Search...

Amazon Linux 2 : qemu (ALAS-2019-1248)

2019-07-24T00:00:00

ID AL2_ALAS-2019-1248.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. (CVE-2018-20815)

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. (CVE-2019-5008)

Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1248.
#

include("compat.inc");

if (description)
{
  script_id(126960);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2018-20815", "CVE-2019-12155", "CVE-2019-5008", "CVE-2019-9824");
  script_xref(name:"ALAS", value:"2019-1248");

  script_name(english:"Amazon Linux 2 : qemu (ALAS-2019-1248)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux 2 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A heap buffer overflow issue was found in the load_device_tree()
function of QEMU, which is invoked to load a device tree blob at boot
time. It occurs due to device tree size manipulation before buffer
allocation, which could overflow a signed int type. A user/process
could use this flaw to potentially execute arbitrary code on a host
system with privileges of the QEMU process. (CVE-2018-20815)

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer
dereference, which allows the attacker to cause a denial of service
via a device driver. (CVE-2019-5008)

Slirp: information leakage in tcp_emu() due to uninitialized stack
variables (CVE-2019-9824)

qxl: NULL pointer dereference while releasing spice resources
(CVE-2019-12155)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update qemu' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ivshmem-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-oss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-pa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-sdl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-dmg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-nfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-sdl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-binfmt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"ivshmem-tools-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-alsa-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-oss-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-pa-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-sdl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-curl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-dmg-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-iscsi-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-nfs-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"qemu-block-rbd-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-ssh-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-common-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-debuginfo-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-guest-agent-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-img-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-curses-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-gtk-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-sdl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-binfmt-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-static-3.1.0-7.amzn2.0.1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ivshmem-tools / qemu / qemu-audio-alsa / qemu-audio-oss / etc");
}

