nqemu-kvm built with the USB EHCI Emulation support is vulnerable to a\nmemory leakage issue. It could occur while processing packet data in\n'ehci_init_transfer'. A guest user/process could use this issue to\nleak host memory, resulting in DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\nqemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to a divide by zero issue. It could occur while copying VGA\ndata when cirrus graphics mode was set to be VGA. A privileged user\ninside guest could use this flaw to crash the Qemu process instance on\nthe host, resulting in DoS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected kvm, qemu-kvm, and qemu-kvm-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:44:11", "description": "Multiple vulnerabilities have been found in QEMU :\n\nCVE-2016-9911\n\nQuick Emulator (Qemu) built with the USB EHCI Emulation support is\nvulnerable to a memory leakage issue. It could occur while processing\npacket data in 'ehci_init_transfer'. A guest user/ process could use\nthis issue to leak host memory, resulting in DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\nQuick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator\nsupport is vulnerable to a divide by zero issue. It could occur while\ncopying VGA data when cirrus graphics mode was set to be VGA. A\nprivileged user inside guest could use this flaw to crash the Qemu\nprocess instance on the host, resulting in DoS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2016-12-27T00:00:00", "title": "Debian DLA-764-1 : qemu security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9922", "CVE-2016-9921", "CVE-2016-9911"], "modified": "2016-12-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-utils", "p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-keymaps", "p-cpe:/a:debian:debian_linux:qemu-user", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:qemu-user-static"], "id": "DEBIAN_DLA-764.NASL", "href": "https://www.tenable.com/plugins/nessus/96099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-764-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96099);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9911\", \"CVE-2016-9921\", \"CVE-2016-9922\");\n\n script_name(english:\"Debian DLA-764-1 : qemu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in QEMU :\n\nCVE-2016-9911\n\nQuick Emulator (Qemu) built with the USB EHCI Emulation support is\nvulnerable to a memory leakage issue. It could occur while processing\npacket data in 'ehci_init_transfer'. A guest user/ process could use\nthis issue to leak host memory, resulting in DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\nQuick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator\nsupport is vulnerable to a divide by zero issue. It could occur while\ncopying VGA data when cirrus graphics mode was set to be VGA. A\nprivileged user inside guest could use this flaw to crash the Qemu\nprocess instance on the host, resulting in DoS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-keymaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:25:31", "description": "This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation\n (bsc#1024834).\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004).\n\n - A malicious guest could have, by frequently rebooting\n over extended periods of time, run the host system out\n of memory, resulting in a Denial of Service (DoS)\n (bsc#1022871)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1015169\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 35, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-28T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "modified": "2017-02-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2017-0571-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0571-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97433);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation\n (bsc#1024834).\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004).\n\n - A malicious guest could have, by frequently rebooting\n over extended periods of time, run the host system out\n of memory, resulting in a Denial of Service (DoS)\n (bsc#1022871)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1015169\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2620/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170571-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?565d0656\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-296=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-296=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-296=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.1_06-31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.1_06-31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:14:13", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation\n (bsc#1024834).\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004).\n\n - A malicious guest could have, by frequently rebooting\n over extended periods of time, run the host system out\n of memory, resulting in a Denial of Service (DoS)\n (bsc#1022871)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1015169\n\nThese non-security issues were fixed :\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES\n 11 SP3 \n\n - bsc#1002496: Added support for reloading clvm in\n block-dmmd block-dmmd\n\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 21, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-14T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2017-329)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "modified": "2017-03-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2017-329.NASL", "href": "https://www.tenable.com/plugins/nessus/97712", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-329.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97712);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-329)\");\n script_summary(english:\"Check for the openSUSE-2017-329 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation\n (bsc#1024834).\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004).