Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

2020-04-22T17:48:50

Description

## Summary IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information ## Vulnerability Details ** CVEID: **[CVE-2019-11135](<https://vulners.com/cve/CVE-2019-11135>) ** DESCRIPTION: **Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX Asynchronous Abort condition. By using side channel attacks, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175029>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) ## Affected Products and Versions · IBM QRadar 7.3.0 to 7.3.3 Patch 1 ## Remediation/Fixes [· QRadar / QRM / QVM / QNI 7.4.0 GA](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QRSIEM-20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar / QRM / QVM / QNI 7.4.0 GA" ) (SFS) · [QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20200208135728&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2" ) (SFS) · [QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.3.2-QRADAR-QRSIEM-20200406171249&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7" )(SFS) · [QRadar Incident Forensics 7.4.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QIFFULL-2019.18.0.20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar Incident Forensics 7.4.0" ) (ISO) · [QRadar Incident Forensics 7.4.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QIFSFS-2019.18.0.20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar Incident Forensics 7.4.0" ) (SFS) **NOTE**: Administrators with QRadar Incident Forensics should be aware that a new ISO and SFS file are published to IBM Fix Central for QRadar Incident Forensics 7.4.0 versions ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm security qradar siem	7.3
	ibm security qradar siem	7.4

{"id": "63B8DACF4D9207A80DC8478A9FE0FEBB4F6D6599EFEA8DD045EEBEA18CA79689", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)", "description": "## Summary\n\nIBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11135](<https://vulners.com/cve/CVE-2019-11135>) \n** DESCRIPTION: **Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX Asynchronous Abort condition. By using side channel attacks, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar 7.3.0 to 7.3.3 Patch 1\n\n \n\n\n## Remediation/Fixes\n\n[\u00b7 QRadar / QRM / QVM / QNI 7.4.0 GA](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QRSIEM-20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar / QRM / QVM / QNI 7.4.0 GA\" ) (SFS) \n\u00b7 [QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20200208135728&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2\" ) (SFS) \n\u00b7 [QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=fixId&fixids=7.3.2-QRADAR-QRSIEM-20200406171249&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7\" )(SFS) \n\u00b7 [QRadar Incident Forensics 7.4.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QIFFULL-2019.18.0.20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar Incident Forensics 7.4.0\" ) (ISO) \n\u00b7 [QRadar Incident Forensics 7.4.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.0-QRADAR-QIFSFS-2019.18.0.20200304205308&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar Incident Forensics 7.4.0\" ) (SFS) \n\n**NOTE**: Administrators with QRadar Incident Forensics should be aware that a new ISO and SFS file are published to IBM Fix Central for QRadar Incident Forensics 7.4.0 versions\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2020-04-22T17:48:50", "modified": "2020-04-22T17:48:50", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.0, "impactScore": 4.0}, "href": "https://www.ibm.com/support/pages/node/6198355", "reporter": "IBM", "references": [], "cvelist": ["CVE-2019-11135"], "immutableFields": [], "lastseen": "2023-02-27T17:46:11", "viewCount": 11, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:0279"]}, {"type": "amazon", "idList": ["ALAS-2019-1318", "ALAS2-2019-1364"]}, {"type": "archlinux", "idList": ["ASA-201911-14"]}, {"type": "centos", "idList": ["CESA-2019:3834", "CESA-2019:3836", "CESA-2020:0366", "CESA-2020:0839"]}, {"type": "citrix", "idList": ["CTX263684"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:6AF202D824CCBDB8B52AD0B7707645BF", "CFOUNDRY:A9246B54233F05FAAFEBCA42A471540D", "CFOUNDRY:BC8FE7ADD7CE210F5A18A29FE6851CCC", "CFOUNDRY:F1FD906C8A4009015525A4BE5BA37775"]}, {"type": "cve", "idList": ["CVE-2019-11135", "CVE-2019-19338"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1989-1:8096A", "DEBIAN:DLA-1990-1:DF706", "DEBIAN:DLA-2051-1:B1C56", "DEBIAN:DLA-2051-1:E78EE", "DEBIAN:DSA-4564-1:E0777", "DEBIAN:DSA-4564-1:F8764", "DEBIAN:DSA-4565-1:21F87", "DEBIAN:DSA-4565-1:A4209", "DEBIAN:DSA-4565-2:013FD", "DEBIAN:DSA-4565-2:D5727", "DEBIAN:DSA-4602-1:C29F7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-11135", "DEBIANCVE:CVE-2019-19338"]}, {"type": "f5", "idList": ["F5:K02912734", "F5:K84933088"]}, {"type": "fedora", "idList": ["FEDORA:07FF360D17A8", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2CDA460E9B22", "FEDORA:2E87261278ED", "FEDORA:308A766A87C1", "FEDORA:347EC6014770", "FEDORA:371E06040B12", "FEDORA:4002B609954A", "FEDORA:511A7608E6E1", "FEDORA:51B856067EB8", "FEDORA:5445B61185FA", "FEDORA:56A076119752", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:5F24260E9922", "FEDORA:5FE4A6076D31", "FEDORA:628EB603ECD0", "FEDORA:6D8F5627F513", "FEDORA:803AE30C6416", "FEDORA:87DAB6118614", "FEDORA:89A31604C861", "FEDORA:8C2F86119EC0", "FEDORA:8FEA960A4096", "FEDORA:94BC060A4ECF", "FEDORA:9E9D96119EC1", "FEDORA:B7184611861B", "FEDORA:BF5EC607125E", "FEDORA:C1D196119EC1", "FEDORA:C63426076F58", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:E9C7E608767D", "FEDORA:EC9F26076D31"]}, {"type": "freebsd", "idList": ["FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-19:26.MCU"]}, {"type": "gentoo", "idList": ["GLSA-202003-56"]}, {"type": "hp", "idList": ["HP:C06502052"]}, {"type": "ibm", "idList": ["F8CEB533FA9C1B8ED5CD7460C1ECAE11617B8D3B6DF044FE71A22BC22E7FA595"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00270"]}, {"type": "kaspersky", "idList": ["KLA11608", "KLA11871", "KLA12121"]}, {"type": "lenovo", "idList": ["LENOVO:PS500279-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOSID", "LENOVO:PS500279-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0332", "MGASA-2019-0333", "MGASA-2019-0334", "MGASA-2019-0413", "MGASA-2020-0113"]}, {"type": "mscve", "idList": ["MS:CVE-2019-11135"]}, {"type": "mskb", "idList": ["KB4523205", "KB4524570", "KB4525232", "KB4525233", "KB4525234", "KB4525235", "KB4525236", "KB4525237", "KB4525239", "KB4525241", "KB4525243", "KB4525245", "KB4525246", "KB4525250", "KB4525253"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1364.NASL", "ALA_ALAS-2019-1318.NASL", "ALMA_LINUX_ALSA-2020-0279.NASL", "CENTOS8_RHSA-2020-0279.NASL", "CENTOS8_RHSA-2020-0339.NASL", "CENTOS_RHSA-2019-3834.NASL", "CENTOS_RHSA-2019-3836.NASL", "CENTOS_RHSA-2020-0366.NASL", "CENTOS_RHSA-2020-0839.NASL", "DEBIAN_DLA-1989.NASL", "DEBIAN_DLA-1990.NASL", "DEBIAN_DLA-2051.NASL", "DEBIAN_DSA-4564.NASL", "DEBIAN_DSA-4565.NASL", "DEBIAN_DSA-4602.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1430.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1790.NASL", "EULEROS_SA-2020-1792.NASL", "EULEROS_SA-2021-1684.NASL", "FEDORA_2019-1689D3FE07.NASL", "FEDORA_2019-376EC5C107.NASL", "FEDORA_2019-68D7F68507.NASL", "FEDORA_2019-7A3FC17778.NASL", "FEDORA_2019-CBB732F760.NASL", "FREEBSD_PKG_FBE10A8A05A111EA9DFAF8B156AC3FF9.NASL", "GENTOO_GLSA-202003-56.NASL", "MACOSX_FUSION_VMSA_2019_0021.NASL", "MICROSOFT_WINDOWS_SPEC_EXECUTION.NBIN", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_1.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_3.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_0_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2504.NASL", "OPENSUSE-2019-2505.NASL", "OPENSUSE-2019-2506.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2508.NASL", "OPENSUSE-2019-2509.NASL", "OPENSUSE-2019-2510.NASL", "OPENSUSE-2019-2527.NASL", "OPENSUSE-2019-2528.NASL", "OPENSUSE-2019-2710.NASL", "ORACLELINUX_ELSA-2019-3832.NASL", "ORACLELINUX_ELSA-2019-3834.NASL", "ORACLELINUX_ELSA-2019-3836.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4837.NASL", "ORACLELINUX_ELSA-2019-4838.NASL", "ORACLELINUX_ELSA-2019-4839.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2019-4854.NASL", "ORACLELINUX_ELSA-2019-4855.NASL", "ORACLELINUX_ELSA-2020-0279.NASL", "ORACLELINUX_ELSA-2020-0339.NASL", "ORACLELINUX_ELSA-2020-0366.NASL", "ORACLELINUX_ELSA-2020-0834.NASL", "ORACLEVM_OVMSA-2019-0052.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "ORACLEVM_OVMSA-2020-0026.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "PHOTONOS_PHSA-2019-1_0-0259_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0191_LINUX.NASL", "REDHAT-RHSA-2019-3832.NASL", "REDHAT-RHSA-2019-3833.NASL", "REDHAT-RHSA-2019-3834.NASL", "REDHAT-RHSA-2019-3835.NASL", "REDHAT-RHSA-2019-3836.NASL", "REDHAT-RHSA-2019-3837.NASL", "REDHAT-RHSA-2019-3838.NASL", "REDHAT-RHSA-2019-3839.NASL", "REDHAT-RHSA-2019-3840.NASL", "REDHAT-RHSA-2019-3841.NASL", "REDHAT-RHSA-2019-3842.NASL", "REDHAT-RHSA-2019-3843.NASL", "REDHAT-RHSA-2019-3844.NASL", "REDHAT-RHSA-2019-3860.NASL", "REDHAT-RHSA-2019-3936.NASL", "REDHAT-RHSA-2020-0026.NASL", "REDHAT-RHSA-2020-0028.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-0279.NASL", "REDHAT-RHSA-2020-0328.NASL", "REDHAT-RHSA-2020-0339.NASL", "REDHAT-RHSA-2020-0366.NASL", "REDHAT-RHSA-2020-0555.NASL", "REDHAT-RHSA-2020-0666.NASL", "REDHAT-RHSA-2020-0730.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT-RHSA-2020-0839.NASL", "REDHAT-RHSA-2020-1465.NASL", "SLACKWARE_SSA_2019-320-01.NASL", "SL_20191113_KERNEL_ON_SL6_X.NASL", "SL_20191113_KERNEL_ON_SL7_X.NASL", "SL_20200205_QEMU_KVM_ON_SL7_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525232.NASL", "SMB_NT_MS19_NOV_4525234.NASL", "SMB_NT_MS19_NOV_4525235.NASL", "SMB_NT_MS19_NOV_4525236.NASL", "SMB_NT_MS19_NOV_4525237.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4525243.NASL", "SMB_NT_MS19_NOV_4525246.NASL", "SUSE_SU-2019-14217-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-14220-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2948-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2954-1.NASL", "SUSE_SU-2019-2955-1.NASL", "SUSE_SU-2019-2956-1.NASL", "SUSE_SU-2019-2957-1.NASL", "SUSE_SU-2019-2958-1.NASL", "SUSE_SU-2019-2959-1.NASL", "SUSE_SU-2019-2960-1.NASL", "SUSE_SU-2019-2961-1.NASL", "SUSE_SU-2019-2962-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-2986-1.NASL", "SUSE_SU-2019-2987-1.NASL", "SUSE_SU-2019-2988-1.NASL", "SUSE_SU-2019-3091-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3297-1.NASL", "SUSE_SU-2019-3340-1.NASL", "SUSE_SU-2019-3348-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0334-1.NASL", "SUSE_SU-2020-0388-1.NASL", "SUSE_SU-2020-14444-1.NASL", "UBUNTU_USN-4182-1.NASL", "UBUNTU_USN-4182-3.NASL", "UBUNTU_USN-4183-1.NASL", "UBUNTU_USN-4183-2.NASL", "UBUNTU_USN-4184-1.NASL", "UBUNTU_USN-4184-2.NASL", "UBUNTU_USN-4185-1.NASL", "UBUNTU_USN-4185-3.NASL", "UBUNTU_USN-4186-1.NASL", "UBUNTU_USN-4186-3.NASL", "VIRTUOZZO_VZA-2019-089.NASL", "VMWARE_VMSA-2019-0020.NASL", "VMWARE_WORKSTATION_VMSA_2019_0021.NASL", "XEN_SERVER_XSA-305.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310704564", "OPENVAS:1361412562310704565", "OPENVAS:1361412562310704602", "OPENVAS:1361412562310815720", "OPENVAS:1361412562310815722", "OPENVAS:1361412562310815834", "OPENVAS:1361412562310815835", "OPENVAS:1361412562310815836", "OPENVAS:1361412562310815837", "OPENVAS:1361412562310815839", "OPENVAS:1361412562310844229", "OPENVAS:1361412562310844230", "OPENVAS:1361412562310844231", "OPENVAS:1361412562310844233", "OPENVAS:1361412562310844234", "OPENVAS:1361412562310844235", "OPENVAS:1361412562310844236", "OPENVAS:1361412562310844263", "OPENVAS:1361412562310844274", "OPENVAS:1361412562310844277", "OPENVAS:1361412562310852771", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852773", "OPENVAS:1361412562310852774", "OPENVAS:1361412562310852777", "OPENVAS:1361412562310852810", "OPENVAS:1361412562310852883", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852919", "OPENVAS:1361412562310852957", "OPENVAS:1361412562310876993", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876996", "OPENVAS:1361412562310876997", "OPENVAS:1361412562310876998", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877000", "OPENVAS:1361412562310877001", "OPENVAS:1361412562310877045", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877081", "OPENVAS:1361412562310877102", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877144", "OPENVAS:1361412562310877169", "OPENVAS:1361412562310877197", "OPENVAS:1361412562310877198", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877213", "OPENVAS:1361412562310877281", "OPENVAS:1361412562310877292", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877391", "OPENVAS:1361412562310877407", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310883131", "OPENVAS:1361412562310883133", "OPENVAS:1361412562310883177", "OPENVAS:1361412562310883210", "OPENVAS:1361412562310891989", "OPENVAS:1361412562310891990", "OPENVAS:1361412562310892051", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201790", "OPENVAS:1361412562311220201792"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3832", "ELSA-2019-3834", "ELSA-2019-3836", "ELSA-2019-3872", "ELSA-2019-3979", "ELSA-2019-4256", "ELSA-2019-4836", "ELSA-2019-4837", "ELSA-2019-4838", "ELSA-2019-4839", "ELSA-2019-4850", "ELSA-2019-4854", "ELSA-2019-4855", "ELSA-2019-4867", "ELSA-2019-4868", "ELSA-2020-0279", "ELSA-2020-0366", "ELSA-2020-1016", "ELSA-2020-1116"]}, {"type": "osv", "idList": ["OSV:CVE-2019-11135", "OSV:DLA-1989-1", "OSV:DLA-1990-1", "OSV:DLA-2051-1", "OSV:DSA-4564-1", "OSV:DSA-4565-1", "OSV:DSA-4602-1"]}, {"type": "photon", "idList": ["PHSA-2019-0191", "PHSA-2019-0259", "PHSA-2019-1.0-0259", "PHSA-2019-2.0-0191"]}, {"type": "redhat", "idList": ["RHSA-2019:3832", "RHSA-2019:3833", "RHSA-2019:3834", "RHSA-2019:3835", "RHSA-2019:3836", "RHSA-2019:3837", "RHSA-2019:3838", "RHSA-2019:3839", "RHSA-2019:3840", "RHSA-2019:3841", "RHSA-2019:3842", "RHSA-2019:3843", "RHSA-2019:3844", "RHSA-2019:3860", "RHSA-2019:3936", "RHSA-2020:0026", "RHSA-2020:0028", "RHSA-2020:0204", "RHSA-2020:0279", "RHSA-2020:0328", "RHSA-2020:0339", "RHSA-2020:0366", "RHSA-2020:0555", "RHSA-2020:0666", "RHSA-2020:0730", "RHSA-2020:0834", "RHSA-2020:0839", "RHSA-2020:1465"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-11135", "RH:CVE-2019-19338"]}, {"type": "rocky", "idList": ["RLSA-2020:0279"]}, {"type": "slackware", "idList": ["SSA-2019-320-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2504-1", "OPENSUSE-SU-2019:2505-1", "OPENSUSE-SU-2019:2506-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2509-1", "OPENSUSE-SU-2019:2510-1", "OPENSUSE-SU-2019:2527-1", "OPENSUSE-SU-2019:2528-1", "OPENSUSE-SU-2019:2710-1"]}, {"type": "symantec", "idList": ["SMNTC-110805"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"]}, {"type": "thn", "idList": ["THN:2317E195EA00288327BADFBE0E5DBA9A"]}, {"type": "ubuntu", "idList": ["USN-4182-1", "USN-4182-2", "USN-4182-3", "USN-4182-4", "USN-4183-1", "USN-4183-2", "USN-4184-1", "USN-4184-2", "USN-4185-1", "USN-4185-2", "USN-4185-3", "USN-4186-1", "USN-4186-2", "USN-4186-3", "USN-4187-1", "USN-4188-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11135", "UB:CVE-2019-19338"]}, {"type": "veracode", "idList": ["VERACODE:21944", "VERACODE:22480"]}, {"type": "virtuozzo", "idList": ["VZA-2019-088", "VZA-2019-089"]}, {"type": "vmware", "idList": ["VMSA-2019-0020"]}, {"type": "xen", "idList": ["XSA-305"]}]}, "affected_software": {"major_version": [{"name": "ibm