JSON Vulners Source

Initial Source

{"id": "AL2_ALAS-2019-1248.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux 2 : qemu (ALAS-2019-1248)", "description": "A heap buffer overflow issue was found in the load_device_tree()\nfunction of QEMU, which is invoked to load a device tree blob at boot\ntime. It occurs due to device tree size manipulation before buffer\nallocation, which could overflow a signed int type. A user/process\ncould use this flaw to potentially execute arbitrary code on a host\nsystem with privileges of the QEMU process. (CVE-2018-20815)\n\nhw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer\ndereference, which allows the attacker to cause a denial of service\nvia a device driver. (CVE-2019-5008)\n\nSlirp: information leakage in tcp_emu() due to uninitialized stack\nvariables (CVE-2019-9824)\n\nqxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)", "published": "2019-07-24T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/126960", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html"], "cvelist": ["CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-12155"], "type": "nessus", "lastseen": "2021-01-01T01:17:05", "edition": 17, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-9824", "CVE-2019-5008", "CVE-2019-12155", "CVE-2018-20815"]}, {"type": "amazon", "idList": ["ALAS2-2020-1467", "ALAS2-2019-1248"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-2192-1.NASL", "FEDORA_2019-E9DE40D53F.NASL", "GENTOO_GLSA-201904-25.NASL", "DEBIAN_DLA-1781.NASL", "FEDORA_2019-52A8F5468E.NASL", "UBUNTU_USN-3978-1.NASL", "OPENSUSE-2019-2041.NASL", "OPENSUSE-2019-1274.NASL", "EULEROS_SA-2019-2255.NASL", "REDHAT-RHSA-2019-3345.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201904-25"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113381", "OPENVAS:1361412562311220192255", "OPENVAS:1361412562310844007", "OPENVAS:1361412562310876564", "OPENVAS:1361412562310852454", "OPENVAS:1361412562310883077", "OPENVAS:1361412562311220201029", "OPENVAS:1361412562310891781", "OPENVAS:1361412562310852968", "OPENVAS:1361412562310883104"]}, {"type": "fedora", "idList": ["FEDORA:4852F614170A"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4631", "ELSA-2019-4640", "ELSA-2019-2607", "ELSA-2019-1650", "ELSA-2019-2078"]}, {"type": "redhat", "idList": ["RHSA-2019:1650", "RHSA-2019:2078", "RHSA-2019:1723", "RHSA-2019:3345", "RHSA-2019:1881", "RHSA-2019:2507", "RHSA-2019:2607", "RHSA-2019:1667", "RHSA-2019:1968", "RHSA-2019:1743"]}, {"type": "ubuntu", "idList": ["USN-3978-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4506-1:6D735", "DEBIAN:DLA-1781-1:BE52E"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1405-1", "OPENSUSE-SU-2019:2059-1", "OPENSUSE-SU-2019:2041-1", "OPENSUSE-SU-2019:1274-1"]}, {"type": "centos", "idList": ["CESA-2019:2078", "CESA-2019:1650", "CESA-2019:2607"]}], "modified": "2021-01-01T01:17:05", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-01T01:17:05", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1248.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126960);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-12155\", \"CVE-2019-5008\", \"CVE-2019-9824\");\n script_xref(name:\"ALAS\", value:\"2019-1248\");\n\n script_name(english:\"Amazon Linux 2 : qemu (ALAS-2019-1248)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow issue was found in the load_device_tree()\nfunction of QEMU, which is invoked to load a device tree blob at boot\ntime. It occurs due to device tree size manipulation before buffer\nallocation, which could overflow a signed int type. A user/process\ncould use this flaw to potentially execute arbitrary code on a host\nsystem with privileges of the QEMU process. (CVE-2018-20815)\n\nhw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer\ndereference, which allows the attacker to cause a denial of service\nvia a device driver. (CVE-2019-5008)\n\nSlirp: information leakage in tcp_emu() due to uninitialized stack\nvariables (CVE-2019-9824)\n\nqxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update qemu' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ivshmem-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-aarch64-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-x86-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"ivshmem-tools-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-alsa-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-oss-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-pa-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-sdl-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-curl-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-dmg-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-iscsi-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-nfs-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-ssh-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-common-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-debuginfo-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-guest-agent-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-img-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-kvm-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-kvm-core-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-aarch64-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-aarch64-core-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-x86-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-x86-core-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-curses-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-gtk-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-sdl-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-binfmt-3.1.0-7.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-static-3.1.0-7.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ivshmem-tools / qemu / qemu-audio-alsa / qemu-audio-oss / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "126960", "cpe": ["p-cpe:/a:amazon:linux:qemu-audio-oss", "p-cpe:/a:amazon:linux:qemu-debuginfo", "p-cpe:/a:amazon:linux:qemu-ui-curses", "p-cpe:/a:amazon:linux:qemu-user-binfmt", "p-cpe:/a:amazon:linux:qemu-audio-alsa", "p-cpe:/a:amazon:linux:qemu-block-nfs", "p-cpe:/a:amazon:linux:qemu", "p-cpe:/a:amazon:linux:qemu-block-curl", "p-cpe:/a:amazon:linux:qemu-audio-sdl", "p-cpe:/a:amazon:linux:qemu-ui-gtk", "p-cpe:/a:amazon:linux:qemu-ui-sdl", "p-cpe:/a:amazon:linux:qemu-common", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:qemu-img", "p-cpe:/a:amazon:linux:qemu-block-ssh", "p-cpe:/a:amazon:linux:ivshmem-tools", "p-cpe:/a:amazon:linux:qemu-system-aarch64", "p-cpe:/a:amazon:linux:qemu-block-iscsi", "p-cpe:/a:amazon:linux:qemu-audio-pa", "p-cpe:/a:amazon:linux:qemu-system-x86", "p-cpe:/a:amazon:linux:qemu-system-aarch64-core", "p-cpe:/a:amazon:linux:qemu-system-x86-core", "p-cpe:/a:amazon:linux:qemu-user", "p-cpe:/a:amazon:linux:qemu-kvm-core", "p-cpe:/a:amazon:linux:qemu-user-static", "p-cpe:/a:amazon:linux:qemu-block-rbd", "p-cpe:/a:amazon:linux:qemu-block-dmg", "p-cpe:/a:amazon:linux:qemu-guest-agent", "p-cpe:/a:amazon:linux:qemu-kvm"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-10-03T13:20:19", "description": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-31T22:29:00", "title": "CVE-2018-20815", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20815"], "modified": "2019-07-02T23:15:00", "cpe": ["cpe:/a:qemu:qemu:3.1.0"], "id": "CVE-2018-20815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20815", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:3.