\n\n - A malicious guest could have, by frequently rebooting\n over extended periods of time, run the host system out\n of memory, resulting in a Denial of Service (DoS)\n (bsc#1022871)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1015169\n\nThese non-security issues were fixed :\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES\n 11 SP3 \n\n - bsc#1002496: Added support for reloading clvm in\n block-dmmd block-dmmd\n\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024834\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-debugsource-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-devel-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-debuginfo-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-debuginfo-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.1_06-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.1_06-9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:05:42", "description": "The remote host is affected by the vulnerability described in GLSA-201701-49\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A privileged user/process within a guest QEMU environment can cause a\n Denial of Service condition against the QEMU guest process or the host.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-01-23T00:00:00", "title": "GLSA-201701-49 : QEMU: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-9908", "CVE-2016-9921", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9923"], "modified": "2017-01-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:qemu"], "id": "GENTOO_GLSA-201701-49.NASL", "href": "https://www.tenable.com/plugins/nessus/96684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-49.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96684);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-9101\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\", \"CVE-2016-9908\", \"CVE-2016-9911\", \"CVE-2016-9912\", \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9923\");\n script_xref(name:\"GLSA\", value:\"201701-49\");\n\n script_name(english:\"GLSA-201701-49 : QEMU: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-49\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A privileged user/process within a guest QEMU environment can cause a\n Denial of Service condition against the QEMU guest process or the host.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-49\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QEMU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.8.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu\", unaffected:make_list(\"ge 2.8.0\"), vulnerable:make_list(\"lt 2.8.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QEMU\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T07:01:07", "description": "According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is missing a security update. It is,\ntherefore, affected by an information disclosure vulnerability due to\na flaw in the x86 instruction CMPXCHG8B when handling prefixes. This\nis triggered because legacy operand size overrides are not properly\nignored. A guest attacker can exploit this issue to disclose\npotentially sensitive information from the hypervisor stack of the\nhost system.\n\nPlease note the following items :\n\n - Only x86 systems are affected. ARM systems are not\n affected.\n\n - On Xen version 4.6 and earlier, the vulnerability is\n exposed to all HVM guest user processes, including\n unprivileged processes.\n\n - On Xen version 4.7, the vulnerability is exposed only to\n HVM guest user processes granted a degree of privilege\n (e.g., direct hardware access) by the guest\n administrator, or else to all user processes when the VM\n has been explicitly configured with a non-default CPU\n vendor string (in xm/xl, this would be done with a\n 'cpuid=' domain config option).\n\nNote that Nessus has not tested for this vulnerability but has instead\nrelied only on the changeset versions based on the xen.git change log.\nNessus did not check guest hardware configurations or if patches were\napplied manually to the source code before a recompile and reinstall.", "edition": 29, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-02-02T00:00:00", "title": "Xen CMPXCHG8B Emulation Information Disclosure (XSA-200)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9932"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-200.NASL", "href": "https://www.tenable.com/plugins/nessus/96957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96957);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9932\");\n script_bugtraq_id(94863);\n\n script_name(english:\"Xen CMPXCHG8B Emulation Information Disclosure (XSA-200)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is missing a security update. It is,\ntherefore, affected by an information disclosure vulnerability due to\na flaw in the x86 instruction CMPXCHG8B when handling prefixes. This\nis triggered because legacy operand size overrides are not properly\nignored. A guest attacker can exploit this issue to disclose\npotentially sensitive information from the hypervisor stack of the\nhost system.\n\nPlease note the following items :\n\n - Only x86 systems are affected. ARM systems are not\n affected.\n\n - On Xen version 4.6 and earlier, the vulnerability is\n exposed to all HVM guest user processes, including\n unprivileged processes.\n\n - On Xen version 4.7, the vulnerability is exposed only to\n HVM guest user processes granted a degree of privilege\n (e.g., direct hardware access) by the guest\n administrator, or else to all user processes when the VM\n has been explicitly configured with a non-default CPU\n vendor string (in xm/xl, this would be done with a\n 'cpuid=' domain config option).\n\nNote that Nessus has not tested for this vulnerability but has instead\nrelied only on the changeset versions based on the xen.git change log.\nNessus did not check guest hardware configurations or if patches were\napplied manually to the source code before a recompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/xsa/advisory-200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9932\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.4']['fixed_ver'] = '4.4.4';\nfixes['4.4']['fixed_ver_display'] = '4.4.4 (changeset 619db7d)';\nfixes['4.4']['affected_ver_regex'] = '^4\\\\.4\\\\.';\nfixes['4.4']['affected_changesets'] = make_list(\"149c34a\", \"1c1bfc1\",\n \"6639a20\", \"14fa85a\", \"1827d52\", \"e8a46a2\", \"ed77368\", \"488b7d2\",\n \"dfddbf3\", \"2f3e08d\", \"fbe0fb4\", \"0fe7d69\", \"36a5a87\", \"27f0143\",\n \"ec5925c\", \"aea2669\", \"8ce712f\", \"45c1210\", \"a0b99ab\", \"9b2061d\",\n \"35fe0d6\", \"7e42cb6\", \"c1f9a26\", \"0eb5ef2\", \"98d7429\", \"2dbe363\",\n \"5f07492\", \"3534322\", \"6428217\", \"17d7046\", \"7bd50f1\", \"6f76ac2\",\n \"5519488\", \"04e831a\", \"9b7d6d2\", \"76a62af\", \"0006b20\", \"08a1d2b\",\n \"0b5c527\", \"6e86c87\", \"cbbb4d1\", \"e9c81e9\", \"01311b9\", \"09f9f79\",\n \"ab6f899\", \"6717d99\", \"5cf1b52\", \"24ebffa\", \"c2f8ab3\", \"0ae1e71\",\n \"83c5e46\", \"02426e9\", \"46b8f78\", \"ff87c9a\", \"a611ed5\");\n\nfixes['4.5']['fixed_ver'] = '4.5.5';\nfixes['4.5']['fixed_ver_display'] = '4.5.5 (changeset 37281bc)';\nfixes['4.5']['affected_ver_regex'] = '^4\\\\.5\\\\.';\nfixes['4.5']['affected_changesets'] = make_list(\"27be856\", \"bdf3ef1\",\n \"cc325c0\", \"8e7b84d\", \"387b8ae\", \"34fbae7\", \"1530da2\", \"274a1f6\",\n \"b679cfa\", \"877b760\", \"cfe165d\", \"84e4e56\", \"e4ae4b0\");\n\nfixes['4.6']['fixed_ver'] = '4.6.5';\nfixes['4.6']['fixed_ver_display'] = '4.6.5-pre (changeset ac699ed)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"57e3ac3\", \"7789292\",\n \"62add85\", \"22f70a3\", \"0ba9562\", \"7902dba\", \"5f85ab0\", \"7bd27ba\",\n \"514173d\", \"a4902ca\", \"c03035b\", \"e0fbb85\", \"fcab9d3\", \"46529a1\",\n \"ffda122\", \"805bb93\");\n\nfixes['4.7']['fixed_ver'] = '4.7.2';\nfixes['4.7']['fixed_ver_display'] = '4.7.2-pre (changeset e0ea04d)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"4be57d3\", \"e144f21\",\n \"0726cb5\", \"32282af\", \"cf21f0c\", \"a2d232d\", \"206fc70\", \"a6b0650\",\n \"98eaf9c\", \"1b65a34\", \"8ce2238\", \"2cd9fa0\", \"42bc34b\", \"e98e17e\",\n \"0561a33\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path);\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_NOTE);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2020-12-09T20:07:44", "description": "Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-29T22:59:00", "title": "CVE-2016-9914", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9914"], "modified": "2020-11-10T19:00:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.7.1"], "id": "CVE-2016-9914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9914", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:52", "description": "CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a \"supposedly-ignored\" operand size prefix.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-26T15:59:00", "title": "CVE-2016-9932", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9932"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:xen:xen:4.1.6", "cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.4.0", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:4.5.1", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.6.3", "cpe:/o:xen:xen:4.2.4", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:4.5.5", "cpe:/o:xen:xen:4.5.2", "cpe:/o:xen:xen:4.3.2", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.5.0", "cpe:/o:xen:xen:4.4.1", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.4.2", "cpe:/o:xen:xen:4.3.4", "cpe:/o:xen:xen:4.2.5", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.7.0", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:4.6.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.3.3", "cpe:/o:xen:xen:4.5.3", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:4.4.4", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.4.2", "cpe:/o:xen:xen:4.4.3"], "id": "CVE-2016-9932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9932", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:44", "description": "Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-29T22:59:00", "title": "CVE-2016-9913", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9913"], "modified": "2020-11-10T18:25:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/a:qemu:qemu:2.7.1"], "id": "CVE-2016-9913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9913", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:44", "description": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-29T22:59:00", "title": "CVE-2016-9915", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9915"], "modified": "2020-11-10T18:44:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.7.1"], "id": "CVE-2016-9915", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9915", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-15T13:19:58", "description": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.", "edition": 4, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-23T22:59:00", "title": "CVE-2016-9921", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9921"], "modified": "2020-12-14T20:05:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/a:redhat:openstack:7.0", "cpe:/a:redhat:openstack:9.0", "cpe:/a:redhat:openstack:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:redhat:openstack:8.0", "cpe:/a:redhat:openstack:11", "cpe:/a:qemu:qemu:2.7.1", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:redhat:openstack:10"], "id": "CVE-2016-9921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9921", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:52", "description": "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.", "edition": 3, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-02-27T22:59:00", "title": "CVE-2016-9815", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9815"], "modified": "2017-07-28T01:29:00", "cpe": ["cpe:/o:xen:xen:4.7.1", "cpe:/o:xen:xen:4.7.0"], "id": "CVE-2016-9815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9815", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:52", "description": "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.", "edition": 3, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-02-27T22:59:00", "title": "CVE-2016-9818", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9818"], "modified": "2017-07-28T01:29:00", "cpe": ["cpe:/o:xen:xen:4.7.1", "cpe:/o:xen:xen:4.7.0"], "id": "CVE-2016-9818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9818", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:44", "description": "The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-03-27T15:59:00", "title": "CVE-2016-9922", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9922"], "modified": "2020-11-10T18:55:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/a:qemu:qemu:2.7.1"], "id": "CVE-2016-9922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9922", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:52", "description": "Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.", "edition": 3, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-02-27T22:59:00", "title": "CVE-2016-9816", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9816"], "modified": "2017-07-28T01:29:00", "cpe": ["cpe:/o:xen:xen:4.7.1", "cpe:/o:xen:xen:4.7.0"], "id": "CVE-2016-9816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9816", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:52", "description": "The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.", "edition": 3, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-02-17T02:59:00", "title": "CVE-2016-9637", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9637"], "modified": "2018-02-08T02:29:00", "cpe": ["cpe:/a:citrix:xenserver:6.0.2", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:6.5", "cpe:/a:citrix:xenserver:6.2.0"], "id": "CVE-2016-9637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9637", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*"]}], "citrix": [{"lastseen": "2020-12-24T11:42:49", "bulletinFamily": "software", "cvelist": ["CVE-2016-9637"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A security vulnerability has been identified in Citrix XenServer that may allow malicious privileged-mode code running within an HVM guest VM to compromise the host.</p>\n<p>This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0.</p>\n<p>The following vulnerability has been addressed:</p>\n<ul>\n<li>CVE-2016-9637: QEMU ioport array overflow</li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with only PV guests are unaffected by this issue.<br/> <br/> Customers with HVM guests where the guest operating system and administrators are trusted are significantly less at risk from this issue.<br/> <br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>\n<ul>\n<li>Citrix XenServer 7.0: CTX219203 \u2013 <a href=\"https://support.citrix.com/article/CTX219203\">https://support.citrix.com/article/CTX219203</a></li>\n<li>Citrix XenServer 6.5 SP1: CTX219202 \u2013 <a href=\"https://support.citrix.com/article/CTX219202\">https://support.citrix.com/article/CTX219202</a></li>\n<li>Citrix XenServer 6.2 SP1: CTX219201 \u2013 <a href=\"https://support.citrix.com/article/CTX219201\">https://support.citrix.com/article/CTX219201</a></li>\n<li>Citrix XenServer 6.0.2 Common Criteria: CTX219200 \u2013 <a href=\"https://support.citrix.com/article/CTX219200\">https://support.citrix.com/article/CTX219200</a><br/> </li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td> </td>\n<td> </td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-08-15T04:00:00", "published": "2016-12-06T05:00:00", "id": "CTX219136", "href": "https://support.citrix.com/article/CTX219136", "type": "citrix", "title": "CVE-2016-9637 - Citrix XenServer Security Update", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-18T15:29:35", "bulletinFamily": "software", "cvelist": ["CVE-2016-9932", "CVE-2016-10025", "CVE-2016-10024"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of hypervisor memory and allow privileged-mode code running within a guest VM to hang or crash the host.</p>\n<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0.</p>\n<p>The following vulnerabilities have been addressed:</p>\n<ul>\n<li>CVE-2016-9932 (Low): x86 CMPXCHG8B emulation fails to ignore operand size override</li>\n<li>CVE-2016-10024 (Medium): x86 PV guests may be able to mask interrupts</li>\n<li>CVE-2016-10025 (Low): missing NULL pointer check in VMFUNC emulation<br/> </li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>The ability to read a small amount of hypervisor memory is restricted to privileged-mode code in all guests except on Citrix XenServer 6.2 SP1 and 6.0.2CC where the attack may also be performed from non-privileged mode code in HVM guest VMs.</p>\n<p>The ability for privileged-mode code in HVM guest VMs to crash the host is restricted to AMD systems running Citrix XenServer 7.0.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.0: CTX219498 \u2013 <a href=\"https://support.citrix.com/article/CTX219498\">https://support.citrix.com/article/CTX219498</a></p>\n<p>Citrix XenServer 6.5 SP1: CTX219499 \u2013 <a href=\"https://support.citrix.com/article/CTX219499\">https://support.citrix.com/article/CTX219499</a></p>\n<p>Citrix XenServer 6.2 SP1: CTX219500 \u2013 <a href=\"https://support.citrix.com/article/CTX219500\">https://support.citrix.com/article/CTX219500</a></p>\n<p>Citrix XenServer 6.0.2 Common Criteria: CTX219501 \u2013 <a href=\"https://support.citrix.com/article/CTX219501\">https://support.citrix.com/article/CTX219501</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td><b>Date </b></td>\n<td><b>Change</b></td>\n</tr>\n<tr>\n<td>21st December 2016</td>\n<td>Initial publishing</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2016-12-21T05:00:00", "published": "2016-12-21T05:00:00", "id": "CTX219378", "href": "https://support.citrix.com/article/CTX219378", "title": "Citrix XenServer Multiple Security Updates", "type": "citrix", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2017-01-01T02:13:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9378", "CVE-2016-9384", "CVE-2016-9932", "CVE-2016-9383", "CVE-2016-9815", "CVE-2016-9380", "CVE-2016-9816", "CVE-2016-9381", "CVE-2016-9382", "CVE-2016-10024", "CVE-2016-9379", "CVE-2016-9386", "CVE-2016-9385", "CVE-2016-9817", "CVE-2016-9377"], "edition": 1, "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on the host system, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.7.1-r4\"\n \n\nAll Xen Tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-tools-4.7.1-r4\"\n \n\nAll Xen PvGrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-pvgrub-4.7.1-r1\"", "modified": "2016-12-31T00:00:00", "published": "2016-12-31T00:00:00", "href": "https://security.gentoo.org/glsa/201612-56", "id": "GLSA-201612-56", "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-23T04:59:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-9908", "CVE-2016-9921", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9923"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA privileged user/process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.8.0\"", "modified": "2017-01-23T00:00:00", "published": "2017-01-23T00:00:00", "href": "https://security.gentoo.org/glsa/201701-49", "id": "GLSA-201701-49", "type": "gentoo", "title": "QEMU: Multiple vulnerabilities", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-12-16T01:28:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2016-9921", "CVE-2016-9911"], "description": "Package : qemu-kvm\nVersion : 1.1.2+dfsg-6+deb7u19\nCVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922\n\nMultiple vulnerabilities have been found in qemu-kvm:\n\nCVE-2016-9911\n\n qemu-kvm built with the USB EHCI Emulation support is vulnerable\n to a memory leakage issue. It could occur while processing packet\n data in &#x27;ehci_init_transfer&#x27;. A guest user/process could use this\n issue to leak host memory, resulting in DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\n qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is\n vulnerable to a divide by zero issue. It could occur while copying\n VGA data when cirrus graphics mode was set to be VGA. A privileged\n user inside guest could use this flaw to crash the Qemu process\n instance on the host, resulting in DoS.