security qradar siem", "version": 7}, {"name": "ibm security qradar siem", "version": 7}]}, "epss": [{"cve": "CVE-2019-11135", "epss": "0.000490000", "percentile": "0.152750000", "modified": "2023-03-19"}], "vulnersScore": 1.1}, "_state": {"score": 1684015195, "dependencies": 1677520036, "affected_software_major_version": 1677520904, "epss": 1679305349}, "_internal": {"score_hash": "01aff900efe91ebf68660ca3431beb01"}, "affectedSoftware": [{"version": "7.3", "operator": "eq", "name": "ibm security qradar siem"}, {"version": "7.4", "operator": "eq", "name": "ibm security qradar siem"}]}

{"oraclelinux": [{"lastseen": "2021-07-28T14:24:41", "description": "kernel-uek\n[3.8.13-118.39.1.1]\n- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419232] {CVE-2019-11135}\n- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86/tsx: Add 'auto' option to TSX cmdline parameter (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86/tsx: Add TSX cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86: Add helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}\n- x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135"], "modified": "2019-11-12T00:00:00", "id": "ELSA-2019-4838", "href": "http://linux.oracle.com/errata/ELSA-2019-4838.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:25:01", "description": "[2.6.39-400.315.1.1]\n- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419231] {CVE-2019-11135}\n- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86/tsx: Add 'auto' option to TSX cmdline parameter (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86/tsx: Add TSX cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86: Add helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}\n- x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135"], "modified": "2019-11-12T00:00:00", "id": "ELSA-2019-4839", "href": "http://linux.oracle.com/errata/ELSA-2019-4839.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:25:09", "description": "[1.5.3-167.el7_7.4]\n- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]\n- Resolves: bz#1755333\n ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])\n[1.5.3-167.el7_7.3]\n- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960]\n- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960]\n- Resolves: bz#1771960\n (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z])\n[1.5.3-167.el7_7.2]\n- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606]\n- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606]\n- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606]\n- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606]\n- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606]\n- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606]\n- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606]\n- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606]\n- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606]\n- kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606]\n- Resolves: bz#1730606\n ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z])", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-05T00:00:00", "id": "ELSA-2020-0366", "href": "http://linux.oracle.com/errata/ELSA-2020-0366.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:06", "description": "[4.1.12-124.32.3.2]\n- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] {CVE-2019-11135}\n- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30419233] {CVE-2019-11135}\n- x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135}\n[4.1.12-124.32.3.1]\n- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207}\n- kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207}\n- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207}\n- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207}\n- x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 29967631] {CVE-2018-12207}\n- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in mapping_level() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 29967631] {CVE-2018-12207}\n- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}\n- KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2019-11-12T00:00:00", "id": "ELSA-2019-4837", "href": "http://linux.oracle.com/errata/ELSA-2019-4837.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:41", "description": "[2:2.1-53.3.0.4]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n[2:2.1-53.3.0.1]\n- do not late load prior to 3.10.0\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early loading on 06-4f-01\n- update 06-55-04 to 0x2000065\n- update 06-55-07 to 0x500002c", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-12-04T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-04T00:00:00", "id": "ELSA-2019-4867", "href": "http://linux.oracle.com/errata/ELSA-2019-4867.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:27", "description": "[3:1.17-33.19.0.4]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]\n[3:1.17-33.19.0.1]\n- merge Oracle changes for early load via dracut\n- enable late load on install for UEK4 kernels marked safe (except BDW-79)\n- update 06-55-04 to 0x2000065\n- update 06-55-07 to 0x500002c", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-12-04T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-04T00:00:00", "id": "ELSA-2019-4868", "href": "http://linux.oracle.com/errata/ELSA-2019-4868.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[4.14.35-1902.7.3]\n- rds: Rename rds_send_ping to rds_send_hs_ping (Hakon Bugge) [Orabug: 30418043] \n- rds: Use {READ,WRITE}_ONCE for heartbeat start and state (Hakon Bugge) [Orabug: 30418043] \n- rds: Change heartbeat params from module params to sysctl (Hakon Bugge) [Orabug: 30418043] \n- rds: Fix and augment probe counters (Hakon Bugge) [Orabug: 30418043] \n- rds: Introduce heartbeat interval (Hakon Bugge) [Orabug: 30418043] \n- rds: Fix heartbeat (Hakon Bugge) [Orabug: 30418043] \n- kexec: generate VMCOREINFO for modules (Isaac Chen) [Orabug: 30464386] \n- rds: RDS does not flush IPv6 neighbor cache (Ka-Cheong Poon) [Orabug: 30283690] \n- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}\n- kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}\n- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}\n- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967630] {CVE-2018-12207}\n- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}\n- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}\n- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}\n- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}\n- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419234] {CVE-2019-11135}\n- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}\n[4.14.35-1902.7.2]\n- floppy: fix div-by-zero in setup_format_params (Denis Efremov) [Orabug: 30447842] {CVE-2019-14284}\n- perfutil: Warn when exceeding MAX_NR_CPUS in cpumap (Kyle Meyer) [Orabug: 30441330] \n- perf header: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) [Orabug: 30441330] \n- perf machine: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330] \n- perf session: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330] \n- perf stat: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) [Orabug: 30441330] \n- perf svghelper: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330] \n- perf timechart: Refactor svg_build_topology_map() (Kyle Meyer) [Orabug: 30441330] \n- perf tools: Increase MAX_NR_CPUS and MAX_CACHES (Kyle Meyer) [Orabug: 30441330] \n- x86/boot/64: Round memory hole size up to next PMD page (Steve Wahl) [Orabug: 30441300] \n- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Steve Wahl) [Orabug: 30441300] \n- ACPICA: Increase total number of possible Owner IDs (Bob Moore) [Orabug: 30448814]\n[4.14.35-1902.7.1]\n- tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue (Tim Froidcoeur) [Orabug: 30331228] \n- tcp: be more careful in tcp_fragment() (Eric Dumazet) [Orabug: 30331228]\n- tcp: refine memory limit test in tcp_fragment() (Eric Dumazet) [Orabug: 30331228] \n- scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00 (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Fix module parameter max_msix_vectors (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Use Component img header to get Package ver (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Fail release cmnd if diag buffer is released (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Add app owned flag support for diag buffer (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Reuse diag buffer allocated at load time (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: clear release bit when buffer reregistered (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Maintain owner of buffer through UniqueID (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Free diag buffer without any status check (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Fix clear pending bit in ioctl status (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Display message before releasing diag buffer (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Register trace buffer based on NVDATA settings (Sreekanth Reddy) [Orabug: 30376510] \n- scsi: mpt3sas: Update driver version to 31.100.00.00 (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Run SAS DEVICE STATUS CHANGE EVENT from ISR (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Reduce the performance drop (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Handle fault during HBA initialization (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Add sysfs to know supported features (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Support MEMORY MOVE Tool box command (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Allow ioctls to blocked access status NVMe (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Enumerate SES of a managed PCIe switch (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Update MPI headers to 2.6.8 spec (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Gracefully handle online firmware update (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: memset request frame before reusing (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Add support for PCIe Lane margin (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: support target smid for [abort|query] task (Minwoo Im) [Orabug: 30299961] \n- scsi: mpt3sas: clean up a couple sizeof() uses (Dan Carpenter) [Orabug: 30299961] \n- scsi: mpt3sas: Fix msix load balance on and off settings (Sreekanth Reddy) [Orabug: 30299961] \n- scsi: mpt3sas: Determine smp affinity on per HBA basis (Sreekanth Reddy) [Orabug: 30299961] \n- scsi: mpt3sas: Use configured PCIe link speed, not max (Sreekanth Reddy) [Orabug: 30299961] \n- scsi: mpt3sas: Remove CPU arch check to determine perf_mode (Sreekanth Reddy) [Orabug: 30299961] \n- scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30299961] \n- scsi: mpt3sas: make driver options visible in sys (Tomas Henzl) [Orabug: 30299961] \n- scsi: mpt3sas: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 30299961] \n- scsi: mpt3sas: Update driver version to 29.100.00.00 (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Introduce perf_mode module parameter (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Enable interrupt coalescing on high iops (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Affinity high iops queues IRQs to local node (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: save and use MSI-X index for posting RD (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Use high iops queues under some circumstances (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: change _base_get_msix_index prototype (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Add flag high_iops_queues (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: function pointers of request descriptor (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (Gen Zhang) [Orabug: 30299961] \n- scsi: mpt3sas: fix indentation issue (Colin Ian King) [Orabug: 30299961] \n- scsi: mpt3sas: Fix kernel panic during expander reset (Sreekanth Reddy) [Orabug: 30299961] \n- scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Improve the threshold value and introduce module param (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Irq poll to avoid CPU hard lockups (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: simplify interrupt handler (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Fix typo in request_desript_type (Suganath Prabu) [Orabug: 30299961] \n- scsi: mpt3sas: Add missing breaks in switch statements (Gustavo A. R. Silva) [Orabug: 30299961] \n- scsi: mpt3sas: Update driver version to 27.102.00.00 (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Add support for ATLAS PCIe switch (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Add support for NVMe Switch Adapter (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: Rename mpi endpoint device ID macro. (Suganath Prabu S) [Orabug: 30299961] \n- scsi: mpt3sas: mpt3sas_scsih: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 30299961]\n[4.14.35-1902.7.0]\n- rds: fix uninteneded increase of rds_rdma:pool->max_items_soft (Manjunath Patil) [Orabug: 30397933] \n- ACPI / APEI: Fix parsing HEST that includes Deferred Machine Check subtable (Yazen Ghannam) [Orabug: 30385327] \n- rds: add ibmr to busy_list in flush code path (Manjunath Patil) [Orabug: 30383090] \n- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350262] {CVE-2019-15916}\n- kernel-uek.spec: defuse a memory bomb in xargs (Lukas Lipinsky) [Orabug: 30339974] \n- xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (Dongli Zhang) [Orabug: 30395404]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14284", "CVE-2019-15916"], "modified": "2019-11-12T00:00:00", "id": "ELSA-2019-4836", "href": "http://linux.oracle.com/errata/ELSA-2019-4836.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:55", "description": "[3.10.0-1062.4.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1062.4.2]\n- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3834", "href": "http://linux.oracle.com/errata/ELSA-2019-3834.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:46", "description": "[3.10.0-1062.4.3.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1062.4.3]\n- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n[3.10.0-1062.4.2]\n- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}\n- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}\n- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}\n- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}\n- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3872", "href": "http://linux.oracle.com/errata/ELSA-2019-3872.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2023-06-13T15:42:17", "description": "Updates of ['linux', 'linux-esx', 'linux-aws', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-11-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2019-0191", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135"], "modified": "2019-11-25T00:00:00", "id": "PHSA-2019-0191", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-191", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-03T20:59:47", "description": "An update of {'linux-esx', 'linux', 'linux-secure', 'linux-aws'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-11-25T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0191", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135"], "modified": "2019-11-25T00:00:00", "id": "PHSA-2019-2.0-0191", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-191", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-03T11:50:13", "description": "An update of {'linux', 'linux-esx', 'dhcp'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-03T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0259", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5732", "CVE-2019-11135"], "modified": "2019-12-03T00:00:00", "id": "PHSA-2019-1.0-0259", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-259", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-23T16:59:16", "description": "Updates of ['sysstat', 'dhcp', 'linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0259", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5732", "CVE-2019-11135", "CVE-2019-16167"], "modified": "2019-11-22T00:00:00", "id": "PHSA-2019-0259", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-259", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:30", "description": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-11-14T19:15:00", "type": "alpinelinux", "title": "CVE-2019-11135", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135"], "modified": "2022-10-07T15:03:00", "id": "ALPINE:CVE-2019-11135", "href": "https://security.alpinelinux.org/vuln/CVE-2019-11135", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-24T14:33:07", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2019-1.0-0259", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0259_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/132520", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0259. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132520);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2019-1.0-0259\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-259.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-dev-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-docs-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-sound-4.4.202-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"linux-tools-4.4.202-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0666 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2020:0666)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools"], "id": "REDHAT-RHSA-2020-0666.NASL", "href": "https://www.tenable.com/plugins/nessus/134263", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0666. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134263);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0666\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2020:0666)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:0666 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'qemu-img-1.5.3-160.el7_6.5', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-1.5.3-160.el7_6.5', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-common-1.5.3-160.el7_6.5', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-tools-1.5.3-160.el7_6.5', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:17", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4839 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4839.NASL", "href": "https://www.tenable.com/plugins/nessus/130997", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4839.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130997);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4839 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4839.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.315.1.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4839');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.315.1.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.315.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.315.1.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.315.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.315.1.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.315.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.315.1.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.315.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.315.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.315.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:55", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0279 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : virt:rhel (CESA-2020:0279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:slof", "p-cpe:/a:centos:centos:hivex", "p-cpe:/a:centos:centos:hivex-devel", "p-cpe:/a:centos:centos:libguestfs", "p-cpe:/a:centos:centos:libguestfs-bash-completion", "p-cpe:/a:centos:centos:libguestfs-benchmarking", "p-cpe:/a:centos:centos:libguestfs-devel", "p-cpe:/a:centos:centos:libguestfs-gfs2", "p-cpe:/a:centos:centos:libguestfs-gobject", "p-cpe:/a:centos:centos:libguestfs-gobject-devel", "p-cpe:/a:centos:centos:libguestfs-inspect-icons", "p-cpe:/a:centos:centos:libguestfs-java", "p-cpe:/a:centos:centos:libguestfs-java-devel", "p-cpe:/a:centos:centos:libguestfs-javadoc", "p-cpe:/a:centos:centos:libguestfs-man-pages-ja", "p-cpe:/a:centos:centos:libguestfs-man-pages-uk", "p-cpe:/a:centos:centos:libguestfs-rescue", "p-cpe:/a:centos:centos:libguestfs-rsync", "p-cpe:/a:centos:centos:libguestfs-tools", "p-cpe:/a:centos:centos:libguestfs-tools-c", "p-cpe:/a:centos:centos:libguestfs-winsupport", "p-cpe:/a:centos:centos:libguestfs-xfs", "p-cpe:/a:centos:centos:libiscsi", "p-cpe:/a:centos:centos:libiscsi-devel", "p-cpe:/a:centos:centos:libiscsi-utils", "p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-admin", "p-cpe:/a:centos:centos:libvirt-bash-completion", "p-cpe:/a:centos:centos:libvirt-client", "p-cpe:/a:centos:centos:libvirt-daemon", "p-cpe:/a:centos:centos:libvirt-daemon-config-network", "p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-interface", "p-cpe:/a:centos:centos:libvirt-daemon-driver-network", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu", "p-cpe:/a:centos:centos:libvirt-daemon-driver-secret", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:centos:centos:libvirt-daemon-kvm", "p-cpe:/a:centos:centos:libvirt-dbus", "p-cpe:/a:centos:centos:libvirt-devel", "p-cpe:/a:centos:centos:libvirt-docs", "p-cpe:/a:centos:centos:libvirt-libs", "p-cpe:/a:centos:centos:libvirt-lock-sanlock", "p-cpe:/a:centos:centos:libvirt-nss", "p-cpe:/a:centos:centos:lua-guestfs", "p-cpe:/a:centos:centos:nbdkit", "p-cpe:/a:centos:centos:nbdkit-bash-completion", "p-cpe:/a:centos:centos:nbdkit-basic-plugins", "p-cpe:/a:centos:centos:nbdkit-devel", "p-cpe:/a:centos:centos:nbdkit-example-plugins", "p-cpe:/a:centos:centos:nbdkit-plugin-gzip", "p-cpe:/a:centos:centos:nbdkit-plugin-python-common", "p-cpe:/a:centos:centos:nbdkit-plugin-python3", "p-cpe:/a:centos:centos:nbdkit-plugin-vddk", "p-cpe:/a:centos:centos:nbdkit-plugin-xz", "p-cpe:/a:centos:centos:netcf", "p-cpe:/a:centos:centos:netcf-devel", "p-cpe:/a:centos:centos:netcf-libs", "p-cpe:/a:centos:centos:ocaml-hivex", "p-cpe:/a:centos:centos:ocaml-hivex-devel", "p-cpe:/a:centos:centos:ocaml-libguestfs", "p-cpe:/a:centos:centos:ocaml-libguestfs-devel", "p-cpe:/a:centos:centos:perl-sys-guestfs", "p-cpe:/a:centos:centos:perl-sys-virt", "p-cpe:/a:centos:centos:perl-hivex", "p-cpe:/a:centos:centos:python3-hivex", "p-cpe:/a:centos:centos:python3-libguestfs", "p-cpe:/a:centos:centos:python3-libvirt", "p-cpe:/a:centos:centos:ruby-hivex", "p-cpe:/a:centos:centos:ruby-libguestfs", "p-cpe:/a:centos:centos:seabios", "p-cpe:/a:centos:centos:seabios-bin", "p-cpe:/a:centos:centos:seavgabios-bin", "p-cpe:/a:centos:centos:sgabios", "p-cpe:/a:centos:centos:sgabios-bin", "p-cpe:/a:centos:centos:supermin", "p-cpe:/a:centos:centos:supermin-devel", "p-cpe:/a:centos:centos:virt-dib", "p-cpe:/a:centos:centos:virt-p2v-maker", "p-cpe:/a:centos:centos:virt-v2v"], "id": "CENTOS8_RHSA-2020-0279.NASL", "href": "https://www.tenable.com/plugins/nessus/145983", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:0279. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145983);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0279\");\n\n script_name(english:\"CentOS 8 : virt:rhel (CESA-2020:0279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:0279 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0279\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-v2v\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/virt-devel');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt-devel:' + module_ver);\n\nvar appstreams = {\n 'virt-devel:rhel': [\n {'reference':'hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gfs2-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gfs2-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-javadoc-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-javadoc-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rescue-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rescue-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rsync-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rsync-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-c-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-c-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-xfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-xfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module_el8.1.0+266+ba744077', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-hivex-1.3.15-7.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libguestfs-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'sgabios-0.20170427git-3.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-3.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-3.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SLOF-20171214-6.gitfa98132.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-5.1.19-9.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-5.1.19-9.