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-31T13:44:01", "description": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.", "edition": 16, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-24T16:29:00", "title": "CVE-2019-12155", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155"], "modified": "2020-12-30T20:15:00", "cpe": ["cpe:/a:qemu:qemu:4.0.0"], "id": "CVE-2019-12155", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12155", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:4.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:54", "description": "hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-19T19:29:00", "title": "CVE-2019-5008", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5008"], "modified": "2019-05-14T20:29:00", "cpe": ["cpe:/a:qemu:qemu:3.1.50"], "id": "CVE-2019-5008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:3.1.50:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:39:01", "description": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.", "edition": 11, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-03T21:29:00", "title": "CVE-2019-9824", "type": "cve", "cwe": ["CWE-908"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9824"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:qemu:qemu:3.0.0"], "id": "CVE-2019-9824", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9824", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T02:23:28", "description": " - CVE-2019-12155: qxl: NULL pointer dereference while\n releasing spice resources (bz #1712727, bz #1712670)\n\n - CVE-2019-5008: NULL pointer dereference in\n hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz\n #1705915)\n\n - CVE-2018-20815: device_tree: heap buffer overflow while\n loading device tree blob (bz #1693117, bz #1693101)\n\n - CVE-2019-9824: Slirp: information leakage in tcp_emu()\n due to uninitialized stack variables (bz #1689794, bz\n #1678515)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "title": "Fedora 30 : 2:qemu (2019-52a8f5468e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-12155"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:2:qemu"], "id": "FEDORA_2019-52A8F5468E.NASL", "href": "https://www.tenable.com/plugins/nessus/126530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-52a8f5468e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126530);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-12155\", \"CVE-2019-5008\", \"CVE-2019-9824\");\n script_xref(name:\"FEDORA\", value:\"2019-52a8f5468e\");\n\n script_name(english:\"Fedora 30 : 2:qemu (2019-52a8f5468e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2019-12155: qxl: NULL pointer dereference while\n releasing spice resources (bz #1712727, bz #1712670)\n\n - CVE-2019-5008: NULL pointer dereference in\n hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz\n #1705915)\n\n - CVE-2018-20815: device_tree: heap buffer overflow while\n loading device tree blob (bz #1693117, bz #1693101)\n\n - CVE-2019-9824: Slirp: information leakage in tcp_emu()\n due to uninitialized stack variables (bz #1689794, bz\n #1678515)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-52a8f5468e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"qemu-3.1.0-9.fc30\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:28:04", "description": " - CVE-2019-12155: qxl: NULL pointer dereference while\n releasing spice resources (bz #1712727, bz #1712670)\n\n - CVE-2019-5008: NULL pointer dereference in\n hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz\n #1705915)\n\n - CVE-2018-20815: device_tree: heap buffer overflow while\n loading device tree blob (bz #1693117, bz #1693101)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "title": "Fedora 29 : 2:qemu (2019-e9de40d53f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20815", "CVE-2019-5008", "CVE-2019-12155"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:2:qemu"], "id": "FEDORA_2019-E9DE40D53F.NASL", "href": "https://www.tenable.com/plugins/nessus/126533", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e9de40d53f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126533);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-12155\", \"CVE-2019-5008\");\n script_xref(name:\"FEDORA\", value:\"2019-e9de40d53f\");\n\n script_name(english:\"Fedora 29 : 2:qemu (2019-e9de40d53f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2019-12155: qxl: NULL pointer dereference while\n releasing spice resources (bz #1712727, bz #1712670)\n\n - CVE-2019-5008: NULL pointer dereference in\n hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz\n #1705915)\n\n - CVE-2018-20815: device_tree: heap buffer overflow while\n loading device tree blob (bz #1693117, bz #1693101)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9de40d53f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"qemu-3.0.1-4.fc29\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:57:18", "description": "The remote host is affected by the vulnerability described in GLSA-201904-25\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-25T00:00:00", "title": "GLSA-201904-25 : QEMU: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9824", "CVE-2018-20815"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:qemu"], "id": "GENTOO_GLSA-201904-25.NASL", "href": "https://www.tenable.com/plugins/nessus/124289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201904-25.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124289);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/22\");\n\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-9824\");\n script_xref(name:\"GLSA\", value:\"201904-25\");\n\n script_name(english:\"GLSA-201904-25 : QEMU: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201904-25\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201904-25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QEMU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-3.1.0-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu\", unaffected:make_list(\"ge 3.1.0-r4\"), vulnerable:make_list(\"lt 3.1.0-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QEMU\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:00:06", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c)\n in QEMU 3.0.0 uses uninitialized data in an snprintf\n call, leading to Information disclosure.