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 4, "modified": "2016-12-26T13:50:55", "published": "2016-12-26T13:50:55", "id": "DEBIAN:DLA-765-1:ABFD9", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201612/msg00041.html", "title": "[SECURITY] [DLA 765-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-15T13:26:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2016-9921", "CVE-2016-9911"], "description": "Package : qemu\nVersion : 1.1.2+dfsg-6+deb7u19\nCVE ID : CVE-2016-9911 CVE-2016-9921 CVE-2016-9922\n\nMultiple vulnerabilities have been found in QEMU:\n\nCVE-2016-9911\n\n Quick Emulator (Qemu) built with the USB EHCI Emulation support\n is vulnerable to a memory leakage issue. It could occur while\n processing packet data in &#x27;ehci_init_transfer&#x27;. A guest user/\n process could use this issue to leak host memory, resulting in\n DoS for a host.\n\nCVE-2016-9921, CVE-2016-9922\n\n Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator\n support is vulnerable to a divide by zero issue. It could occur\n while copying VGA data when cirrus graphics mode was set to be\n VGA. A privileged user inside guest could use this flaw to crash\n the Qemu process instance on the host, resulting in DoS.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.1.2+dfsg-6+deb7u19.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 4, "modified": "2016-12-26T13:50:50", "published": "2016-12-26T13:50:50", "id": "DEBIAN:DLA-764-1:07A0F", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201612/msg00040.html", "title": "[SECURITY] [DLA 764-1] qemu security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T01:02:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9932", "CVE-2016-10013", "CVE-2016-10024", "CVE-2017-7228"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3847-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 09, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024\n CVE-2017-7228 \n\nJan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen\nhypervisor, which may lead to privilege escalation, guest-to-host\nbreakout, denial of service or information leaks.\n\nIn additional to the CVE identifiers listed above, this update also\naddresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u9.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.8.1-1+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.8.1-1+deb9u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-05-09T20:53:05", "published": "2017-05-09T20:53:05", "id": "DEBIAN:DSA-3847-1:1358E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00106.html", "title": "[SECURITY] [DSA 3847-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7995", "CVE-2016-9932", "CVE-2017-8905", "CVE-2017-8904", "CVE-2017-8903"], "description": "Package : xen\nVersion : 4.1.6.lts1-8\nCVE ID : CVE-2016-9932 CVE-2017-7995 CVE-2017-8903 CVE-2017-8904 \n CVE-2017-8905\n\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2016-9932 (XSA-200)\n\n CMPXCHG8B emulation allows local HVM guest OS users to obtain sensitive\n information from host stack memory.\n\nCVE-2017-7995\n\n Description\n Xen checks access permissions to MMIO ranges only after accessing them,\n allowing host PCI device space memory reads.\n\nCVE-2017-8903 (XSA-213)\n\n Xen mishandles page tables after an IRET hypercall which can lead to\n arbitrary code execution on the host OS. The vulnerability is only exposed\n to 64-bit PV guests.\n\nCVE-2017-8904 (XSA-214)\n\n Xen mishandles the &quot;contains segment descriptors&quot; property during\n GNTTABOP_transfer. This might allow PV guest OS users to execute arbitrary\n code on the host OS.\n\nCVE-2017-8905 (XSA-215)\n\n Xen mishandles a failsafe callback which might allow PV guest OS users to\n execute arbitrary code on the host OS.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.1.6.lts1-8.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-06-01T09:15:38", "published": "2017-06-01T09:15:38", "id": "DEBIAN:DLA-964-1:19E02", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201706/msg00000.html", "title": "[SECURITY] [DLA 964-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637", "CVE-2017-15590", "CVE-2017-2620", "CVE-2016-9603"], "description": "Package : xen\nVersion : 4.1.6.lts1-12\nCVE ID : CVE-2016-9603 CVE-2016-9637 CVE-2017-2620\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in privilege escalation.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.1.6.lts1-12.\n\nWe recommend that you upgrade your xen packages.\n\nPlease note that CVE-2017-15590 (XSA-237) will *not* be fixed in wheezy as\nthe patches are too intrusive to backport.\nThe vulnerability can be mitigated by not passing through physical devices\nto untrusted guests.\nMore information can be found on https://xenbits.xen.org/xsa/advisory-237.html\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-02-06T12:35:37", "published": "2018-02-06T12:35:37", "id": "DEBIAN:DLA-1270-1:33BEE", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201802/msg00005.html", "title": "[SECURITY] [DLA 1270-1] xen security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-02-27T19:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation\n (bsc#1024834).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\n", "modified": "2017-02-27T18:13:48", "published": "2017-02-27T18:13:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00046.html", "id": "SUSE-SU-2017:0571-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-11T15:11:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation\n (bsc#1024834).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-03-11T15:07:34", "published": "2017-03-11T15:07:34", "id": "OPENSUSE-SU-2017:0665-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-17T11:16:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2016-9932", "CVE-2016-10013", "CVE-2017-2615", "CVE-2016-10024", "CVE-2016-9921", "CVE-2017-2620", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain\n privileges by leveraging mishandling of SYSCALL singlestep during\n emulation (bsc#1016340).