ID FEDORA:D5E626091F4D Type fedora Reporter Fedora Modified 2017-03-21T16:52:35
Description
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use.
{"id": "FEDORA:D5E626091F4D", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 24 Update: qemu-2.6.2-7.fc24", "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "published": "2017-03-21T16:52:35", "modified": "2017-03-21T16:52:35", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-10155", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5987", "CVE-2017-6505"], "lastseen": "2020-12-21T08:17:54", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2017-D4EE7018C1.NASL", "GENTOO_GLSA-201702-28.NASL", "SUSE_SU-2017-0661-1.NASL", "FEDORA_2017-62AC1230F7.NASL", "FEDORA_2017-CDB53B04E0.NASL", "OPENSUSE-2017-349.NASL", "OPENSUSE-2017-589.NASL", "FEDORA_2017-31B976672B.NASL", "SUSE_SU-2017-0625-1.NASL", "SUSE_SU-2017-1241-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872516", "OPENVAS:1361412562310882671", "OPENVAS:1361412562311220171038", "OPENVAS:1361412562310890842", "OPENVAS:1361412562310872351", "OPENVAS:1361412562310872417", "OPENVAS:1361412562310890845", "OPENVAS:1361412562310851524", "OPENVAS:1361412562310872501", "OPENVAS:1361412562310843132"]}, {"type": "fedora", "idList": ["FEDORA:A1E1B65DB1E6", "FEDORA:A90CC6177DA2", "FEDORA:1ABE36048149"]}, {"type": "gentoo", "idList": ["GLSA-201702-28", "GLSA-201704-01"]}, {"type": "suse", "idList": ["SUSE-SU-2017:0647-1", "SUSE-SU-2017:0661-1", "OPENSUSE-SU-2017:0665-1", "SUSE-SU-2017:0571-1", "SUSE-SU-2017:0570-1", "SUSE-SU-2017:1241-1", "SUSE-SU-2017:0625-1", "SUSE-SU-2017:0582-1", "OPENSUSE-SU-2017:0707-1", "SUSE-SU-2017:1135-1"]}, {"type": "cve", "idList": ["CVE-2017-5552", "CVE-2017-5898", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5526", "CVE-2017-5987", "CVE-2016-10155", "CVE-2017-6505", "CVE-2017-5525", "CVE-2017-5667"]}, {"type": "f5", "idList": ["F5:K41242221"]}, {"type": "debian", "idList": ["DEBIAN:DLA-842-1:6B5AC", "DEBIAN:DLA-845-1:D7636"]}, {"type": "ubuntu", "idList": ["USN-3261-1"]}, {"type": "centos", "idList": ["CESA-2017:0396", "CESA-2017:0454"]}, {"type": "citrix", "idList": ["CTX220771"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0454", "ELSA-2017-1856", "ELSA-2017-0396"]}, {"type": "redhat", "idList": ["RHSA-2017:0328", "RHSA-2017:0396", "RHSA-2017:0334", "RHSA-2017:0350", "RHSA-2017:0333", "RHSA-2017:0330", "RHSA-2017:0329", "RHSA-2017:0332", "RHSA-2017:0331", "RHSA-2017:0454"]}], "modified": "2020-12-21T08:17:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2020-12-21T08:17:54", "rev": 2}, "vulnersScore": 5.8}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "24", "arch": "any", "packageName": "qemu", "packageVersion": "2.6.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"nessus": [{"lastseen": "2021-01-07T10:11:23", "description": " - CVE-2017-5525: audio: memory leakage in ac97 (bz\n #1414110)\n\n - CVE-2017-5526: audio: memory leakage in es1370 (bz\n #1414210)\n\n - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz\n #1415200)\n\n - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz\n #1415283)\n\n - CVE-2017-5667: sd: sdhci OOB access during multi block\n transfer (bz #1417560)\n\n - CVE-2017-5857: virtio-gpu-3d: host memory leakage in\n virgl_cmd_resource_unref (bz #1418383)\n\n - CVE-2017-5856: scsi: megasas: memory leakage (bz\n #1418344)\n\n - CVE-2017-5898: usb: integer overflow in\n emulated_apdu_from_guest (bz #1419700)\n\n - CVE-2017-5987: sd: infinite loop issue in multi block\n transfers (bz #1422001)\n\n - CVE-2017-6505: usb: an infinite loop issue in\n ohci_service_ed_list (bz #1429434)\n\n - CVE-2017-2615: cirrus: oob access while doing bitblt\n copy backward (bz #1418206)\n\n - CVE-2017-2620: cirrus: potential arbitrary code\n execution (bz #1425419)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 22, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-22T00:00:00", "title": "Fedora 24 : 2:qemu (2017-62ac1230f7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2017-5857"], "modified": "2017-03-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:qemu", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-62AC1230F7.NASL", "href": "https://www.tenable.com/plugins/nessus/97865", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-62ac1230f7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97865);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5987\", \"CVE-2017-6505\");\n script_xref(name:\"FEDORA\", value:\"2017-62ac1230f7\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Fedora 24 : 2:qemu (2017-62ac1230f7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2017-5525: audio: memory leakage in ac97 (bz\n #1414110)\n\n - CVE-2017-5526: audio: memory leakage in es1370 (bz\n #1414210)\n\n - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz\n #1415200)\n\n - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz\n #1415283)\n\n - CVE-2017-5667: sd: sdhci OOB access during multi block\n transfer (bz #1417560)\n\n - CVE-2017-5857: virtio-gpu-3d: host memory leakage in\n virgl_cmd_resource_unref (bz #1418383)\n\n - CVE-2017-5856: scsi: megasas: memory leakage (bz\n #1418344)\n\n - CVE-2017-5898: usb: integer overflow in\n emulated_apdu_from_guest (bz #1419700)\n\n - CVE-2017-5987: sd: infinite loop issue in multi block\n transfers (bz #1422001)\n\n - CVE-2017-6505: usb: an infinite loop issue in\n ohci_service_ed_list (bz #1429434)\n\n - CVE-2017-2615: cirrus: oob access while doing bitblt\n copy backward (bz #1418206)\n\n - CVE-2017-2620: cirrus: potential arbitrary code\n execution (bz #1425419)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-62ac1230f7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"qemu-2.6.2-7.fc24\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:15:48", "description": " - CVE-2016-7907: net: imx: infinite loop (bz #1381182)\n\n - CVE-2017-5525: audio: memory leakage in ac97 (bz\n #1414110)\n\n - CVE-2017-5526: audio: memory leakage in es1370 (bz\n #1414210)\n\n - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz\n #1415200)\n\n - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz\n #1415283)\n\n - CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797)\n\n - CVE-2017-5667: sd: sdhci OOB access during multi block\n transfer (bz #1417560)\n\n - CVE-2017-5856: scsi: megasas: memory leakage (bz\n #1418344)\n\n - CVE-2017-5857: virtio-gpu-3d: host memory leakage in\n virgl_cmd_resource_unref (bz #1418383)\n\n - CVE-2017-5898: usb: integer overflow in\n emulated_apdu_from_guest (bz #1419700)\n\n - CVE-2017-5987: sd: infinite loop issue in multi block\n transfers (bz #1422001)\n\n - CVE-2017-6058: vmxnet3: OOB access when doing vlan\n stripping (bz #1423359)\n\n - CVE-2017-6505: usb: an infinite loop issue in\n ohci_service_ed_list (bz #1429434)\n\n - CVE-2017-2615: cirrus: oob access while doing bitblt\n copy backward (bz #1418206)\n\n - CVE-2017-2620: cirrus: potential arbitrary code\n execution (bz #1425419)\n\n - Fix spice GL with new mesa/libglvnd (bz #1431905)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 25, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "title": "Fedora 25 : 2:qemu (2017-31b976672b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2016-7907", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-6058", "CVE-2017-5857"], "modified": "2017-03-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:qemu", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-31B976672B.NASL", "href": "https://www.tenable.com/plugins/nessus/97804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-31b976672b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97804);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2016-7907\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5987\", \"CVE-2017-6058\", \"CVE-2017-6505\");\n script_xref(name:\"FEDORA\", value:\"2017-31b976672b\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Fedora 25 : 2:qemu (2017-31b976672b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2016-7907: net: imx: infinite loop (bz #1381182)\n\n - CVE-2017-5525: audio: memory leakage in ac97 (bz\n #1414110)\n\n - CVE-2017-5526: audio: memory leakage in es1370 (bz\n #1414210)\n\n - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz\n #1415200)\n\n - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz\n #1415283)\n\n - CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797)\n\n - CVE-2017-5667: sd: sdhci OOB access during multi block\n transfer (bz #1417560)\n\n - CVE-2017-5856: scsi: megasas: memory leakage (bz\n #1418344)\n\n - CVE-2017-5857: virtio-gpu-3d: host memory leakage in\n virgl_cmd_resource_unref (bz #1418383)\n\n - CVE-2017-5898: usb: integer overflow in\n emulated_apdu_from_guest (bz #1419700)\n\n - CVE-2017-5987: sd: infinite loop issue in multi block\n transfers (bz #1422001)\n\n - CVE-2017-6058: vmxnet3: OOB access when doing vlan\n stripping (bz #1423359)\n\n - CVE-2017-6505: usb: an infinite loop issue in\n ohci_service_ed_list (bz #1429434)\n\n - CVE-2017-2615: cirrus: oob access while doing bitblt\n copy backward (bz #1418206)\n\n - CVE-2017-2620: cirrus: potential arbitrary code\n execution (bz #1425419)\n\n - Fix spice GL with new mesa/libglvnd (bz #1431905)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-31b976672b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"qemu-2.7.1-4.fc25\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:05:51", "description": "The remote host is affected by the vulnerability described in GLSA-201702-28\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could potentially execute arbitrary code with\n privileges of QEMU process on the host, gain privileges on the host\n system, cause a Denial of Service condition, or obtain sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 35, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "title": "GLSA-201702-28 : QEMU: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5525", "CVE-2017-5579", "CVE-2017-5898", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5931", "CVE-2017-5857"], "modified": "2017-02-21T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:qemu"], "id": "GENTOO_GLSA-201702-28.NASL", "href": "https://www.tenable.com/plugins/nessus/97271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-28.