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-p2v-maker-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-p2v-maker-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-v2v-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-v2v-1.38.4-14.module_el8.1.0+248+298dec18', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-devel / libguestfs / libguestfs-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:51", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2019-2.0-0191", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0191_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/132536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0191. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132536);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2019-2.0-0191\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-191.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-debuginfo-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-devel-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-docs-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-debuginfo-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-sound-4.9.202-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-tools-4.9.202-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:54:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0279 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-30T00:00:00", "type": "nessus", "title": "RHEL 8 : virt:rhel (RHSA-2020:0279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.1", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:slof", "p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:netcf", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:perl-sys-guestfs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-virt", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "p-cpe:/a:redhat:enterprise_linux:nbdkit"], "id": "REDHAT-RHSA-2020-0279.NASL", "href": "https://www.tenable.com/plugins/nessus/133338", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0279. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133338);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0279\");\n\n script_name(english:\"RHEL 8 : virt:rhel (RHSA-2020:0279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:0279 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'virt-devel:rhel': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'i686', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ],\n 'virt:rhel': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.module+el8.1.0+5256+4b9ab730', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+5149+3ff2765e.2', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel / virt:rhel');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-devel / libguestfs / libguestfs-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:25", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0279 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : virt:ol (ELSA-2020-0279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:hivex", "p-cpe:/a:oracle:linux:hivex-devel", "p-cpe:/a:oracle:linux:libguestfs", "p-cpe:/a:oracle:linux:libguestfs-bash-completion", "p-cpe:/a:oracle:linux:libguestfs-benchmarking", "p-cpe:/a:oracle:linux:libguestfs-devel", "p-cpe:/a:oracle:linux:libguestfs-gfs2", "p-cpe:/a:oracle:linux:libguestfs-gobject", "p-cpe:/a:oracle:linux:libguestfs-gobject-devel", "p-cpe:/a:oracle:linux:libguestfs-inspect-icons", "p-cpe:/a:oracle:linux:libguestfs-java", "p-cpe:/a:oracle:linux:libguestfs-java-devel", "p-cpe:/a:oracle:linux:libguestfs-javadoc", "p-cpe:/a:oracle:linux:libguestfs-man-pages-ja", "p-cpe:/a:oracle:linux:libguestfs-man-pages-uk", "p-cpe:/a:oracle:linux:libguestfs-rescue", "p-cpe:/a:oracle:linux:libguestfs-rsync", "p-cpe:/a:oracle:linux:libguestfs-tools", "p-cpe:/a:oracle:linux:libguestfs-tools-c", "p-cpe:/a:oracle:linux:libguestfs-winsupport", "p-cpe:/a:oracle:linux:libguestfs-xfs", "p-cpe:/a:oracle:linux:libiscsi", "p-cpe:/a:oracle:linux:libiscsi-devel", "p-cpe:/a:oracle:linux:libiscsi-utils", "p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-dbus", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:lua-guestfs", "p-cpe:/a:oracle:linux:nbdkit", "p-cpe:/a:oracle:linux:nbdkit-bash-completion", "p-cpe:/a:oracle:linux:nbdkit-basic-plugins", "p-cpe:/a:oracle:linux:nbdkit-devel", "p-cpe:/a:oracle:linux:nbdkit-example-plugins", "p-cpe:/a:oracle:linux:nbdkit-plugin-gzip", "p-cpe:/a:oracle:linux:nbdkit-plugin-python-common", "p-cpe:/a:oracle:linux:nbdkit-plugin-python3", "p-cpe:/a:oracle:linux:nbdkit-plugin-vddk", "p-cpe:/a:oracle:linux:nbdkit-plugin-xz", "p-cpe:/a:oracle:linux:netcf", "p-cpe:/a:oracle:linux:netcf-devel", "p-cpe:/a:oracle:linux:netcf-libs", "p-cpe:/a:oracle:linux:ocaml-hivex", "p-cpe:/a:oracle:linux:ocaml-hivex-devel", "p-cpe:/a:oracle:linux:ocaml-libguestfs", "p-cpe:/a:oracle:linux:ocaml-libguestfs-devel", "p-cpe:/a:oracle:linux:perl-sys-guestfs", "p-cpe:/a:oracle:linux:perl-sys-virt", "p-cpe:/a:oracle:linux:perl-hivex", "p-cpe:/a:oracle:linux:python3-hivex", "p-cpe:/a:oracle:linux:python3-libguestfs", "p-cpe:/a:oracle:linux:python3-libvirt", "p-cpe:/a:oracle:linux:qemu-guest-agent", "p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-block-curl", "p-cpe:/a:oracle:linux:qemu-kvm-block-gluster", "p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi", "p-cpe:/a:oracle:linux:qemu-kvm-block-rbd", "p-cpe:/a:oracle:linux:qemu-kvm-block-ssh", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-core", "p-cpe:/a:oracle:linux:qemu-kvm-tests", "p-cpe:/a:oracle:linux:ruby-hivex", "p-cpe:/a:oracle:linux:ruby-libguestfs", "p-cpe:/a:oracle:linux:seabios", "p-cpe:/a:oracle:linux:seabios-bin", "p-cpe:/a:oracle:linux:seavgabios-bin", "p-cpe:/a:oracle:linux:sgabios", "p-cpe:/a:oracle:linux:sgabios-bin", "p-cpe:/a:oracle:linux:supermin", "p-cpe:/a:oracle:linux:supermin-devel", "p-cpe:/a:oracle:linux:virt-dib", "p-cpe:/a:oracle:linux:virt-p2v-maker", "p-cpe:/a:oracle:linux:virt-v2v"], "id": "ORACLELINUX_ELSA-2020-0279.NASL", "href": "https://www.tenable.com/plugins/nessus/140038", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-0279.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140038);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Oracle Linux 8 : virt:ol (ELSA-2020-0279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-0279 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-0279.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-v2v\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:ol');\nif ('ol' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:ol': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-xfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.2.0.1.module+el8.1.0+5470+cad7d629', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-guest-agent-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-tests-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-tests-2.12.0-88.0.1.module+el8.1.0+5470+cad7d629.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+5378+c5e0f4d7', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+5378+c5e0f4d7', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.0.1.module+el8.1.0+5378+c5e0f4d7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:ol');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hivex / hivex-devel / libguestfs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:46", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4838 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4838.NASL", "href": "https://www.tenable.com/plugins/nessus/130996", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4838.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130996);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4838)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4838 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4838.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.39.1.1.el6uek', '3.8.13-118.39.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4838');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.39.1.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.39.1.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.39.1.1.el6uek / dtrace-modules-3.8.13-118.39.1.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:03", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:0279 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : virt:rhel (ALSA-2020:0279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libiscsi", "p-cpe:/a:alma:linux:libiscsi-devel", "p-cpe:/a:alma:linux:libiscsi-utils", "p-cpe:/a:alma:linux:netcf", "p-cpe:/a:alma:linux:netcf-devel", "p-cpe:/a:alma:linux:netcf-libs", "p-cpe:/a:alma:linux:sgabios", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-0279.NASL", "href": "https://www.tenable.com/plugins/nessus/157539", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:0279.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157539);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2019-11135\");\n script_xref(name:\"ALSA\", value:\"2020:0279\");\n\n script_name(english:\"AlmaLinux 8 : virt:rhel (ALSA-2020:0279)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2020:0279 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-0279.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/virt-devel');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt-devel:' + module_ver);\n\nvar appstreams = {\n 'virt-devel:rhel': [\n {'reference':'libiscsi-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libiscsi / libiscsi-devel / libiscsi-utils / netcf / netcf-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:31", "description": "According to its self-reported version number, the Xen Hypervisor installed on the remote host is affected by an information disclosure vulnerability. A TSX Asynchronous Abort condition exists on some CPUs utilizing speculative execution. An authenticated, local attacker can exploit this to potentially enable information disclosure via a side channel.", "cvss3": {}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "Xen Information Disclosure Vulnerability (XSA-305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2020-03-03T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-305.NASL", "href": "https://www.tenable.com/plugins/nessus/134174", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134174);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/03\");\n\n script_cve_id(\"CVE-2019-11135\");\n\n script_name(english:\"Xen Information Disclosure Vulnerability (XSA-305)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen Hypervisor installed on the remote host is affected by an\ninformation disclosure vulnerability. A TSX Asynchronous Abort condition exists on some CPUs utilizing speculative\nexecution. An authenticated, local attacker can exploit this to potentially enable information disclosure via a side\nchannel.\");\n # https://xenbits.xen.org/xsa/advisory-305.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49587fdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\n\napp_name = 'Xen Hypervisor';\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += ' (changeset ' + changeset + ')';\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == 'managed')\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.8']['fixed_ver'] = '4.8.5';\nfixes['4.8']['fixed_ver_display'] = '4.8.5 (changeset 4c666a7)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\n'a70ba89', '6082eac', 'fb93a9b', '80e67e4', 'dc62982', 'aca2511', '17c3324', '4ffb12e', '929ec99', 'ae9ec06', '6c4efc1',\n'2867c7e', '611ca5b', '12ac129', 'f1bf612', '422d637', '6699295', '10105fa', 'bf78103', '219b64d', 'f03e1b7', '048bbe8',\n'151406a', 'd02aeba', '960670a', '4ed28df', 'c67210f', 'd4d3ab3', 'd87211e', 'a9acbcf', '514de95', '48ab64f', '181ed91',\n'c3fdb25', '7feb3cc', '343c611', '257048f', '491e033', '3683ec2', 'a172d06', '52092fc', 'e0d6cde', 'cc1c9e3', 'f6a4af3',\n'ece24c0', '175a698', '48f5cf7', '9eb6247', '31cbd18', 'fcf002d', 'ecbf88a', 'd929136', '8099c04', '752fb21', 'a95a103',\n'3dcb199', '55da36f', '160f050', '194b7a2', 'a556287', '2032f86', 'e9d860f', 'a1f8fe0', '5bc841c', '4539dbc', 'dcd6efd',\n'88fb22b', '1c4ab1e', '40ad83f', '51c3b69', '44aba8b', '067ec7d', 'f51d8e5', 'b9b0c46', '908e768');\n\nfixes['4.9']['fixed_ver'] = '4.9.4';\nfixes['4.9']['fixed_ver_display'] = '4.9.4 (changeset 49db55f)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\n'fa34ed5', '704f7ec', 'a930a74', '8c52ee2', '2e15a19', '70639ac', 'c3b479d', 'e349eae', '632fb4e', '4608c6d', '7daacca',\n'859e48e', '5be2dd0', 'b0147bd', 'cadd66a', 'd3c4b60', 'd59f5c4', '44303c6', '79538ba', '80c3157', '73f1a55', 'bc20fb1',\n'754a531', '7b032c2', 'ff4fdf0', '8d2a688', 'b9013d7', 'bc8e5ec', '34907f5', 'e70bf7e', 'fa0b891', '3a8177c', '04ec835',\n'8d63ec4', '1ff6b4d', 'f092d86', 'e4b534f', '87c49fe', '19becb8', '43775c0', 'f6b0f33', 'a17e75c', '67530e7', 'f804549',\n'84f81a8', '56aa239', '105db42', 'd9da3ea', 'ac90240', '3db28b0', '9b6f1c0', '0c4bbad', '917d8d3', '3384ea4', '352421f',\n'04e9dcb', '1612f15', 'f952b1d', '63d9330', 'f72414a', 'ac3a5f8', '1ae6b8e', '1dd3dcc', '7390fa1', '7e78dc4', '8fdfb1e',\n'55d36e2', '045f37c', 'dd7e637', '7a40b5b', 'f5acf97');\n\nfixes['4.10']['fixed_ver'] = '4.10.4';\nfixes['4.10']['fixed_ver_display'] = '4.10.4 (changeset fde09cb)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\n'804ba02', 'e8c3971', 'a8c4293', 'aa40452', '1da3dab', 'e5632c4', '902e72d', '6a14610', 'ea815b2', '13ad331', '61b75d9',\n'e70e7bf', 'e966e2e', 'dfa16a1', 'a71e199', 'c98be9e', 'a548e10', 'd3c0e84', '53b1572', '7203f9a', '6d1659d', 'a782173',\n'24e90db', '0824bc6', 'e6f3135', '3131bf9');\n\nfixes['4.11']['fixed_ver'] = '4.11.3';\nfixes['4.11']['fixed_ver_display'] = '4.11.3-pre (changeset 7450704)';\nfixes['4.11']['affected_ver_regex'] = '^4\\\\.11\\\\.';\nfixes['4.11']['affected_changesets'] = make_list(\n'56590ac', 'cc06f60', 'eb60ebb', '0db606d', '006b204', 'a187099', '3697e2a', 'c0f9d1e', '7cb2f1d', '56767b7', '952f362',\n'7c3c7d8', 'ee78046', '05c14f6', '6fed54c', '766edd7', '657dc2d', 