(CVE-2019-9824)\n\n - interface_release_resource in hw/display/qxl.c in QEMU\n 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9824", "CVE-2019-12155"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2255.NASL", "href": "https://www.tenable.com/plugins/nessus/130717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130717);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12155\",\n \"CVE-2019-9824\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c)\n in QEMU 3.0.0 uses uninitialized data in an snprintf\n call, leading to Information disclosure.(CVE-2019-9824)\n\n - interface_release_resource in hw/display/qxl.c in QEMU\n 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2255\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca579531\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9824\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-156.5.h4\",\n \"qemu-kvm-1.5.3-156.5.h4\",\n \"qemu-kvm-common-1.5.3-156.5.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-23T03:52:48", "description": "An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* ntfs-3g: heap-based buffer overflow leads to local root privilege\nescalation (CVE-2019-9755)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized\nstack variables (CVE-2019-9824)\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.", "edition": 9, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-06T00:00:00", "title": "RHEL 8 : virt:rhel (RHSA-2019:3345)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9755", "CVE-2019-9824", "CVE-2019-12155"], "modified": "2019-11-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel", "p-cpe:/a:redhat:enterprise_linux:ocaml-hivex", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:netcf-debugsource", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:hivex-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:netcf", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:supermin-debugsource", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:SLOF", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource"], "id": "REDHAT-RHSA-2019-3345.NASL", "href": "https://www.tenable.com/plugins/nessus/130529", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3345. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130529);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-9755\", \"CVE-2019-9824\");\n script_xref(name:\"RHSA\", value:\"2019:3345\");\n\n script_name(english:\"RHEL 8 : virt:rhel (RHSA-2019:3345)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* ntfs-3g: heap-based buffer overflow leads to local root privilege\nescalation (CVE-2019-9755)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized\nstack variables (CVE-2019-9824)\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9755\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nappstreams = {\n 'virt:rhel': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'seabios-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'seabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'release':'8'},\n {'reference':'seavgabios-bin-1.11.1-4.module+el8.1.0+4066+0f1aadab', 'release':'8'},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'release':'8', 'epoch':'1'},\n {'reference':'SLOF-20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab', 'release':'8'},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-9.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n 'virt-devel:rhel': [\n {'reference':'hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-4.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libiscsi-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-8.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-3.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-35.module+el8.1.0+4227+b2722cb3', 'cpu':'i686', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'netcf-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-12.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'ocaml-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8'},\n {'reference':'ocaml-hivex-devel-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ocaml-libguestfs-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ocaml-libguestfs-devel-1.38.4-14.module+el8.1.0+4066+0f1aadab', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-5.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-2.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-tests-2.12.0-88.module+el8.1.0+4233+bc44be3f', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-7.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8'},\n {'reference':'sgabios-0.20170427git-3.module+el8.1.0+4066+0f1aadab', 'cpu':'i686', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel / virt:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-debugsource / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T10:59:31", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKurtis Miller discovered that a buffer overflow existed in QEMU when\nloading a device tree blob. A local attacker could use this to execute\narbitrary code. (CVE-2018-20815)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nIt was discovered that a NULL pointer dereference existed in the sun4u\npower device implementation in QEMU. A local attacker could use this\nto cause a denial of service. This issue only affected Ubuntu 18.10\nand Ubuntu 19.04. (CVE-2019-5008)\n\nWilliam Bowling discovered that an information leak existed in the\nSLiRP networking implementation of QEMU. An attacker could use this to\nexpose sensitive information. (CVE-2019-9824).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : QEMU update (USN-3978-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "p-cpe:/a:canonical:ubuntu_linux:qemu", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3978-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3978-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125137);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-20815\", \"CVE-2019-11091\", \"CVE-2019-5008\", \"CVE-2019-9824\");\n script_xref(name:\"USN\", value:\"3978-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : QEMU update (USN-3978-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKurtis Miller discovered that a buffer overflow existed in QEMU when\nloading a device tree blob. A local attacker could use this to execute\narbitrary code. (CVE-2018-20815)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nIt was discovered that a NULL pointer dereference existed in the sun4u\npower device implementation in QEMU. A local attacker could use this\nto cause a denial of service. This issue only affected Ubuntu 18.10\nand Ubuntu 19.04. (CVE-2019-5008)\n\nWilliam Bowling discovered that an information leak existed in the\nSLiRP networking implementation of QEMU. An attacker could use this to\nexpose sensitive information. (CVE-2019-9824).