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97271);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2017-2615\", \"CVE-2017-5525\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5931\");\n script_xref(name:\"GLSA\", value:\"201702-28\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"GLSA-201702-28 : QEMU: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-28\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could potentially execute arbitrary code with\n privileges of QEMU process on the host, gain privileges on the host\n system, cause a Denial of Service condition, or obtain sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QEMU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.8.0-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu\", unaffected:make_list(\"ge 2.8.0-r1\"), vulnerable:make_list(\"lt 2.8.0-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QEMU\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:36:54", "description": "This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow flaw allowing a\n privileged user to crash the Qemu process on the host\n resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support\n was vulnerable to a host memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021481).\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589).\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491).\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541).\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThese non-security issues were fixed :\n\n - Fix name of s390x specific sysctl configuration file to\n end with .conf (bsc#1026583)\n\n - XHCI fixes (bsc#977027)\n\n - Fixed rare race during s390x guest reboot\n\n - Fixed various inaccuracies in cirrus vga device\n emulation\n\n - Fixed cause of infrequent migration failures from bad\n virtio device state (bsc#1020928)\n\n - Fixed graphical update errors introduced by previous\n security fix (bsc#1016779)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 22, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-17T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2017-349)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "modified": "2017-03-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2017-349.NASL", "href": "https://www.tenable.com/plugins/nessus/97791", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-349.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97791);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2017-349)\");\n script_summary(english:\"Check for the openSUSE-2017-349 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow flaw allowing a\n privileged user to crash the Qemu process on the host\n resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support\n was vulnerable to a host memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021481).\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589).\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491).\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541).\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThese non-security issues were fixed :\n\n - Fix name of s390x specific sysctl configuration file to\n end with .conf (bsc#1026583)\n\n - XHCI fixes (bsc#977027)\n\n - Fixed rare race during s390x guest reboot\n\n - Fixed various inaccuracies in cirrus vga device\n emulation\n\n - Fixed cause of infrequent migration failures from bad\n virtio device state (bsc#1020928)\n\n - Fixed graphical update errors introduced by previous\n security fix (bsc#1016779)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977027\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-debugsource-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ipxe-1.0.0-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-kvm-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-lang-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-2.6.2-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debuginfo-2.6.2-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debugsource-2.6.2-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-seabios-1.9.1-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-sgabios-8-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-testsuite-2.6.2-29.8\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-vgabios-1.9.1-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-debuginfo-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:25:33", "description": "This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow flaw allowing a\n privileged user to crash the Qemu process on the host\n resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support\n was vulnerable to a host memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021481).\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589).\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491).\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541).\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 39, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-08T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "modified": "2017-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2017-0625-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0625-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97599);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow flaw allowing a\n privileged user to crash the Qemu process on the host\n resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support\n was vulnerable to a host memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support\n was vulnerable to an OOB read issue allowing a guest\n user to crash the Qemu process instance resulting in Dos\n (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support\n was vulnerable to an out of bounds memory access issue\n allowing a guest user to crash the Qemu process instance\n on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support\n was vulnerable to a memory leakage issue allowing a\n guest user to leak host memory resulting in DoS\n (bsc#1021481).\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589).\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491).\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541).\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10028/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5856/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5857/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5898/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170625-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?820cfde9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-336=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-336=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-336=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-lang-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-kvm-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-kvm-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.6.2-41.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:25:44", "description": "This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589)\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 36, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-05-12T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "modified": "2017-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2017-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1241-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100149);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5898\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589)\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9776/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9907/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5856/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5898/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171241-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed181d50\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-740=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-740=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-debugsource-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-lang-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-kvm-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-kvm-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-tools-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.3.1-32.11\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-2.3.1-32.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:37:53", "description": "This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589)\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThese non-security issues were fixed :\n\n - Fix post script for qemu-guest-agent rpm to actually\n activate the guest agent at rpm install time\n\n - Fixed various inaccuracies in cirrus vga device\n emulation\n\n - Fixed cause of infrequent migration failures from bad\n virtio device state (bsc#1020928)\n\n - Fixed virtio interface failure (bsc#1015048)\n\n - Fixed graphical update errors introduced by previous\n security fix (bsc#1016779)\n\n - Fixed uint64 property parsing and add regression tests\n (bsc#937125)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 22, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-05-17T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2017-589)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "modified": "2017-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-ppc", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2017-589.NASL", "href": "https://www.tenable.com/plugins/nessus/100232", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-589.