'be89e98', '273cf03', 'd78a967', 'c20ab0c', '5350514',\n'19bb4f5', 'ca185ab', '0047407', 'aebe055', 'd6d52bc', '317de0a', '1b16093', 'ce7b549', '621b2d0', '8502a2c', '7f5f48d',\n'7824b9f', 'b52bcda', '27ff738', '6d36734', 'e2e653f', '9eac932', 'd4fe232', 'ba287c7', 'e33ce32', '28ed7a5', '527e324',\n'91836ce', '6eb3f76', 'cb86f3d', '8bfcd2e', 'fb1db30', 'b5433e7', 'b6ef69d', 'd27973c', 'ba6f5be', '4c6142e', '6e63afe',\n'5fcaaae', 'b0d4cec', 'c76e47d', 'a43eb8a', '3342ee9', 'b222046', '37ccdfd', '8bbb3e9', 'ff5ddf0', '802f994', '10582ea',\n'4e95d85', 'da235ee', '32bdae2', 'b647da4', '1ec05c2', '9b91bec', 'dc3cd3d', '3311f10', '5fd47c5', '6af54f7', 'c250e2d',\n'08cb4b9', '8efcc0d', '1cf304f', 'c14026b', 'c719519', '93ad919', 'fcc4f5d', '2f7f16c', 'fddda5d', 'd0dc725', '7ca58e5',\n'be800a1');\n\nfixes['4.12']['fixed_ver'] = '4.12.2';\nfixes['4.12']['fixed_ver_display'] = '4.12.2-pre (changeset 0138da1)';\nfixes['4.12']['affected_ver_regex'] = '^4\\\\.12\\\\.';\nfixes['4.12']['affected_changesets'] = make_list(\n'12a1ff9', 'a457425', '7f10403', 'b29848b', '278e46a', '7412e27', '58d59b9', '16bc9c0', '694fa9c', 'df67757', 'bbcd6c5',\n'7575728', 'db91ac4', '5698505', '28c209e', '1b1295e', '94ff3cf', '3918f99', '81a0e12', '113282b', '828e277', 'f5af2b9',\n'09513ab', '3dc7b91', '3d83e00', '26b8dd7', '5572ba9', 'bb4c1a8', '81feea0', '9f74689', '5f1c9e4', '4b5cc95', 'ab1e6a7',\n'801acf8', '97b4698', 'e28f7d6', '4fe70a1', 'c288534', '2a8209f', 'bc87a2d', '8fbf991', '8382d02', 'e142459', '0d210c0',\n'89de994', '9187046', '634a4d3', 'b6ee060', '61770e7', '599d6d2', '9d73672', 'e6ccef1', '2b84ade', 'd2ca39f', '04a2fe9',\n'3c10d06', '4e145fd', '07ec556', '847fc70', '5ea346e', 'd42fb06', '32443f6', 'a5fc553', 'b465705', 'd04466f', 'be2cd69',\n'50b9123', '8b129ba', 'b527557');\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n 'Installed version', display_version,\n 'Fixed version', fix,\n 'Path', path\n);\n\norder = make_list('Path', 'Installed version', 'Fixed version');\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0555 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-02-20T00:00:00", "type": "nessus", "title": "RHEL 8 : virt:8.1 and virt-devel:8.1 (RHSA-2020:0555)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:slof", "p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libtpms", "p-cpe:/a:redhat:enterprise_linux:libtpms-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-filters", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-curl-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-gzip-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-linuxdisk-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-python-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-server", "p-cpe:/a:redhat:enterprise_linux:nbdkit-ssh-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-vddk-plugin", "p-cpe:/a:redhat:enterprise_linux:nbdkit-xz-filter", "p-cpe:/a:redhat:enterprise_linux:netcf", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:perl-sys-guestfs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-virt", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:swtpm", "p-cpe:/a:redhat:enterprise_linux:swtpm-devel", "p-cpe:/a:redhat:enterprise_linux:swtpm-libs", "p-cpe:/a:redhat:enterprise_linux:swtpm-tools", "p-cpe:/a:redhat:enterprise_linux:virglrenderer", "p-cpe:/a:redhat:enterprise_linux:virglrenderer-devel", "p-cpe:/a:redhat:enterprise_linux:virglrenderer-test-server", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:virt-v2v"], "id": "REDHAT-RHSA-2020-0555.NASL", "href": "https://www.tenable.com/plugins/nessus/133825", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0555. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133825);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0555\");\n\n script_name(english:\"RHEL 8 : virt:8.1 and virt-devel:8.1 (RHSA-2020:0555)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:0555 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtpms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtpms-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-curl-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-gzip-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-linuxdisk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-python-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-ssh-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-vddk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-xz-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:swtpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:swtpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:swtpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:swtpm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virglrenderer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virglrenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virglrenderer-test-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'virt-devel:8.1': [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/debug',\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/os',\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/source/SRPMS',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/debug',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/os',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/debug',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/os',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/debug',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/os',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtpms-0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtpms-devel-0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-direct-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.3.0-2.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+3921+a49f7d7b', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+3921+a49f7d7b', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+3921+a49f7d7b', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-libguestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Virt-5.6.0-2.module+el8.1.0+4754+8d38b36b', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libvirt-5.6.0-2.module+el8.1.0+4754+8d38b36b', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qemu-kvm-tests-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+3554+1a3a94a6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'swtpm-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'swtpm-devel-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'swtpm-libs-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'swtpm-tools-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virglrenderer-0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virglrenderer-devel-0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virglrenderer-test-server-0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ],\n 'virt:8.1': [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/debug',\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/os',\n 'content/dist/layered/rhel8/aarch64/advanced-virt-crb/source/SRPMS',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/debug',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/os',\n 'content/dist/layered/rhel8/aarch64/advanced-virt/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/debug',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/os',\n 'content/dist/layered/rhel8/x86_64/advanced-virt-crb/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/debug',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/os',\n 'content/dist/layered/rhel8/x86_64/advanced-virt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libguestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-devel-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvirt-daemon-driver-qemu-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-5.6.0-6.2.module+el8.1.0+4953+432c8346', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nbdkit-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-filters-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-curl-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-gzip-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-linuxdisk-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-python-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-server-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-ssh-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-vddk-plugin-1.12.5-1.module+el8.1.0+3868+35f94834', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-xz-filter-1.12.5-1.module+el8.1.0+3868+35f94834', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Sys-Guestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'python3-libguestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qemu-guest-agent-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-img-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-common-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'qemu-kvm-core-4.1.0-14.module+el8.1.0+5346+c31201bb.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'15'},\n {'reference':'ruby-libguestfs-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'seabios-1.12.0-5.module+el8.1.0+4754+8d38b36b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seabios-bin-1.12.0-5.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'seavgabios-bin-1.12.0-5.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+3554+1a3a94a6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'SLOF-20190703-1.gitba1ab360.module+el8.1.0+3730+7d905127', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'supermin-5.1.19-10.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'supermin-devel-5.1.19-10.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'virt-dib-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'virt-v2v-1.40.2-14.module+el8.1.0+4754+8d38b36b', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:8.1 / virt:8.1');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-devel / libguestfs / libguestfs-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:34", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nrequires coreutils for the %post script (bsc#1154043)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:2959-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130957);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:2959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10\n Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nrequires coreutils for the %post script (bsc#1154043)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11139/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6564069\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2959=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2959=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2959=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2959=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2959=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2959=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2959=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2959=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2959=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2959=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112-13.53.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112-13.53.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:50", "description": "This security update is only applicable to EC2 Bare Metal instance types using Intel processors.\n\nIntel has released microcode updates for certain Intel CPUs. After installing the updated microcode_ctl package, the microcode will be automatically activated on next boot.\n\nImproper conditions check in the voltage modulation interface for some Intel Xeon Scalable Processors may allow a privileged user to potentially enable denial of service via local access.(CVE-2019-11139)\n\nTSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11135)", "cvss3": {}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : microcode_ctl / kernel (ALAS-2019-1364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:microcode_ctl", "p-cpe:/a:amazon:linux:microcode_ctl-debuginfo", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1364.NASL", "href": "https://www.tenable.com/plugins/nessus/131082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1364.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131082);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"ALAS\", value:\"2019-1364\");\n\n script_name(english:\"Amazon Linux 2 : microcode_ctl / kernel (ALAS-2019-1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update is only applicable to EC2 Bare Metal instance\ntypes using Intel processors.\n\nIntel has released microcode updates for certain Intel CPUs. After\ninstalling the updated microcode_ctl package, the microcode will be\nautomatically activated on next boot.\n\nImproper conditions check in the voltage modulation interface for some\nIntel Xeon Scalable Processors may allow a privileged user to\npotentially enable denial of service via local access.(CVE-2019-11139)\n\nTSX Asynchronous Abort condition on some CPUs utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local\naccess.(CVE-2019-11135)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1364.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update microcode_ctl' to update your system.\n\nRun 'yum update kernel' and reboot to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"microcode_ctl-2.1-47.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"microcode_ctl-debuginfo-2.1-47.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.152-127.182.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.152-127.182.