\n - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM\n guest OS users to obtain sensitive information from host stack memory\n via a &quot;supposedly-ignored&quot; operand size prefix (bsc#1012651).\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators\n to cause a denial of service (host hang or crash) by modifying the\n instruction stream asynchronously while performing certain kernel\n operations (bsc#1014298)\n\n This non-security issue was fixed:\n\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-03-17T12:10:10", "published": "2017-03-17T12:10:10", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00013.html", "id": "SUSE-SU-2017:0718-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-13T20:59:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-9922", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-9103", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9102"], "edition": 1, "description": "qemu was updated to fix several issues.\n\n These security issues were fixed:\n\n - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in\n hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial\n of service (memory consumption and QEMU process crash) via a large\n number of Txattrcreate messages with the same fid number (bsc#1014256).\n - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed\n local guest OS administrators to obtain sensitive host heap memory\n information by reading xattribute values writing to them (bsc#1007454).\n - CVE-2016-9381: Improper processing of shared rings allowing guest\n administrators take over the qemu process, elevating their privilege to\n that of the qemu process (bsc#1009109)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285).\n - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could\n have used this flaw to leak contents of the host memory (bsc#1013767).\n - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while updating the cursor data in\n update_cursor_data_virgl. A guest user/process could have used this flaw\n to leak host memory bytes, resulting in DoS for the host (bsc#1013764).\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109).\n - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have\n used this flaw to leak contents of the host memory (bsc#1014514).\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111).\n - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while destroying gpu resource object in\n 'virtio_gpu_resource_destroy'. A guest user/process could have used this\n flaw to leak host memory bytes, resulting in DoS for the host\n (bsc#1014112).\n - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its\n '9p-handle' or '9p-proxy' backend drivers. A privileged user inside\n guest could have used this flaw to leak host memory, thus affecting\n other services on the host and/or potentially crash the Qemu process on\n the host (bsc#1014110).\n\n These non-security issues were fixed:\n\n - Fixed uint64 property parsing and add regression tests (bsc#937125)\n - Added a man page for kvm_stat\n - Fix crash in vte (bsc#1008519)\n - Various upstream commits targeted towards stable releases (bsc#1013341)\n\n", "modified": "2017-01-13T20:10:25", "published": "2017-01-13T20:10:25", "id": "SUSE-SU-2017:0127-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00017.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-01-18T12:59:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-9922", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-9103", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9102"], "edition": 1, "description": "qemu was updated to fix several issues.\n\n These security issues were fixed:\n\n - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in\n hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial\n of service (memory consumption and QEMU process crash) via a large\n number of Txattrcreate messages with the same fid number (bsc#1014256).\n - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed\n local guest OS administrators to obtain sensitive host heap memory\n information by reading xattribute values writing to them (bsc#1007454).\n - CVE-2016-9381: Improper processing of shared rings allowing guest\n administrators take over the qemu process, elevating their privilege to\n that of the qemu process (bsc#1009109)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285).\n - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could\n have used this flaw to leak contents of the host memory (bsc#1013767).\n - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while updating the cursor data in\n update_cursor_data_virgl. A guest user/process could have used this flaw\n to leak host memory bytes, resulting in DoS for the host (bsc#1013764).\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109).\n - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to\n an information leakage issue while processing the\n 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have\n used this flaw to leak contents of the host memory (bsc#1014514).\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111).\n - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue while destroying gpu resource object in\n 'virtio_gpu_resource_destroy'. A guest user/process could have used this\n flaw to leak host memory bytes, resulting in DoS for the host\n (bsc#1014112).\n - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its\n '9p-handle' or '9p-proxy' backend drivers. A privileged user inside\n guest could have used this flaw to leak host memory, thus affecting\n other services on the host and/or potentially crash the Qemu process on\n the host (bsc#1014110).