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100232);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5898\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2017-589)\");\n script_summary(english:\"Check for the openSUSE-2017-589 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-10155: The virtual hardware watchdog\n 'wdt_i6300esb' was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021129)\n\n - CVE-2017-5526: The ES1370 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020589)\n\n - CVE-2017-5525: The ac97 audio device emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1020491)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\nThese non-security issues were fixed :\n\n - Fix post script for qemu-guest-agent rpm to actually\n activate the guest agent at rpm install time\n\n - Fixed various inaccuracies in cirrus vga device\n emulation\n\n - Fixed cause of infrequent migration failures from bad\n virtio device state (bsc#1020928)\n\n - Fixed virtio interface failure (bsc#1015048)\n\n - Fixed graphical update errors introduced by previous\n security fix (bsc#1016779)\n\n - Fixed uint64 property parsing and add regression tests\n (bsc#937125)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937125\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-arm-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-arm-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-block-curl-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-block-curl-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-debugsource-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-extra-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-extra-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-guest-agent-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-guest-agent-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-ipxe-1.0.0-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-kvm-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-lang-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-linux-user-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-linux-user-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-linux-user-debugsource-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-ppc-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-ppc-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-s390-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-s390-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-seabios-1.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-sgabios-8-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-tools-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-tools-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-vgabios-1.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-x86-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"qemu-x86-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.3.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"qemu-testsuite-2.3.1-25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:25:33", "description": "This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\n - CVE-2016-10155: The i6300esb watchdog emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to leak memory on the\n host resulting in DoS (bnc#1021129)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 39, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-13T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "modified": "2017-03-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2017-0661-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0661-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97696);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10155\", \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5898\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the\n bitblit copy routine cirrus_bitblt_cputovideo failed to\n check the memory region, allowing for an out-of-bounds\n write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation\n could have allowed a malicious guest administrator to\n cause an out of bounds memory access, possibly leading\n to information disclosure or privilege escalation\n (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a memory leakage\n issue allowing a privileged user to leak host memory\n resulting in DoS (bsc#1023053)\n\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller\n emulator support was vulnerable to an infinite loop\n issue while receiving packets in 'mcf_fec_receive'. A\n privileged user/process inside guest could have used\n this issue to crash the Qemu process on the host leading\n to DoS (bsc#1013285)\n\n - CVE-2016-9911: The USB EHCI Emulation support was\n vulnerable to a memory leakage issue while processing\n packet data in 'ehci_init_transfer'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for the host (bsc#1014111)\n\n - CVE-2016-9907: The USB redirector usb-guest support was\n vulnerable to a memory leakage flaw when destroying the\n USB redirector in 'usbredir_handle_destroy'. A guest\n user/process could have used this issue to leak host\n memory, resulting in DoS for a host (bsc#1014109)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support\n was vulnerable to a divide by zero issue while copying\n VGA data. A privileged user inside guest could have used\n this flaw to crash the process instance on the host,\n resulting in DoS (bsc#1014702)\n\n - CVE-2017-5667: The SDHCI device emulation support was\n vulnerable to an OOB heap access issue allowing a\n privileged user inside the guest to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code with privileges of the Qemu process on\n the host (bsc#1022541)\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow allowing a privileged\n user inside the guest to crash the Qemu process\n resulting in DoS (bnc#1023907)\n\n - CVE-2016-10155: The i6300esb watchdog emulation support\n was vulnerable to a memory leakage issue allowing a\n privileged user inside the guest to leak memory on the\n host resulting in DoS (bnc#1021129)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9776/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9907/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5856/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5898/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170661-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35846804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-366=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-366=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-debugsource-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-lang-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.0.2-48.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-kvm-2.0.2-48.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:14:00", "description": "Qemu: net: mcf_fec: infinite loop while receiving data in\nmcf_fec_receive [CVE-2016-9776] Qemu: audio: memory leakage in ac97\n[CVE-2017-5525] Qemu: audio: memory leakage in es1370 device\n[CVE-2017-5526] oob access in cirrus bitblt copy [XSA-208,\nCVE-2017-2615]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-15T00:00:00", "title": "Fedora 25 : xen (2017-cdb53b04e0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525"], "modified": "2017-02-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-CDB53B04E0.NASL", "href": "https://www.tenable.com/plugins/nessus/97179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cdb53b04e0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97179);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9776\", \"CVE-2017-2615\", \"CVE-2017-5525\", \"CVE-2017-5526\");\n script_xref(name:\"FEDORA\", value:\"2017-cdb53b04e0\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Fedora 25 : xen (2017-cdb53b04e0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu: net: mcf_fec: infinite loop while receiving data in\nmcf_fec_receive [CVE-2016-9776] Qemu: audio: memory leakage in ac97\n[CVE-2017-5525] Qemu: audio: memory leakage in es1370 device\n[CVE-2017-5526] oob access in cirrus bitblt copy [XSA-208,\nCVE-2017-2615]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdb53b04e0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.1-7.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:14:07", "description": "memory leak when destroying guest without PT devices [XSA-207]\n(#1422492) update patches for XSA-208 after upstream revision (no\nfunctional change)\n\n----\n\nQemu: net: mcf_fec: infinite loop while receiving data in\nmcf_fec_receive [CVE-2016-9776] Qemu: audio: memory leakage in ac97\n[CVE-2017-5525] (#1414111) Qemu: audio: memory leakage in es1370\ndevice [CVE-2017-5526] (#1414211) oob access in cirrus bitblt copy\n[XSA-208, CVE-2017-2615] (#1418243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-28T00:00:00", "title": "Fedora 24 : xen (2017-d4ee7018c1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525"], "modified": "2017-02-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-D4EE7018C1.NASL", "href": "https://www.tenable.com/plugins/nessus/97430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d4ee7018c1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97430);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9776\", \"CVE-2017-2615\", \"CVE-2017-5525\", \"CVE-2017-5526\");\n script_xref(name:\"FEDORA\", value:\"2017-d4ee7018c1\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Fedora 24 : xen (2017-d4ee7018c1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"memory leak when destroying guest without PT devices [XSA-207]\n(#1422492) update patches for XSA-208 after upstream revision (no\nfunctional change)\n\n----\n\nQemu: net: mcf_fec: infinite loop while receiving data in\nmcf_fec_receive [CVE-2016-9776] Qemu: audio: memory leakage in ac97\n[CVE-2017-5525] (#1414111) Qemu: audio: memory leakage in es1370\ndevice [CVE-2017-5526] (#1414211) oob access in cirrus bitblt copy\n[XSA-208, CVE-2017-2615] (#1418243)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4ee7018c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"xen-4.6.4-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310872516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872516", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-62ac1230f7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-62ac1230f7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872516\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:53:52 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2016-10155\", \"CVE-2017-5552\",\n \"CVE-2017-5667\", \"CVE-2017-5857\", \"CVE-2017-5856\", \"CVE-2017-5898\",\n \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-62ac1230f7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-62ac1230f7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3M6HH35GUTRSIKPUWQYKAFUOT25GJXE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~7.