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:09", "description": "This update for ucode-intel to version fixes the following issues :\n\nUpdated to 20191115 official security release (bsc#1157004 and bsc#1155988)\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2019:3091-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource"], "id": "SUSE_SU-2019-3091-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3091-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131552);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2019:3091-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel to version fixes the following issues :\n\nUpdated to 20191115 official security release (bsc#1157004 and\nbsc#1155988)\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11139/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193091-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd283a9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3091=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-20191115-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191115-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191115-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:56", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0730 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-09T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2020:0730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2020-1711"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev"], "id": "REDHAT-RHSA-2020-0730.NASL", "href": "https://www.tenable.com/plugins/nessus/134344", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0730. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134344);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2020-1711\");\n script_xref(name:\"RHSA\", value:\"2020:0730\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2020:0730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0730 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1794290\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1711\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/debug',\n 'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/os',\n 'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhevh/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhevh/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhevh/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.0/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.0/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.0/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.2/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.2/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.2/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-manager/4.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-power/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-power/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-power/4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.0/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.0/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.0/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhv/4.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'qemu-img-rhev-2.12.0-18.el7_6.9', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'rhevm-4'},\n {'reference':'qemu-kvm-common-rhev-2.12.0-18.el7_6.9', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'rhevm-4'},\n {'reference':'qemu-kvm-rhev-2.12.0-18.el7_6.9', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'rhevm-4'},\n {'reference':'qemu-kvm-tools-rhev-2.12.0-18.el7_6.9', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'rhevm-4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T14:37:35", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0028 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2020:0028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1"], "id": "REDHAT-RHSA-2020-0028.NASL", "href": "https://www.tenable.com/plugins/nessus/132687", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0028. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132687);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0028\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2020:0028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0028 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1646768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-9.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-8.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-7.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-4.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062_1_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:50:58", "description": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nSecurity Fix(es) :\n\n* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-14T00:00:00", "type": "nessus", "title": "RHEL 7 : Virtualization Manager (RHSA-2019:3860)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3860.NASL", "href": "https://www.tenable.com/plugins/nessus/130999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3860. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130999);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2019:3860\");\n\n script_name(english:\"RHEL 7 : Virtualization Manager (RHSA-2019:3860)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for redhat-release-virtualization-host and\nredhat-virtualization-host is now available for Red Hat Virtualization\n4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization 4.2 for\nRed Hat Enterprise Linux 7.6 EUS.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat\nVirtualization Host. These packages include\nredhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special\nbuild of Red Hat Enterprise Linux with only the packages required to\nhost virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nSecurity Fix(es) :\n\n* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/ifu-page-mce\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/tsx-asynchronousabort\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected redhat-release-virtualization-host,\nredhat-virtualization-host-image-update and / or\nredhat-virtualization-host-image-update-placeholder packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3860\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"redhat-release-virtualization-host-4.3.6-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-4.3.6-20191108.0.el7_7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-placeholder-4.3.6-5.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"redhat-release-virtualization-host / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:08", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14220-1 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.\n (CVE-2019-11139)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14220-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:microcode_ctl", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14220-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150642", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14220-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150642);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14220-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14220-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14220-1 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable\n Processors may allow a privileged user to potentially enable denial of service via local access.\n (CVE-2019-11139)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1155988\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-November/006151.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?036d7958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11139\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'microcode_ctl-1.17-102.83.50', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.50', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.50', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.50', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:18", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 official security release (bsc#1155988)\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:2988-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2988-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2988-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131123);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:2988-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 official security release (bsc#1155988)\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11139/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192988-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8084be6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2988=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2988=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2988=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2988=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2988=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2988=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2988=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2988=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2988=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2988=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20191112a-13.56.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20191112a-13.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:47", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0366 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2020:0366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools"], "id": "REDHAT-RHSA-2020-0366.NASL", "href": "https://www.tenable.com/plugins/nessus/133482", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0366. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133482);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:0366\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2020:0366)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0366 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'qemu-img-1.5.3-167.el7_7.4', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-1.5.3-167.el7_7.4', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-common-1.5.3-167.el7_7.4', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-tools-1.5.3-167.el7_7.4', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'qemu-img-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-common-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'qemu-kvm-tools-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:46", "description": "This update ships updated CPU microcode for some types of Intel CPUs.\nIn particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DSA 4564-1.", "cvss3": {}, "published": "2019-11-14T00:00:00", "type": "nessus", "title": "Debian DSA-4565-1 : intel-microcode - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:intel-microcode", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4565.NASL", "href": "https://www.tenable.com/plugins/nessus/130983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4565. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130983);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"DSA\", value:\"4565\");\n\n script_name(english:\"Debian DSA-4565-1 : intel-microcode - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update ships updated CPU microcode for some types of Intel CPUs.\nIn particular it provides mitigations for the TAA (TSX Asynchronous\nAbort) vulnerability. For affected CPUs, to fully mitigate the\nvulnerability it is also necessary to update the Linux kernel packages\nas released in DSA 4564-1.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/intel-microcode\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?019586d4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4565\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the intel-microcode packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 3.20191112.1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 3.20191112.1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"intel-microcode\", reference:\"3.20191112.1~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"intel-microcode\", reference:\"3.20191112.1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:15", "description": "Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)\n\nIt was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11139).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Intel Microcode update (USN-4182-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4182-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4182-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130962);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"USN\", value:\"4182-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Intel Microcode update (USN-4182-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi\nMaisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van\nBulck discovered that Intel processors using Transactional\nSynchronization Extensions (TSX) could expose memory contents\npreviously stored in microarchitectural buffers to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2019-11135)\n\nIt was discovered that certain Intel Xeon processors did not properly\nrestrict access to a voltage modulation interface. A local privileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4182-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191112-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191112-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191112-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"intel-microcode\", pkgver:\"3.20191112-0ubuntu0.19.