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3978-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected qemu and / or qemu-system-x86 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu\", pkgver:\"1:2.5+dfsg-5ubuntu10.38\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu\", pkgver:\"1:2.11+dfsg-1ubuntu7.13\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.11+dfsg-1ubuntu7.13\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"qemu\", pkgver:\"1:2.12+dfsg-3ubuntu8.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.12+dfsg-3ubuntu8.7\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu\", pkgver:\"1:3.1+dfsg-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:3.1+dfsg-2ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu / qemu-system-x86\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:40:41", "description": "Several vulnerabilities were found in QEMU, a fast processor \nemulator :\n\nCVE-2018-11806\n\nIt was found that the SLiRP networking implementation could use a\nwrong size when reallocating its buffers, which can be exploited by a\npriviledged user on a guest to cause denial of service or possibly\narbitrary code execution on the host system.\n\nCVE-2018-18849\n\nIt was found that the LSI53C895A SCSI Host Bus Adapter emulation was\nsusceptible to an out of bounds memory access, which could be\nleveraged by a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\nA heap buffer overflow was found in the load_device_tree function,\nwhich could be used by a malicious user to potentially execute\narbitrary code with the priviledges of the QEMU process.\n\nCVE-2019-9824\n\nWilliam Bowling discovered that the SLiRP networking implementation\ndid not handle some messages properly, which could be triggered to\nleak memory via crafted messages.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-10T00:00:00", "title": "Debian DLA-1781-1 : qemu security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11806", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815"], "modified": "2019-05-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-system-mips", "p-cpe:/a:debian:debian_linux:qemu-system-sparc", "p-cpe:/a:debian:debian_linux:qemu-utils", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:qemu-system-x86", "p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-guest-agent", "p-cpe:/a:debian:debian_linux:qemu-user-binfmt", "p-cpe:/a:debian:debian_linux:qemu-system-common", "p-cpe:/a:debian:debian_linux:qemu-user", "p-cpe:/a:debian:debian_linux:qemu-system-ppc", "p-cpe:/a:debian:debian_linux:qemu-system-misc", "p-cpe:/a:debian:debian_linux:qemu-user-static", "p-cpe:/a:debian:debian_linux:qemu-system-arm"], "id": "DEBIAN_DLA-1781.NASL", "href": "https://www.tenable.com/plugins/nessus/124720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1781-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124720);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-11806\", \"CVE-2018-18849\", \"CVE-2018-20815\", \"CVE-2019-9824\");\n\n script_name(english:\"Debian DLA-1781-1 : qemu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in QEMU, a fast processor \nemulator :\n\nCVE-2018-11806\n\nIt was found that the SLiRP networking implementation could use a\nwrong size when reallocating its buffers, which can be exploited by a\npriviledged user on a guest to cause denial of service or possibly\narbitrary code execution on the host system.\n\nCVE-2018-18849\n\nIt was found that the LSI53C895A SCSI Host Bus Adapter emulation was\nsusceptible to an out of bounds memory access, which could be\nleveraged by a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\nA heap buffer overflow was found in the load_device_tree function,\nwhich could be used by a malicious user to potentially execute\narbitrary code with the priviledges of the QEMU process.\n\nCVE-2019-9824\n\nWilliam Bowling discovered that the SLiRP networking implementation\ndid not handle some messages properly, which could be triggered to\nleak memory via crafted messages.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"qemu\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-kvm\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-arm\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-common\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-mips\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-misc\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-x86\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-static\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-utils\", reference:\"1:2.1+dfsg-12+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:41:10", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9824: Fixed information leak in slirp\n (bsc#1129622).\n\n - CVE-2019-8934: Added method to specify whether or not to\n expose certain ppc64 hostinformation (bsc#1126455).\n\n - CVE-2019-3812: Fixed Out-of-bounds memory access and\n information leak in virtual monitor interface\n (bsc#1125721).\n\n - CVE-2018-20815: Fixed a denial of service possibility in\n device tree processing (bsc#1130675).\n\nNon-security issue fixed :\n\n - Backported Skylake-Server vcpu model support from qemu\n v2.11 (FATE#327261 bsc#1131955).\n\n - Added ability to set virtqueue size using virtqueue_size\n parameter (FATE#327255 bsc#1118900).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-26T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2019-1274)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8934", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-3812"], "modified": "2019-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2019-1274.NASL", "href": "https://www.tenable.com/plugins/nessus/124311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1274.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124311);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-3812\", \"CVE-2019-8934\", \"CVE-2019-9824\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-1274)\");\n script_summary(english:\"Check for the openSUSE-2019-1274 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9824: Fixed information leak in slirp\n (bsc#1129622).\n\n - CVE-2019-8934: Added method to specify whether or not to\n expose certain ppc64 hostinformation (bsc#1126455).\n\n - CVE-2019-3812: Fixed Out-of-bounds memory access and\n information leak in virtual monitor interface\n (bsc#1125721).\n\n - CVE-2018-20815: Fixed a denial of service possibility in\n device tree processing (bsc#1130675).\n\nNon-security issue fixed :\n\n - Backported Skylake-Server vcpu model support from qemu\n v2.11 (FATE#327261 bsc#1131955).\n\n - Added ability to set virtqueue size using virtqueue_size\n parameter (FATE#327255 bsc#1118900).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327261\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ipxe-1.0.0+-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debugsource-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-seabios-1.10.2-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-sgabios-8-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-vgabios-1.10.2-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ksm-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-lang-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-testsuite-2.9.1-59.