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2016-7907", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-6058", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-19T00:00:00", "id": "OPENVAS:1361412562310872501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872501", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-31b976672b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-31b976672b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872501\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-19 05:54:12 +0100 (Sun, 19 Mar 2017)\");\n script_cve_id(\"CVE-2016-7907\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2016-10155\",\n\t\t\"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\", \"CVE-2017-5856\",\n\t\t\"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5987\", \"CVE-2017-6058\",\n \t\"CVE-2017-6505\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-31b976672b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-31b976672b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYFUMFAMU5GEQUVDAYGEUWAHFPUP2DN6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:49:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310851524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851524", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0707-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851524\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 06:32:47 +0100 (Fri, 17 Mar 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-9921\",\n \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\",\n \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\",\n \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0707-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure\n or privilege escalation (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0707-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~29.8\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-02-20T00:00:00", "id": "OPENVAS:1361412562310872351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872351", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-cdb53b04e0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2017-cdb53b04e0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872351\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:38:40 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2016-9776\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-2615\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-cdb53b04e0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cdb53b04e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5O4BC6JBTCWJE7JLE2REW5KQNTWSDCU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.1~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-02-26T00:00:00", "id": "OPENVAS:1361412562310872417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872417", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-d4ee7018c1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2017-d4ee7018c1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-26 05:49:21 +0100 (Sun, 26 Feb 2017)\");\n script_cve_id(\"CVE-2016-9776\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-2615\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-d4ee7018c1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-d4ee7018c1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLOJWGUX5PRXPIOTKRMBPC5ZL663K4G6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.6.4~7.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:11:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Several vulnerabilities were discovered in qemu, a fast processor emulator.", "modified": "2020-01-29T00:00:00", "published": "2018-01-12T00:00:00", "id": "OPENVAS:1361412562310890845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890845", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-845-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890845\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9921\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-845-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in qemu, a fast processor emulator.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nvia bitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nin cirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian but we\napply the patch to the sources to stay in sync with the qemu\npackage.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable\nto an infinite loop issue. It could occur while processing control\ntransfer descriptors", "modified": "2020-01-29T00:00:00", "published": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310890842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890842", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu-kvm (DLA-842-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890842\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9921\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_name(\"Debian LTS: Security Advisory for qemu-kvm (DLA-842-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nvia bitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nin cirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian but we\napply the patch to the sources to stay in sync with the qemu\npackage.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable\nto an infinite loop issue. It could occur while processing control\ntransfer descriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-21T00:00:00", "id": "OPENVAS:1361412562310843132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843132", "type": "openvas", "title": "Ubuntu Update for qemu USN-3261-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qemu USN-3261-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843132\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-21 06:43:11 +0200 (Fri, 21 Apr 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-7907\",\n \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9381\", \"CVE-2016-9602\",\n \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9908\",\n \"CVE-2016-9846\", \"CVE-2016-9912\", \"CVE-2017-5552\", \"CVE-2017-5578\",\n \"CVE-2017-5857\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9913\",\n \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\",\n \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-2633\",\n \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\",\n \"CVE-2017-5856\", \"CVE-2017-5898\", \"CVE-2017-5973\", \"CVE-2017-5987\",\n \"CVE-2017-6505\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3261-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Zhenhao Hong discovered that QEMU\nincorrectly handled the Virtio GPU device. An attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used\nwith Xen. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue to\naccess files on the host file system outside of the shared directory and\npossibly escalate their privileges. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the host. In the\ndefault installation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this iss ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3261-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/USN-3261-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171037", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1037)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1037\");\n script_version(\"2020-01-23T10:45:22+0000\");\n script_cve_id(\"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:45:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:45:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1037)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1037\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1037\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1037 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\nQuick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~126.5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:25:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "Two security issues have been identified within Citrix XenServer.", "modified": "2020-04-02T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310140173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140173", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX220771)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX220771)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140173\");\n script_cve_id(\"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"2020-04-02T13:53:24+0000\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX220771)\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX220771\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"Two security issues have been identified within Citrix XenServer.\");\n\n script_tag(name:\"impact\", value:\"These issues could, if exploited, allow the administrator of an HVM guest VM to compromise the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2017-2615 (High): QEMU: oob access in cirrus bitblt copy\n\n - CVE-2017-2620 (High): QEMU: cirrus_bitblt_cputovideo does not check if memory region is safe.\n\n Customers using only PV guest VMs are not affected by this vulnerability.