\n\n These non-security issues were fixed:\n\n - Fixed uint64 property parsing and add regression tests (bsc#937125)\n - Added a man page for kvm_stat\n - Fix crash in vte (bsc#1008519)\n - Various upstream commits targeted towards stable releases (bsc#1013341)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-01-18T12:09:49", "published": "2017-01-18T12:09:49", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00032.html", "id": "OPENSUSE-SU-2017:0194-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-12-22T18:04:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9932", "CVE-2016-10013", "CVE-2016-10024"], "edition": 1, "description": "This update for xen fixes the following issues:\n\n - A Mishandling of SYSCALL singlestep during emulation which could have\n lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013)\n - CMPXCHG8B emulation failed to ignore operand size override which could\n have lead to information disclosure. (XSA-200, bsc#1012651,\n CVE-2016-9932)\n - PV guests may have been able to mask interrupts causing a Denial of\n Service. (XSA-202, bsc#1014298, CVE-2016-10024)\n\n", "modified": "2016-12-22T16:07:39", "published": "2016-12-22T16:07:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00086.html", "id": "SUSE-SU-2016:3241-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-21T22:05:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9932", "CVE-2016-10013", "CVE-2016-10024"], "edition": 1, "description": "This update for xen fixes the following issues:\n\n - A Mishandling of SYSCALL singlestep during emulation which could have\n lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013)\n - CMPXCHG8B emulation failed to ignore operand size override which could\n have lead to information disclosure. (XSA-200, bsc#1012651,\n CVE-2016-9932)\n - PV guests may have been able to mask interrupts causing a Denial of\n Service. (XSA-202, bsc#1014298, CVE-2016-10024)\n\n", "modified": "2016-12-21T19:08:18", "published": "2016-12-21T19:08:18", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00078.html", "id": "SUSE-SU-2016:3207-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-22T02:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9932", "CVE-2016-10013", "CVE-2016-10024"], "edition": 1, "description": "This update for xen fixes the following issues:\n\n - A Mishandling of SYSCALL singlestep during emulation which could have\n lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013)\n - CMPXCHG8B emulation failed to ignore operand size override which could\n have lead to information disclosure. (XSA-200, bsc#1012651,\n CVE-2016-9932)\n - PV guests may have been able to mask interrupts causing a Denial of\n Service. (XSA-202, bsc#1014298, CVE-2016-10024)\n\n", "modified": "2016-12-22T01:08:46", "published": "2016-12-22T01:08:46", "id": "SUSE-SU-2016:3221-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00082.html", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-04-28T19:19:08", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "description": "This update for kvm fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "edition": 1, "modified": "2017-04-28T21:11:21", "published": "2017-04-28T21:11:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00035.html", "id": "SUSE-SU-2017:1135-1", "title": "Security update for kvm (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-03-10T21:11:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The i6300esb watchdog emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n leak memory on the host resulting in DoS (bnc#1021129)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "modified": "2017-03-10T21:09:01", "published": "2017-03-10T21:09:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00007.html", "id": "SUSE-SU-2017:0661-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9932"], "description": "\nThe Xen Project reports:\n\nThe x86 instruction CMPXCHG8B is supposed to ignore legacy operand\n\t size overrides; it only honors the REX.W override (making it\n\t CMPXCHG16B). So, the operand size is always 8 or 16. When support\n\t for CMPXCHG16B emulation was added to the instruction emulator,\n\t this restriction on the set of possible operand sizes was relied on\n\t in some parts of the emulation; but a wrong, fully general, operand\n\t size value was used for other parts of the emulation. As a result,\n\t if a guest uses a supposedly-ignored operand size prefix, a small\n\t amount of hypervisor stack data is leaked to the guests: a 96 bit\n\t leak to guests running in 64-bit mode; or, a 32 bit leak to other\n\t guests.\nA malicious unprivileged guest may be able to obtain sensitive\n\t information from the host.\n\n", "edition": 5, "modified": "2016-12-13T00:00:00", "published": "2016-12-13T00:00:00", "id": "80A897A2-C1A6-11E6-AE1B-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/80a897a2-c1a6-11e6-ae1b-002590263bf5.html", "title": "xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "xen": [{"lastseen": "2016-12-13T14:02:30", "bulletinFamily": "software", "cvelist": ["CVE-2016-9932"], "edition": 1, "description": "#### ISSUE DESCRIPTION\nThe x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override (making it CMPXCHG16B). So, the operand size is always 8 or 16.\nWhen support for CMPXCHG16B emulation was added to the instruction emulator, this restriction on the set of possible operand sizes was relied on in some parts of the emulation; but a wrong, fully general, operand size value was used for other parts of the emulation.\nAs a result, if a guest uses a supposedly-ignored operand size prefix, a small amount of hypervisor stack data is leaked to the guests: a 96 bit leak to guests running in 64-bit mode; or, a 32 bit leak to other guests.\n#### IMPACT\nA malicious unprivileged guest may be able to obtain sensitive information from the host.\n#### VULNERABLE SYSTEMS\nXen versions 3.3 through 4.7 are affected. Xen master and Xen 4.8 as well as Xen versions 3.2 and earlier are not affected.\nOnly x86 systems are affected. ARM systems are not affected.\nOn Xen 4.6 and earlier the vulnerability is exposed to all HVM guest user processes, including unprivileged processes.\nOn Xen 4.7, the vulnerability is exposed only to HVM guest user processes granted a degree of privilege (such as direct hardware access) by the guest administrator; or, to all user processes when the VM has been explicitly configured with a non-default cpu vendor string (in xm/xl, this would be done with a `cpuid=&#39; domain config option).\n", "modified": "2016-12-13T13:07:00", "published": "2016-12-13T12:00:00", "id": "XSA-200", "href": "http://xenbits.xen.org/xsa/advisory-200.html", "title": "x86 CMPXCHG8B emulation fails to ignore operand size override", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-06T13:30:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-9637"], "edition": 1, "description": "#### ISSUE DESCRIPTION\nThe code in qemu which implements ioport read/write looks up the specified ioport address in a dispatch table. The argument to the dispatch function is a uint32_t, and is used without a range check, even though the table has entries for only 2^16 ioports.