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-59.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:19:12", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in\n ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer\n dereference while releasing spice resources\n (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL\n can be bypassed when names are too long (bsc#1140402).\n\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in\n sparc64 virtual machine possible through guest device\n driver (bsc#1133031).\n\nBug fixes and enhancements :\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be\n simply Snowridge (jsc#SLE-4883)\n\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n\n - Add in documentation about md-clear feature\n (bsc#1138534)\n\n - Fix SEV issue where older machine type is not processed\n correctly (bsc#1144087)\n\n - Fix case of a bad pointer in Xen PV usb support code\n (bsc#1128106)\n\n - Further refine arch-capabilities handling to help with\n security and performance in Intel hosts (bsc#1134883,\n bsc#1135210) (fate#327764)\n\n - Add support for one more security/performance related\n vcpu feature (bsc#1136778) (fate#327796)\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2019-2041)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13164", "CVE-2019-5008", "CVE-2019-14378", "CVE-2019-12155"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-audio-pa-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:qemu-audio-pa", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-block-nfs", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ui-curses", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-block-nfs-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ui-curses-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-audio-oss-debuginfo", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-audio-alsa-debuginfo", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ui-sdl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-audio-sdl", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ui-gtk-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-audio-oss", "p-cpe:/a:novell:opensuse:qemu-ui-gtk", "p-cpe:/a:novell:opensuse:qemu-ui-sdl", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-sdl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-alsa", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2019-2041.NASL", "href": "https://www.tenable.com/plugins/nessus/128457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2041.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128457);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/24 11:01:33\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-5008\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-2041)\");\n script_summary(english:\"Check for the openSUSE-2019-2041 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in\n ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer\n dereference while releasing spice resources\n (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL\n can be bypassed when names are too long (bsc#1140402).\n\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in\n sparc64 virtual machine possible through guest device\n driver (bsc#1133031).\n\nBug fixes and enhancements :\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be\n simply Snowridge (jsc#SLE-4883)\n\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n\n - Add in documentation about md-clear feature\n (bsc#1138534)\n\n - Fix SEV issue where older machine type is not processed\n correctly (bsc#1144087)\n\n - Fix case of a bad pointer in Xen PV usb support code\n (bsc#1128106)\n\n - Further refine arch-capabilities handling to help with\n security and performance in Intel hosts (bsc#1134883,\n bsc#1135210) (fate#327764)\n\n - Add support for one more security/performance related\n vcpu feature (bsc#1136778) (fate#327796)\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327796\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-alsa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-oss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-pa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-nfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-arm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-arm-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-alsa-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-oss-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-oss-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-pa-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-pa-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-sdl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-sdl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-curl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-curl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-dmg-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-gluster-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-gluster-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-iscsi-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-iscsi-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-nfs-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-nfs-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-rbd-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-rbd-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-ssh-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-ssh-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-debugsource-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-extra-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-extra-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-guest-agent-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-guest-agent-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ipxe-1.0.0+-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ksm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-kvm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-lang-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-debuginfo-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-debugsource-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ppc-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ppc-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-s390-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-s390-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-seabios-1.12.0-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-sgabios-8-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-testsuite-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-tools-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-tools-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-curses-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-curses-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-gtk-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-sdl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-sdl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-vgabios-1.12.0-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-x86-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-x86-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:20:13", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nCVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual\nmachine possible through guest device driver (bsc#1133031).