\n\n Customers using only VMs that use the std-vga graphics emulation are not affected by this vulnerability.\");\n\n script_tag(name:\"affected\", value:\"XenServer 7.0\n\n XenServer 6.5\n\n XenServer 6.2.0\n\n XenServer 6.0.2\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 14:10:53 +0100 (Wed, 22 Feb 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\nif( ! hotfixes = get_kb_item(\"xenserver/patches\") )\n exit( 0 );\n\npatches = make_array();\n\npatches['7.0.0'] = make_list( 'XS70E029' );\npatches['6.5.0'] = make_list( 'XS65ESP1050' );\npatches['6.2.0'] = make_list( 'XS62ESP1057' );\npatches['6.0.2'] = make_list( 'XS602ECC041' );\n\ncitrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );\n\nexit( 99 );\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10155", "CVE-2016-7907", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5987", "CVE-2017-6058", "CVE-2017-6505"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2017-03-18T20:00:53", "published": "2017-03-18T20:00:53", "id": "FEDORA:1ABE36048149", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: qemu-2.7.1-4.fc25", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5525", "CVE-2017-5526"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-02-26T00:21:09", "published": "2017-02-26T00:21:09", "id": "FEDORA:A90CC6177DA2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: xen-4.6.4-7.fc24", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2017-2615", "CVE-2017-5525", "CVE-2017-5526"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-02-14T21:27:38", "published": "2017-02-14T21:27:38", "id": "FEDORA:A1E1B65DB1E6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.1-7.fc25", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2017-02-21T01:00:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5525", "CVE-2017-5579", "CVE-2017-5898", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5931", "CVE-2017-5857"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could potentially execute arbitrary code with privileges of QEMU process on the host, gain privileges on the host system, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.8.0-r1\"", "modified": "2017-02-21T00:00:00", "published": "2017-02-21T00:00:00", "id": "GLSA-201702-28", "href": "https://security.gentoo.org/glsa/201702-28", "title": "QEMU: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-04-10T23:19:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6505", "CVE-2017-5973", "CVE-2017-2630", "CVE-2017-5987", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-6058"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote server can cause a crash in the client causing execution of arbitrary code, and a Denial of Service within the QEMU process. Remote or Local users within a guest QEMU environment can cause a Denial of Service condition of the QEMU guest process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.8.0-r9\"", "modified": "2017-04-10T00:00:00", "published": "2017-04-10T00:00:00", "id": "GLSA-201704-01", "href": "https://security.gentoo.org/glsa/201704-01", "title": "QEMU: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-03-07T19:11:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481).\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589).\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491).\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix name of s390x specific sysctl configuration file to end with .conf\n (bsc#1026583)\n - XHCI fixes (bsc#977027)\n - Fixed rare race during s390x guest reboot\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "modified": "2017-03-07T18:10:16", "published": "2017-03-07T18:10:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00005.html", "id": "SUSE-SU-2017:0625-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-16T17:16:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure\n or privilege escalation (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481).\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589).\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491).\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix name of s390x specific sysctl configuration file to end with .conf\n (bsc#1026583)\n - XHCI fixes (bsc#977027)\n - Fixed rare race during s390x guest reboot\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-03-16T18:08:06", "published": "2017-03-16T18:08:06", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html", "id": "OPENSUSE-SU-2017:0707-1", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-05-11T13:19:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589)\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491)\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix post script for qemu-guest-agent rpm to actually activate the guest\n agent at rpm install time\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n - Fixed uint64 property parsing and add regression tests (bsc#937125)\n\n", "edition": 1, "modified": "2017-05-11T15:09:39", "published": "2017-05-11T15:09:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00021.html", "id": "SUSE-SU-2017:1241-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-03-10T21:11:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The i6300esb watchdog emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n leak memory on the host resulting in DoS (bnc#1021129)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "modified": "2017-03-10T21:09:01", "published": "2017-03-10T21:09:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00007.html", "id": "SUSE-SU-2017:0661-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T19:19:08", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "description": "This update for kvm fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "edition": 1, "modified": "2017-04-28T21:11:21", "published": "2017-04-28T21:11:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00035.html", "id": "SUSE-SU-2017:1135-1", "title": "Security update for kvm (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-02-27T19:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host\n (bsc#1024183).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host\n (bsc#1022627).\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668).\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-02-27T18:10:46", "published": "2017-02-27T18:10:46", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html", "id": "SUSE-SU-2017:0570-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-09T23:11:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV\n to SP4\n\n", "modified": "2017-03-10T00:07:36", "published": "2017-03-10T00:07:36", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00006.html", "id": "SUSE-SU-2017:0647-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-01T01:11:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-03-01T00:33:56", "published": "2017-03-01T00:33:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html", "id": "SUSE-SU-2017:0582-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-02-27T19:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation\n (bsc#1024834).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\n", "modified": "2017-02-27T18:13:48", "published": "2017-02-27T18:13:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00046.html", "id": "SUSE-SU-2017:0571-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-11T15:11:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9922", "CVE-2017-2615", "CVE-2016-9921", "CVE-2017-2620"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation\n (bsc#1024834).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#1005028: Fixed building Xen RPMs from Sources\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-03-11T15:07:34", "published": "2017-03-11T15:07:34", "id": "OPENSUSE-SU-2017:0665-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T20:07:33", "description": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.", "edition": 6, "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.0, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-15T15:59:00", "title": "CVE-2016-10155", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10155"], "modified": "2020-11-10T18:57:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2016-10155", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10155", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:34", "description": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-03-20T16:59:00", "title": "CVE-2017-5987", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5987"], "modified": "2020-11-10T17:47:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1", "cpe:/a:qemu:qemu:2.9.0"], "id": "CVE-2017-5987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5987", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.9.