\nWhen qemu is used as a standalone emulator, ioport accesses are generated only from cpu instructions emulated by qemu, and are therefore necessarily 16-bit, so there is no vulnerability.\nWhen qemu is used as a device model within Xen, io requests are generated by the hypervisor and read by qemu from a shared ring. The entries in this ring use a common structure, including a 64-bit address field, for various accesses, including ioport addresses.\nXen will write only 16-bit address ioport accesses. However, depending on the Xen and qemu version, the ring may be writeable by the guest. If so, the guest can generate out-of-range ioport accesses, resulting in wild pointer accesses within qemu.\n #### IMPACT\nA malicious guest administrator can escalate their privilege to that of the qemu process.\n #### VULNERABLE SYSTEMS\nPV guests cannot exploit the vulnerability.\nARM systems are not vulnerable.\nHVM domains run with QEMU stub domains cannot exploit the vulnerability. (A QEMU stub domain is used if xl&#39;s domain configuration file contains &quot;device_model_stubdomain_override=1&quot;.)\nGuests using the modern &quot;qemu-xen&quot; device model, with a qemu version of at least 1.6.0 (for example, as provided by the Xen Project in its Xen 4.4.0 and later releases), cannot exploit the vulnerability.\nx86 HVM guests, not configured with qemu stub domains, using a version of qemu older than qemu upstream 1.6.0, can exploit the vulnerability.\nx86 HVM guests using the traditional &quot;qemu-xen-traditional&quot;, not configured with qemu stub domains, can therefore exploit the vulnerability.\nIn tabular form:\n Guest Xen QEMU QEMU &quot;traditional&quot; Status type version stub and/or qemu version\n ARM any n/a n/a any OK x86 PV any n/a n/a any OK\n x86 HVM any yes qemu-xen-traditional OK\n x86 HVM any no qemu-xen* &gt;= 1.6.0 OK x86 HVM &gt;= 4.4 no qemu-xen* Xen supplied OK\n x86 HVM any no qemu-xen* &lt; 1.6.0 Vulnerable x86 HVM &lt;= 4.3 no qemu-xen* Xen supplied Vulnerable\n x86 HVM any no qemu-xen-traditional Vulnerable\n[*] qemu-xen is the default when qemu stub domains are not in use, since Xen 4.3.\n ", "modified": "2016-12-06T12:11:00", "published": "2016-12-06T12:00:00", "href": "http://xenbits.xen.org/xsa/advisory-199.html", "id": "XSA-199", "type": "xen", "title": "qemu ioport array overflow", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2020-12-08T03:39:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637"], "description": "**CentOS Errata and Security Advisory** CESA-2016:2963\n\n\nXen is a virtual machine monitor\n\nSecurity Fix(es):\n\n* An out of bounds array access issue was found in the Xen virtual machine\nmonitor, built with the QEMU ioport support. It could occur while doing ioport\nread/write operations, if guest was to supply a 32bit address parameter. A\nprivileged guest user/process could use this flaw to potentially escalate their\nprivileges on a host. (CVE-2016-9637)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-December/034219.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2963.html", "edition": 4, "modified": "2016-12-20T16:58:37", "published": "2016-12-20T16:58:37", "href": "http://lists.centos.org/pipermail/centos-announce/2016-December/034219.html", "id": "CESA-2016:2963", "title": "xen security update", "type": "centos", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637"], "description": "[3.0.3-148.el5_11]\n- xen-qemu-ioport-array-overflow.patch [bz#1401521]\n- Resolves: bz#1401521\n (CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) [rhel-5.11.z])", "edition": 4, "modified": "2016-12-20T00:00:00", "published": "2016-12-20T00:00:00", "id": "ELSA-2016-2963", "href": "http://linux.oracle.com/errata/ELSA-2016-2963.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9637"], "description": "Xen is a virtual machine monitor\n\nSecurity Fix(es):\n\n* An out of bounds array access issue was found in the Xen virtual machine\nmonitor, built with the QEMU ioport support. It could occur while doing ioport\nread/write operations, if guest was to supply a 32bit address parameter. A\nprivileged guest user/process could use this flaw to potentially escalate their\nprivileges on a host. (CVE-2016-9637)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n", "modified": "2017-09-08T12:18:10", "published": "2016-12-20T05:00:00", "id": "RHSA-2016:2963", "href": "https://access.redhat.com/errata/RHSA-2016:2963", "type": "redhat", "title": "(RHSA-2016:2963) Important: xen security update", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "description": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU \ndevice. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used \nwith Xen. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory \nsharing. A privileged attacker inside the guest could use this issue to \naccess files on the host file system outside of the shared directory and \npossibly escalate their privileges. In the default installation, when QEMU \nis used with libvirt, attackers would be isolated by the libvirt AppArmor \nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA \ndevice when being used with a VNC connection. A privileged attacker inside \nthe guest could use this issue to cause QEMU to crash, resulting in a \ndenial of service, or possibly execute arbitrary code on the host. In the \ndefault installation, when QEMU is used with libvirt, attackers would be \nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to leak \ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and \nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, \nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, \nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly \nhandled the Cirrus VGA device. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus \nVGA device. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service, or possibly execute arbitrary code \non the host. In the default installation, when QEMU is used with libvirt, \nattackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI \ndevice emulation. A privileged attacker inside the guest could use this \nissue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)", "edition": 6, "modified": "2017-04-20T00:00:00", "published": "2017-04-20T00:00:00", "id": "USN-3261-1", "href": "https://ubuntu.com/security/notices/USN-3261-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}