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:50:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/cpu: Add a helper function x86_read_arch_cap_msr (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: x86: Do not release the page inside mmu_set_spte (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)\n\n - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move mapping_level_dirty_bitmap call in mapping_level (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault) (Takuya Yoshikawa) [Orabug:\n 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Make mmu_set_spte return emulate value (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page to link_shadow_page (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page (Takuya Yoshikawa) [Orabug:\n 29967631] (CVE-2018-12207)", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0052.NASL", "href": "https://www.tenable.com/plugins/nessus/130923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0052.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130923);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0052)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/tsx: Add config options to set tsx=on|off|auto\n (Michal Hocko) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add documentation for TSX Async\n Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/tsx: Add 'auto' option to the tsx= cmdline parameter\n (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled\n (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add sysfs reporting for TSX Async\n Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/speculation/taa: Add mitigation for TSX Async Abort\n (Kanth Ghatraju) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled\n by default (Pawan Gupta) [Orabug: 30419233]\n (CVE-2019-11135)\n\n - x86/cpu: Add a helper function x86_read_arch_cap_msr\n (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)\n\n - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta)\n [Orabug: 30419233] (CVE-2019-11135)\n\n - kvm: x86: mmu: Recovery of shattered NX large pages\n (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: Add helper function for creating VM worker threads\n (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini)\n [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: remove now unneeded hugepage gfn adjustment\n (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: make FNAME(fetch) and __direct_map more\n similar (Paolo Bonzini) [Orabug: 29967631]\n (CVE-2018-12207)\n\n - kvm: x86: Do not release the page inside mmu_set_spte\n (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)\n\n - x86/cpu: Add Tremont to the cpu vulnerability whitelist\n (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)\n\n - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta)\n [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move mapping_level_dirty_bitmap call in\n mapping_level (Takuya Yoshikawa) [Orabug: 29967631]\n (CVE-2018-12207)\n\n - Revert 'KVM: x86: use the fast way to invalidate all\n pages' (Sean Christopherson) [Orabug: 29967631]\n (CVE-2018-12207)\n\n - kvm: Convert kvm_lock to a mutex (Junaid Shahid)\n [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Simplify force_pt_level calculation code\n in FNAME(page_fault) (Takuya Yoshikawa) [Orabug:\n 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Make force_pt_level bool (Takuya\n Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Remove unused parameter parent_pte from\n kvm_mmu_get_page (Takuya Yoshikawa) [Orabug: 29967631]\n (CVE-2018-12207)\n\n - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo\n Bonzini) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Make mmu_set_spte return emulate value\n (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move parent_pte handling from\n kvm_mmu_get_page to link_shadow_page (Takuya Yoshikawa)\n [Orabug: 29967631] (CVE-2018-12207)\n\n - KVM: x86: MMU: Move initialization of parent_ptes out\n from kvm_mmu_alloc_page (Takuya Yoshikawa) [Orabug:\n 29967631] (CVE-2018-12207)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000966.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7baad653\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.32.3.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.32.3.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T14:37:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0026 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2020:0026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1"], "id": "REDHAT-RHSA-2020-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/132685", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0026. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132685);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n script_xref(name:\"RHSA\", value:\"2020:0026\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2020:0026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0026 advisory.\n\n - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1646768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kpatch-patch-3_10_0-957_35_1, kpatch-patch-3_10_0-957_35_2 and / or kpatch-patch-3_10_0-957_38_1\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-957.35.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_1-1-5.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.35.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_35_2-1-4.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.38.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_38_1-1-3.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-957_35_1 / kpatch-patch-3_10_0-957_35_2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:52:56", "description": "This update for spectre-meltdown-checker fixes the following issues :\n\nversion 0.43\n\n - feat: implement TAA detection (CVE-2019-11135 bsc#1139073)\n\n - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)\n\n - feat: taa: add TSX_CTRL MSR detection in hardware info\n\n - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database\n\n - feat: use --live with --kernel/--config/--map to override file detection in live mode\n\n - enh: rework the vuln logic of MDS with --paranoid (fixes #307)\n\n - enh: explain that Enhanced IBRS is better for performance than classic IBRS\n\n - enh: kernel: autodetect customized arch kernels from cmdline\n\n - enh: kernel decompression: better tolerance against missing tools\n\n - enh: mock: implement reading from /proc/cmdline\n\n - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a\n\n - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)\n\n - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels\n\n - fix: sgx: on locked down kernels, fallback to CPUID bit for detection\n\n - fix: fwdb: builtin version takes precedence if the local cached version is older\n\n - fix: pteinv: don't check kernel image if not available\n\n - fix: silence useless error from grep (fixes #322)\n\n - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)\n\n - fix: mocking value for read_msr\n\n - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme\n\n - chore: fwdb: update to v130.20191104+i20191027\n\n - chore: add GitHub check workflow\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3340-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2019-12-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:spectre-meltdown-checker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3340-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3340-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132334);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n\n script_name(english:\"SUSE SLES12 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3340-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for spectre-meltdown-checker fixes the following issues :\n\nversion 0.43\n\n - feat: implement TAA detection (CVE-2019-11135\n bsc#1139073)\n\n - feat: implement MCEPSC / iTLB Multihit detection\n (CVE-2018-12207 bsc#1117665)\n\n - feat: taa: add TSX_CTRL MSR detection in hardware info\n\n - feat: fwdb: use both Intel GitHub repo and MCEdb to\n build our firmware version database\n\n - feat: use --live with --kernel/--config/--map to\n override file detection in live mode\n\n - enh: rework the vuln logic of MDS with --paranoid (fixes\n #307)\n\n - enh: explain that Enhanced IBRS is better for\n performance than classic IBRS\n\n - enh: kernel: autodetect customized arch kernels from\n cmdline\n\n - enh: kernel decompression: better tolerance against\n missing tools\n\n - enh: mock: implement reading from /proc/cmdline\n\n - fix: variant3a: Silvermont CPUs are not vulnerable to\n variant 3a\n\n - fix: lockdown: detect Red Hat locked down kernels\n (impacts MSR writes)\n\n - fix: lockdown: detect locked down mode in vanilla 5.4+\n kernels\n\n - fix: sgx: on locked down kernels, fallback to CPUID bit\n for detection\n\n - fix: fwdb: builtin version takes precedence if the local\n cached version is older\n\n - fix: pteinv: don't check kernel image if not available\n\n - fix: silence useless error from grep (fixes #322)\n\n - fix: msr: fix msr module detection under Ubuntu 19.10\n (fixes #316)\n\n - fix: mocking value for read_msr\n\n - chore: rename mcedb cmdline parameters to fwdb, and\n change db version scheme\n\n - chore: fwdb: update to v130.20191104+i20191027\n\n - chore: add GitHub check workflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193340-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?174220c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3340=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"spectre-meltdown-checker-0.43-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spectre-meltdown-checker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:51:49", "description": "This update for spectre-meltdown-checker fixes the following issues :\n\n - feat: implement TAA detection (CVE-2019-11135 bsc#1139073)\n\n - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)\n\n - feat: taa: add TSX_CTRL MSR detection in hardware info\n\n - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database\n\n - feat: use --live with --kernel/--config/--map to override file detection in live mode\n\n - enh: rework the vuln logic of MDS with --paranoid (fixes #307)\n\n - enh: explain that Enhanced IBRS is better for performance than classic IBRS\n\n - enh: kernel: autodetect customized arch kernels from cmdline\n\n - enh: kernel decompression: better tolerance against missing tools\n\n - enh: mock: implement reading from /proc/cmdline\n\n - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a\n\n - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)\n\n - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels\n\n - fix: sgx: on locked down kernels, fallback to CPUID bit for detection\n\n - fix: fwdb: builtin version takes precedence if the local cached version is older\n\n - fix: pteinv: don't check kernel image if not available\n\n - fix: silence useless error from grep (fixes #322)\n\n - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)\n\n - fix: mocking value for read_msr\n\n - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme\n\n - chore: fwdb: update to v130.20191104+i20191027\n\n - chore: add GitHub check workflow\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "openSUSE Security Update : spectre-meltdown-checker (openSUSE-2019-2710)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:spectre-meltdown-checker", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2710.NASL", "href": "https://www.tenable.com/plugins/nessus/132516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2710.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132516);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\");\n\n script_name(english:\"openSUSE Security Update : spectre-meltdown-checker (openSUSE-2019-2710)\");\n script_summary(english:\"Check for the openSUSE-2019-2710 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for spectre-meltdown-checker fixes the following issues :\n\n - feat: implement TAA detection (CVE-2019-11135\n bsc#1139073)\n\n - feat: implement MCEPSC / iTLB Multihit detection\n (CVE-2018-12207 bsc#1117665)\n\n - feat: taa: add TSX_CTRL MSR detection in hardware info\n\n - feat: fwdb: use both Intel GitHub repo and MCEdb to\n build our firmware version database\n\n - feat: use --live with --kernel/--config/--map to\n override file detection in live mode\n\n - enh: rework the vuln logic of MDS with --paranoid (fixes\n #307)\n\n - enh: explain that Enhanced IBRS is better for\n performance than classic IBRS\n\n - enh: kernel: autodetect customized arch kernels from\n cmdline\n\n - enh: kernel decompression: better tolerance against\n missing tools\n\n - enh: mock: implement reading from /proc/cmdline\n\n - fix: variant3a: Silvermont CPUs are not vulnerable to\n variant 3a\n\n - fix: lockdown: detect Red Hat locked down kernels\n (impacts MSR writes)\n\n - fix: lockdown: detect locked down mode in vanilla 5.4+\n kernels\n\n - fix: sgx: on locked down kernels, fallback to CPUID bit\n for detection\n\n - fix: fwdb: builtin version takes precedence if the local\n cached version is older\n\n - fix: pteinv: don't check kernel image if not available\n\n - fix: silence useless error from grep (fixes #322)\n\n - fix: msr: fix msr module detection under Ubuntu 19.10\n (fixes #316)\n\n - fix: mocking value for read_msr\n\n - chore: rename mcedb cmdline parameters to fwdb, and\n change db version scheme\n\n - chore: fwdb: update to v130.20191104+i20191027\n\n - chore: add GitHub check workflow\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spectre-meltdown-checker package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"spectre-meltdown-checker-0.43-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spectre-meltdown-checker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:20", "description": "This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-11-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-2504)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ucode-intel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2504.NASL", "href": "https://www.tenable.com/plugins/nessus/131058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2504.