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.9.0:rc0:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:33", "description": "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-15T15:59:00", "title": "CVE-2017-5525", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5525"], "modified": "2020-11-10T18:41:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5525", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5525", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:33", "description": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-16T15:59:00", "title": "CVE-2017-5667", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5667"], "modified": "2020-11-10T18:58:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5667", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5667", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:34", "description": "Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-16T15:59:00", "title": "CVE-2017-5856", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5856"], "modified": "2020-11-10T18:41:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5856", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:34", "description": "Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-16T15:59:00", "title": "CVE-2017-5857", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5857"], "modified": "2020-11-10T19:21:00", "cpe": ["cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5857", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5857", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:34", "description": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-03-15T19:59:00", "title": "CVE-2017-5898", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5898"], "modified": "2020-11-10T18:55:00", "cpe": ["cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:suse:linux_enterprise_server_for_sap:12", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/a:qemu:qemu:2.8.1.1", "cpe:/o:suse:linux_enterprise_server:12"], "id": "CVE-2017-5898", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5898", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:33", "description": "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-15T15:59:00", "title": "CVE-2017-5552", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5552"], "modified": "2020-11-10T17:56:00", "cpe": ["cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5552", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5552", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:34", "description": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-15T14:59:00", "title": "CVE-2017-6505", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6505"], "modified": "2020-11-10T18:41:00", "cpe": ["cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-6505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6505", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:33", "description": "Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-03-15T15:59:00", "title": "CVE-2017-5526", "type": "cve", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5526"], "modified": "2020-11-10T19:21:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:qemu:qemu:2.8.1.1"], "id": "CVE-2017-5526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5526", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:57", "bulletinFamily": "software", "cvelist": ["CVE-2017-2615"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-10-01T21:08:00", "published": "2018-10-01T21:08:00", "id": "F5:K41242221", "href": "https://support.f5.com/csp/article/K41242221", "title": "QEMU vulnerability CVE-2017-2615", "type": "f5", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Package : qemu-kvm\nVersion : 1.1.2+dfsg-6+deb7u20\nCVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973\n\n\nSeveral vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\n The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n via bitblt copy in backward mode.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\n The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n in cirrus_bitblt_cputovideo.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\n The CCID Card device emulator support is vulnerable to an integer\n overflow flaw. It could occur while passing message via\n command/responses packets to and from the host.\n\n A privileged user inside guest could use this flaw to crash the\n qemu-kvm process on the host resulting in a DoS.\n\n This issue does not affect the qemu-kvm binaries in Debian but we\n apply the patch to the sources to stay in sync with the qemu\n package.\n\nCVE-2017-5973\n\n The USB xHCI controller emulator support in qemu-kvm is vulnerable\n to an infinite loop issue. It could occur while processing control\n transfer descriptors' sequence in xhci_kick_epctx.\n\n A privileged user inside guest could use this flaw to crash the\n qemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-02-28T22:10:25", "published": "2017-02-28T22:10:25", "id": "DEBIAN:DLA-842-1:6B5AC", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201702/msg00033.html", "title": "[SECURITY] [DLA 842-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Package : qemu\nVersion : 1.1.2+dfsg-6+deb7u20\nCVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973\nDebian Bug : \n\nSeveral vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-2615\n\n The Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n via bitblt copy in backward mode.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of Qemu process on the host.\n\nCVE-2017-2620\n\n The Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n in cirrus_bitblt_cputovideo.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of Qemu process on the host.\n\nCVE-2017-5898\n\n The CCID Card device emulator support is vulnerable to an integer\n overflow flaw. It could occur while passing message via\n command/responses packets to and from the host.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process on host resulting in DoS.\n\nCVE-2017-5973\n\n The USB xHCI controller emulator support in qemu is vulnerable\n to an infinite loop issue. It could occur while processing control\n transfer descriptors' sequence in xhci_kick_epctx.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-03-01T19:52:31", "published": "2017-03-01T19:52:31", "id": "DEBIAN:DLA-845-1:D7636", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00001.html", "title": "[SECURITY] [DLA 845-1] qemu security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "description": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU \ndevice. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used \nwith Xen. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory \nsharing. A privileged attacker inside the guest could use this issue to \naccess files on the host file system outside of the shared directory and \npossibly escalate their privileges. In the default installation, when QEMU \nis used with libvirt, attackers would be isolated by the libvirt AppArmor \nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA \ndevice when being used with a VNC connection. A privileged attacker inside \nthe guest could use this issue to cause QEMU to crash, resulting in a \ndenial of service, or possibly execute arbitrary code on the host. In the \ndefault installation, when QEMU is used with libvirt, attackers would be \nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to leak \ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and \nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, \nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, \nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly \nhandled the Cirrus VGA device. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus \nVGA device. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service, or possibly execute arbitrary code \non the host. In the default installation, when QEMU is used with libvirt, \nattackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI \ndevice emulation. A privileged attacker inside the guest could use this \nissue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)", "edition": 6, "modified": "2017-04-20T00:00:00", "published": "2017-04-20T00:00:00", "id": "USN-3261-1", "href": "https://ubuntu.com/security/notices/USN-3261-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:36:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0396\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.\n\nBug Fix(es):\n\n* When using the virtio-blk driver on a guest virtual machine with no space on the virtual hard drive, the guest terminated unexpectedly with a \"block I/O error in device\" message and the qemu-kvm process exited with a segmentation fault. This update fixes how the system_reset QEMU signal is handled in the above scenario. As a result, if a guest crashes due to no space left on the device, qemu-kvm continues running and the guest can be reset as expected. (BZ#1420049)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-March/034359.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0396.html", "edition": 5, "modified": "2017-03-03T13:27:17", "published": "2017-03-03T13:27:17", "id": "CESA-2017:0396", "href": "http://lists.centos.org/pipermail/centos-announce/2017-March/034359.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0454\n\n\nKVM (for Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on x86 hardware. Using KVM, one can run multiple virtual machines running\nunmodified Linux or Windows images. Each virtual machine has private virtualized\nhardware: a network card, disk, graphics adapter, etc.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is\nvulnerable to an out-of-bounds access issue. It could occur while copying VGA\ndata via bitblt copy in backward mode. A privileged user inside a guest could\nuse this flaw to crash the QEMU process resulting in DoS or potentially execute\narbitrary code on the host with privileges of QEMU process on the host.\n(CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds access issue. The issue could occur while copying\nVGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use\nthis flaw to crash the QEMU process OR potentially execute arbitrary code on\nhost with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn\nInc.) for reporting CVE-2017-2615.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-March/034363.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0454.html", "edition": 5, "modified": "2017-03-08T18:33:47", "published": "2017-03-08T18:33:47", "id": "CESA-2017:0454", "href": "http://lists.centos.org/pipermail/centos-announce/2017-March/034363.html", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-11-18T15:29:37", "bulletinFamily": "software", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator of an HVM guest VM to compromise the host.</p>\n<p>The following vulnerabilities have been addressed:</p>\n<ul>\n<li>CVE-2017-2615 (High): QEMU: oob access in cirrus bitblt copy</li>\n<li>CVE-2017-2620 (High): QEMU: cirrus_bitblt_cputovideo does not check if memory region is safe</li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers using only PV guest VMs are not affected by this vulnerability.</p>\n<p>Customers using only VMs that use the std-vga graphics emulation are not affected by this vulnerability.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.0: CTX220760 \u2013 <a href=\"https://support.citrix.com/article/CTX220760\">https://support.citrix.com/article/CTX220760</a></p>\n<p>Citrix XenServer 6.5 SP1: CTX220759 \u2013 <a href=\"https://support.citrix.com/article/CTX220759\">https://support.citrix.com/article/CTX220759</a></p>\n<p>Citrix XenServer 6.2 SP1: CTX220758 \u2013 <a href=\"https://support.citrix.com/article/CTX220758\">https://support.citrix.com/article/CTX220758</a></p>\n<p>Citrix XenServer 6.0.2 Common Criteria: CTX220757\u2013 <a href=\"https://support.citrix.com/article/CTX220757\">https://support.citrix.com/article/CTX220757</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>21st February 2017</td>\n<td>Initial publishing</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2017-02-21T05:00:00", "published": "2017-02-21T05:00:00", "id": "CTX220771", "href": "https://support.citrix.com/article/CTX220771", "title": "Citrix XenServer Multiple Security Updates", "type": "citrix", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:40", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "[1.5.3-126.el7_3.5]\n- kvm-cirrus-fix-patterncopy-checks.patch [bz#1420490]\n- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420490]\n- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420490]\n- Resolves: bz#1420490\n (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.3.z])\n[1.5.3-126.el7_3.4]\n- kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1420049]\n- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418232]\n- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418232]\n- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418232]\n- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418232]\n- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418232]\n- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418232]\n- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418232]\n- Resolves: bz#1418232\n (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-7.3.z])\n- Resolves: bz#1420049\n (system_reset should clear pending request for error (virtio-blk))", "edition": 3, "modified": "2017-03-02T00:00:00", "published": "2017-03-02T00:00:00", "id": "ELSA-2017-0396", "href": "http://linux.oracle.com/errata/ELSA-2017-0396.html", "title": "qemu-kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "[83-277.0.1.el5_11]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[83-277.el5_11]\n- kvm-Fix-hardware-accelerated-video-to-video-copy-on-Cirr.patch [bz#1421564]\n- kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1421564]\n- kvm-cirrus-fix-blit-region-check.patch [bz#1421564]\n- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1421564]\n- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1421564]\n- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1421564]\n- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1421564]\n- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1421564]\n- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1421564]\n- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1421564]\n- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1421564]\n- kvm-cirrus-fix-patterncopy-checks.patch [bz#1421564]\n- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1421564]\n- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1421564]\n- Resolves: bz#1421564\n (CVE-2017-2615 kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-5.11.z])", "edition": 3, "modified": "2017-03-07T00:00:00", "published": "2017-03-07T00:00:00", "id": "ELSA-2017-0454", "href": "http://linux.oracle.com/errata/ELSA-2017-0454.html", "title": "kvm security update", "type": "oraclelinux", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2015-5225", "CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020", "CVE-2017-2620", "CVE-2016-2857", "CVE-2017-9524", "CVE-2016-9603"], "description": "[1.5.3-141.el7]\n- kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch [bz#1455745]\n- kvm-Do-not-hang-on-full-PTY.patch [bz#1452067]\n- kvm-serial-fixing-vmstate-for-save-restore.patch [bz#1452067]\n- kvm-serial-reinstate-watch-after-migration.patch [bz#1452067]\n- kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1451614]\n- kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1451614]\n- Resolves: bz#1451614\n (CVE-2017-9524 qemu-kvm: segment fault when private user nmap qemu-nbd server [rhel-7.4])\n- Resolves: bz#1452067\n (migration can confuse serial port user)\n- Resolves: bz#1455745\n (Backport fix for broken logic thats supposed to ensure memory slots are page aligned)\n[1.5.3-140.el7]\n- kvm-spice-fix-spice_chr_add_watch-pre-condition.patch [bz#1456983]\n- Resolves: bz#1456983\n (Character device regression due to missing patch)\n[1.5.3-139.el7]\n- kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch [bz#1451470]\n- Resolves: bz#1451470\n (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop)\n[1.5.3-138.el7]\n- kvm-char-serial-cosmetic-fixes.patch [bz#1451470]\n- kvm-char-serial-Use-generic-Fifo8.patch [bz#1451470]\n- kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch [bz#1451470]\n- kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch [bz#1451470]\n- kvm-char-serial-Fix-emptyness-check.patch [bz#1451470]\n- kvm-char-serial-Fix-emptyness-handling.patch [bz#1451470]\n- kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch [bz#1451470]\n- kvm-serial-change-retry-logic-to-avoid-concurrency.patch [bz#1451470]\n- kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch [bz#1451470]\n- kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch [bz#1451470]\n- kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch [bz#1451470]\n- kvm-serial-clean-up-THRE-TEMT-handling.patch [bz#1451470]\n- kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch [bz#1451470]\n- kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch [bz#1451470]\n- kvm-serial-make-tsr_retry-unsigned.patch [bz#1451470]\n- kvm-serial-simplify-tsr_retry-reset.patch [bz#1451470]\n- kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch [bz#1451470]\n- kvm-serial-remove-watch-on-reset.patch [bz#1451470]\n- Resolves: bz#1451470\n (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop)\n[1.5.3-137.el7]\n- kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1299875]\n- Resolves: bz#1299875\n (system_reset should clear pending request for error (IDE))\n[1.5.3-136.el7]\n- kvm-target-i386-get-set-migrate-XSAVES-state.patch [bz#1327593]\n- kvm-Removing-texi2html-from-build-requirements.patch [bz#1440987]\n- kvm-Disable-build-of-32bit-packages.patch [bz#1441778]\n- kvm-Add-sample-images-to-srpm.patch [bz#1436280]\n- Resolves: bz#1327593\n ([Intel 7.4 FEAT] KVM Enable the XSAVEC, XSAVES and XRSTORS instructions)\n- Resolves: bz#1436280\n (sample images for qemu-iotests are missing in the SRPM)\n- Resolves: bz#1440987\n (Remove texi2html build dependancy from RPM)\n- Resolves: bz#1441778\n (Stop building qemu-img for 32bit architectures.)\n[1.5.3-135.el7]\n- kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430060]\n- kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430060]\n- kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430060]\n- kvm-cirrus-fix-cirrus_invalidate_region.patch [bz#1430060]\n- kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1430060]\n- kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1430060]\n- kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1430060]\n- Resolves: bz#1430060\n (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-7.4])\n[1.5.3-134.el7]\n- kvm-ui-vnc-introduce-VNC_DIRTY_PIXELS_PER_BIT-macro.patch [bz#1377977]\n- kvm-ui-vnc-derive-cmp_bytes-from-VNC_DIRTY_PIXELS_PER_BI.patch [bz#1377977]\n- kvm-ui-vnc-optimize-dirty-bitmap-tracking.patch [bz#1377977]\n- kvm-ui-vnc-optimize-setting-in-vnc_dpy_update.patch [bz#1377977]\n- kvm-ui-vnc-fix-vmware-VGA-incompatiblities.patch [bz#1377977]\n- kvm-ui-vnc-fix-potential-memory-corruption-issues.patch [bz#1377977]\n- kvm-vnc-fix-memory-corruption-CVE-2015-5225.patch [bz#1377977]\n- kvm-vnc-fix-overflow-in-vnc_update_stats.patch [bz#1377977]\n- kvm-i386-kvmvapic-initialise-imm32-variable.patch [bz#1335751]\n- kvm-qemu-iotests-Filter-out-actual-image-size-in-067.patch [bz#1427176]\n- vm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_ref2.patch [bz#1427176]\n- kvm-qemu-iotests-Fix-core-dump-suppression-in-test-039.patch [bz#1427176]\n- kvm-qemu-io-Add-sigraise-command.patch [bz#1427176]\n- kvm-iotests-Filter-for-Killed-in-qemu-io-output.patch [bz#1427176]\n- kvm-iotests-Fix-test-039.patch [bz#1427176]\n- kvm-blkdebug-Add-bdrv_truncate.patch [bz#1427176]\n- kvm-vhdx-Fix-zero-fill-iov-length.patch [bz#1427176]\n- kvm-qemu-iotests-Disable-030-040-041.patch [bz#1427176]\n- kvm-x86-add-AVX512_VPOPCNTDQ-features.patch [bz#1415830]\n- kvm-usb-ccid-check-ccid-apdu-length.patch [bz#1419818]\n- kvm-usb-ccid-better-bulk_out-error-handling.patch [bz#1419818]\n- kvm-usb-ccid-move-header-size-check.patch [bz#1419818]\n- kvm-usb-ccid-add-check-message-size-checks.patch [bz#1419818]\n- kvm-spec-Update-rdma-build-dependency.patch [bz#1433920]\n- Resolves: bz#1335751\n (CVE-2016-4020 qemu-kvm: Qemu: i386: leakage of stack memory to guest in kvmvapic.c [rhel-7.4])\n- Resolves: bz#1377977\n (qemu-kvm coredump in vnc_raw_send_framebuffer_update [rhel-7.4])\n- Resolves: bz#1415830\n ([Intel 7.4 FEAT] Enable vpopcntdq for KNM - qemu/kvm)\n- Resolves: bz#1419818\n (CVE-2017-5898 qemu-kvm: Qemu: usb: integer overflow in emulated_apdu_from_guest [rhel-7.4])\n- Resolves: bz#1427176\n (test cases of qemu-iotests failed)\n- Resolves: bz#1433920\n (Switch from librdmacm-devel to rdma-core-devel)\n[1.5.3-133.el7]\n- kvm-target-i386-add-Ivy-Bridge-CPU-model.patch [bz#1368375]\n- kvm-x86-add-AVX512_4VNNIW-and-AVX512_4FMAPS-features.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Kill-unused-code.