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131058);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-2504)\");\n script_summary(english:\"Check for the openSUSE-2019-2504 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10\n Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ucode-intel-20191112-lp150.2.30.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:34", "description": "From Red Hat Security Advisory 2020:0366 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)", "cvss3": {}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2020-0366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-0366.NASL", "href": "https://www.tenable.com/plugins/nessus/133513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0366 and \n# Oracle Linux Security Advisory ELSA-2020-0366 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133513);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/10\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:0366\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2020-0366)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0366 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-February/009595.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:33", "description": "This update ships updated CPU microcode for some types of Intel CPUs.\nIn particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DLA 1989-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.20191115.2~deb8u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "Debian DLA-2051-1 : intel-microcode security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:intel-microcode", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/132513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2051-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132513);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"Debian DLA-2051-1 : intel-microcode security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update ships updated CPU microcode for some types of Intel CPUs.\nIn particular it provides mitigations for the TAA (TSX Asynchronous\nAbort) vulnerability. For affected CPUs, to fully mitigate the\nvulnerability it is also necessary to update the Linux kernel packages\nas released in DLA 1989-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.20191115.2~deb8u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"intel-microcode\", reference:\"3.20191115.2~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:48", "description": "This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 official security release (bsc#1155988)\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-2528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ucode-intel", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2528.NASL", "href": "https://www.tenable.com/plugins/nessus/131156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2528.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131156);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-2528)\");\n script_summary(english:\"Check for the openSUSE-2019-2528 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 official security release\n (bsc#1155988)\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ucode-intel-20191112a-lp151.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:15", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2958-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2958-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2958-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130956);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2958-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10\n Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11139/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192958-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17c8b208\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2958=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20191112-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:47", "description": "This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2019-11-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ucode-intel (openSUSE-2019-2509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:ucode-intel"], "id": "OPENSUSE-2019-2509.NASL", "href": "https://www.tenable.com/plugins/nessus/131063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2509.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131063);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2019-2509)\");\n script_summary(english:\"Check for the openSUSE-2019-2509 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\n - Updated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10\n Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\n - Includes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ucode-intel-20191112-lp151.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:28", "description": "This security update is only applicable to EC2 Bare Metal instance types using Intel processors.\n\nIntel has released microcode updates for certain Intel CPUs. After installing the updated microcode_ctl package, the microcode will be automatically activated on next boot.\n\nImproper conditions check in the voltage modulation interface for some Intel Xeon Scalable Processors may allow a privileged user to potentially enable denial of service via local access.(CVE-2019-11139)\n\nTSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11135)", "cvss3": {}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : microcode_ctl / kernel (ALAS-2019-1318)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:microcode_ctl", "p-cpe:/a:amazon:linux:microcode_ctl-debuginfo", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers"], "id": "ALA_ALAS-2019-1318.NASL", "href": "https://www.tenable.com/plugins/nessus/131083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1318.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131083);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"ALAS\", value:\"2019-1318\");\n\n script_name(english:\"Amazon Linux AMI : microcode_ctl / kernel (ALAS-2019-1318)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update is only applicable to EC2 Bare Metal instance\ntypes using Intel processors.\n\nIntel has released microcode updates for certain Intel CPUs. After\ninstalling the updated microcode_ctl package, the microcode will be\nautomatically activated on next boot.\n\nImproper conditions check in the voltage modulation interface for some\nIntel Xeon Scalable Processors may allow a privileged user to\npotentially enable denial of service via local access.(CVE-2019-11139)\n\nTSX Asynchronous Abort condition on some CPUs utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local\naccess.(CVE-2019-11135)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1318.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update microcode_ctl' to update your system.\n\nRun 'yum update kernel' and reboot to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"microcode_ctl-2.1-47.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"microcode_ctl-debuginfo-2.1-47.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.152-98.182.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.152-98.182.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:11", "description": "USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details :\n\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)\n\nIt was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface.\nA local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : intel-microcode regression (USN-4182-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4182-3.NASL", "href": "https://www.tenable.com/plugins/nessus/131694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4182-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131694);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"USN\", value:\"4182-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : intel-microcode regression (USN-4182-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4182-1 provided updated Intel Processor Microcode. A regression\nwas discovered that caused some Skylake processors to hang after a\nwarm reboot. This update reverts the microcode for that specific\nprocessor family.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details :\n\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi\nMaisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van\nBulck discovered that Intel processors using Transactional\nSynchronization Extensions (TSX) could expose memory contents\npreviously stored in microarchitectural buffers to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2019-11135)\n\nIt was discovered that certain Intel Xeon processors did not\nproperly restrict access to a voltage modulation interface.\nA local privileged attacker could use this to cause a denial\nof service (system crash). (CVE-2019-11139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4182-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191115.1ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191115.1ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"intel-microcode\", pkgver:\"3.20191115.1ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"intel-microcode\", pkgver:\"3.20191115.1ubuntu0.19.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:34", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14217-1 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.\n (CVE-2019-11139)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:microcode_ctl", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14217-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150660", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14217-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150660);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14217-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14217-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14217-1 advisory.\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable\n Processors may allow a privileged user to potentially enable denial of service via local access.\n (CVE-2019-11139)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1155988\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-November/006136.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4939a115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11139\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'microcode_ctl-1.17-102.83.47', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.47', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.47', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.47', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:49", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2957-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-11139"], "modified": "2019-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2957-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2957-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130955);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-11139\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2957-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated to 20191112 security release (bsc#1155988)\n\n - Processor Identifier Version Products\n\n - Model Stepping F-MO-S/PI Old->New\n\n - ---- new platforms\n ----------------------------------------\n\n - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile\n\n - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile\n\n - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable\n\n - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile\n\n - ---- updated platforms\n ------------------------------------\n\n - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile\n\n - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6\n\n - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile\n\n - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile\n\n - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8\n Mobile\n\n - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile\n\n - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile\n\n - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10\n Mobile\n\n - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile\n\n - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8\n\n - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7;\n Xeon E3 v6\n\n - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8\n Desktop, Mobile, Xeon E\n\n - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8\n\n - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile\n\nIncludes security fixes for :\n\n - CVE-2019-11135: Added feature allowing to disable TSX\n RTM (bsc#1139073)\n\n - CVE-2019-11139: A CPU microcode only fix for Voltage\n modulation issues (bsc#1141035)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11139/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192957-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35302afb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2957=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11135\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\&quo