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-level.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-CPU-v.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-xleve.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Set-all-feature-words-.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Fill-feature-words-in-.patch [bz#1382122]\n- kvm-target-i386-kvm_check_features_against_host-Kill-fea.patch [bz#1382122]\n- kvm-target-i386-Make-TCG-feature-filtering-more-readable.patch [bz#1382122]\n- kvm-target-i386-Filter-FEAT_7_0_EBX-TCG-features-too.patch [bz#1382122]\n- kvm-target-i386-Filter-KVM-and-0xC0000001-features-on-TC.patch [bz#1382122]\n- kvm-target-i386-Define-TCG_-_FEATURES-earlier-in-cpu.c.patch [bz#1382122]\n- kvm-target-i386-Loop-based-copying-and-setting-unsetting.patch [bz#1382122]\n- kvm-target-i386-Loop-based-feature-word-filtering-in-TCG.patch [bz#1382122]\n- kvm-spice-remove-spice-experimental.h-include.patch [bz#1430606]\n- kvm-spice-replace-use-of-deprecated-API.patch [bz#1430606]\n- Resolves: bz#1368375\n ([Intel 7.4 Bug] qemu-kvm does not support '-cpu IvyBridge')\n- Resolves: bz#1382122\n ([Intel 7.4 FEAT] KVM Enable the avx512_4vnniw, avx512_4fmaps instructions in qemu)\n- Resolves: bz#1430606\n (Cant build qemu-kvm with newer spice packages)\n[1.5.3-132.el7]\n- kvm-cirrus-fix-patterncopy-checks.patch [bz#1420492]\n- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420492]\n- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420492]\n- Resolves: bz#1420492\n (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.4])\n[1.5.3-131.el7]\n- kvm-memory-Allow-access-only-upto-the-maximum-alignment-.patch [bz#1342768]\n- kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1361488]\n- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418233]\n- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418233]\n- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418233]\n- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418233]\n- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418233]\n- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418233]\n- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418233]\n- kvm-HMP-Fix-user-manual-typo-of-__com.redhat_qxl_screend.patch [bz#1419898]\n- kvm-HMP-Fix-documentation-of-__com.redhat.drive_add.patch [bz#1419898]\n- Resolves: bz#1342768\n ([Intel 7.4 Bug] qemu-kvm crashes with Linux kernel 4.6.0 or above)\n- Resolves: bz#1361488\n (system_reset should clear pending request for error (virtio-blk))\n- Resolves: bz#1418233\n (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-7.4])\n- Resolves: bz#1419898\n (Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add)\n[1.5.3-130.el7]\n- kvm-gluster-correctly-propagate-errors.patch [bz#1151859]\n- kvm-gluster-Correctly-propagate-errors-when-volume-isn-t.patch [bz#1151859]\n- kvm-block-gluster-add-support-for-selecting-debug-loggin.patch [bz#1151859]\n- Resolves: bz#1151859\n ([RFE] Allow the libgfapi logging level to be controlled.)\n[1.5.3-129.el7]\n- kvm-Update-qemu-kvm-package-Summary-and-Description.patch [bz#1378541]\n- kvm-vl-Don-t-silently-change-topology-when-all-smp-optio.patch [bz#1375507]\n- kvm-net-check-packet-payload-length.patch [bz#1398218]\n- kvm-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch [bz#1342489]\n- Resolves: bz#1342489\n (Flickering Fedora 24 Login Screen on RHEL 7)\n- Resolves: bz#1375507\n ('threads' option is overwritten if both 'sockets' and 'cores' is set on -smp)\n- Resolves: bz#1378541\n (QEMU: update package summary and description)\n- Resolves: bz#1398218\n (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-7.4])\n[1.5.3-128.el7]\n- kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1377968]\n- kvm-virtio-introduce-virtqueue_discard.patch [bz#1377968]\n- kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1377968]\n- kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1377968]\n- kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1377968]\n- kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1377968]\n- kvm-virtio-add-virtqueue_rewind.patch [bz#1377968]\n- kvm-virtio-balloon-fix-stats-vq-migration.patch [bz#1377968]\n- Resolves: bz#1377968\n ([RHEL7.3] KVM guest shuts itself down after 128th reboot)\n[1.5.3-127.el7]\n- kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch [bz#1377087]\n- kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1377087]\n- Resolves: bz#1377087\n (shutdown rhel 5.11 guest failed and stop at 'system halted')", "edition": 5, "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-1856", "href": "http://linux.oracle.com/errata/ELSA-2017-1856.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:27:26", "published": "2017-02-28T04:06:51", "id": "RHSA-2017:0330", "href": "https://access.redhat.com/errata/RHSA-2017:0330", "type": "redhat", "title": "(RHSA-2017:0330) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:27:43", "published": "2017-02-28T04:06:47", "id": "RHSA-2017:0329", "href": "https://access.redhat.com/errata/RHSA-2017:0329", "type": "redhat", "title": "(RHSA-2017:0329) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.\n\nBug Fix(es):\n\n* When using the virtio-blk driver on a guest virtual machine with no space on the virtual hard drive, the guest terminated unexpectedly with a \"block I/O error in device\" message and the qemu-kvm process exited with a segmentation fault. This update fixes how the system_reset QEMU signal is handled in the above scenario. As a result, if a guest crashes due to no space left on the device, qemu-kvm continues running and the guest can be reset as expected. (BZ#1420049)", "modified": "2018-04-12T03:31:39", "published": "2017-03-02T20:22:52", "id": "RHSA-2017:0396", "href": "https://access.redhat.com/errata/RHSA-2017:0396", "type": "redhat", "title": "(RHSA-2017:0396) Important: qemu-kvm security and bug fix update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:26:34", "published": "2017-02-28T04:06:44", "id": "RHSA-2017:0328", "href": "https://access.redhat.com/errata/RHSA-2017:0328", "type": "redhat", "title": "(RHSA-2017:0328) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:27:06", "published": "2017-02-28T04:06:59", "id": "RHSA-2017:0332", "href": "https://access.redhat.com/errata/RHSA-2017:0332", "type": "redhat", "title": "(RHSA-2017:0332) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:26:43", "published": "2017-02-28T04:07:01", "id": "RHSA-2017:0333", "href": "https://access.redhat.com/errata/RHSA-2017:0333", "type": "redhat", "title": "(RHSA-2017:0333) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (for Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on x86 hardware. Using KVM, one can run multiple virtual machines running\nunmodified Linux or Windows images. Each virtual machine has private virtualized\nhardware: a network card, disk, graphics adapter, etc.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is\nvulnerable to an out-of-bounds access issue. It could occur while copying VGA\ndata via bitblt copy in backward mode. A privileged user inside a guest could\nuse this flaw to crash the QEMU process resulting in DoS or potentially execute\narbitrary code on the host with privileges of QEMU process on the host.\n(CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is\nvulnerable to an out-of-bounds access issue. The issue could occur while copying\nVGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use\nthis flaw to crash the QEMU process OR potentially execute arbitrary code on\nhost with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn\nInc.) for reporting CVE-2017-2615.\n", "modified": "2017-09-08T11:49:10", "published": "2017-03-07T05:00:00", "id": "RHSA-2017:0454", "href": "https://access.redhat.com/errata/RHSA-2017:0454", "type": "redhat", "title": "(RHSA-2017:0454) Important: kvm security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615.", "modified": "2018-03-19T16:27:18", "published": "2017-02-28T04:06:55", "id": "RHSA-2017:0331", "href": "https://access.redhat.com/errata/RHSA-2017:0331", "type": "redhat", "title": "(RHSA-2017:0331) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2857", "CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\n* An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857.", "modified": "2018-06-07T02:48:00", "published": "2017-02-28T04:07:05", "id": "RHSA-2017:0334", "href": "https://access.redhat.com/errata/RHSA-2017:0334", "type": "redhat", "title": "(RHSA-2017:0334) Important: qemu-kvm-rhev security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2857", "CVE-2017-2615", "CVE-2017-2620"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615)\n\n* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620)\n\n* An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)\n\nRed Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857.\n\nBug Fix(es):\n\n* Prior to this update, after migrating a guest virtual machine on the little-endian variant of IBM Power Systems and resetting the guest, the guest boot process failed with a \"tcmalloc: large alloc\" error message. This update fixes the bug, and the described problem no longer occurs. (BZ#1420456)\n\n* The qemu-kvm-rhev package depends on the usbredir and libcacard packages. However, on the little-endian variant of IBM Power Systems, smartcard use is not supported and usbredir and libcacard are thus only available in the Optional channel. As a consequence, qemu-kvm-rhev was previously not installable on these systems if the Optional channel was not available for the user. This update removes usbredir and libcacard as dependencies of qemu-kvm-rhev on little-endian IBM Power Systems, and qemu-kvm-rhev can now be installed as expected in the described scenario. (BZ#1420428)", "modified": "2018-04-26T01:30:17", "published": "2017-03-01T12:52:23", "id": "RHSA-2017:0350", "href": "https://access.redhat.com/errata/RHSA-2017:0350", "type": "redhat", "title": "(RHSA-2017:0350) Important: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