\n\nBug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu\nmodel to now be simply Snowridge (jsc#SLE-4883)\n\nAdd SnowRidge-Server vcpu model (jsc#SLE-4883)\n\nAdd in documentation about md-clear feature (bsc#1138534)\n\nFix SEV issue where older machine type is not processed correctly\n(bsc#1144087)\n\nFix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\nFurther refine arch-capabilities handling to help with security and\nperformance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature\n(bsc#1136778) (fate#327796)\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-22T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13164", "CVE-2019-5008", "CVE-2019-14378", "CVE-2019-12155"], "modified": "2019-08-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ui-curses", "p-cpe:/a:novell:suse_linux:qemu-audio-pa", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-audio-alsa", "p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-audio-oss", "p-cpe:/a:novell:suse_linux:qemu-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-testsuite", "p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user", "p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-ui-gtk", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-dmg", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-arm", "p-cpe:/a:novell:suse_linux:qemu-ppc", "p-cpe:/a:novell:suse_linux:qemu-x86", "p-cpe:/a:novell:suse_linux:qemu-extra"], "id": "SUSE_SU-2019-2192-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2192-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-5008\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nCVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual\nmachine possible through guest device driver (bsc#1133031).\n\nBug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu\nmodel to now be simply Snowridge (jsc#SLE-4883)\n\nAdd SnowRidge-Server vcpu model (jsc#SLE-4883)\n\nAdd in documentation about md-clear feature (bsc#1138534)\n\nFix SEV issue where older machine type is not processed correctly\n(bsc#1144087)\n\nFix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\nFurther refine arch-capabilities handling to help with security and\nperformance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature\n(bsc#1136778) (fate#327796)\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5008/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192192-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e13d510\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2192=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2192=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2192=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-arm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-arm-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-curl-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-dmg-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-iscsi-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-iscsi-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-rbd-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-rbd-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-ssh-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-ssh-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-debugsource-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-extra-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-extra-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-guest-agent-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-kvm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-lang-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-debuginfo-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-debugsource-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-ppc-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-ppc-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-testsuite-3.1.1-9.3.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-tools-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-tools-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-arm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-arm-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-block-dmg-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-debugsource-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-extra-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-extra-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-debuginfo-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-debugsource-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-ppc-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-ppc-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-testsuite-3.1.1-9.3.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-tools-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-tools-debuginfo-3.1.1-9.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-12155"], "description": "**Issue Overview:**\n\nA heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. ([CVE-2018-20815 __](<https://access.redhat.com/security/cve/CVE-2018-20815>))\n\nhw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. ([CVE-2019-5008 __](<https://access.redhat.com/security/cve/CVE-2019-5008>))\n\nSlirp: information leakage in tcp_emu() due to uninitialized stack variables ([CVE-2019-9824 __](<https://access.redhat.com/security/cve/CVE-2019-9824>))\n\nqxl: null pointer dereference while releasing spice resources ([CVE-2019-12155 __](<https://access.redhat.com/security/cve/CVE-2019-12155>)) \n\n\n \n**Affected Packages:** \n\n\nqemu\n\n \n**Issue Correction:** \nRun _yum update qemu_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n qemu-3.1.0-7.amzn2.0.1.aarch64 \n qemu-common-3.1.0-7.amzn2.0.1.aarch64 \n qemu-guest-agent-3.1.0-7.amzn2.0.1.aarch64 \n qemu-img-3.1.0-7.amzn2.0.1.aarch64 \n ivshmem-tools-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-curl-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-dmg-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-iscsi-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-nfs-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-rbd-3.1.0-7.amzn2.0.1.aarch64 \n qemu-block-ssh-3.1.0-7.amzn2.0.1.aarch64 \n qemu-audio-alsa-3.1.0-7.amzn2.0.1.aarch64 \n qemu-audio-oss-3.1.0-7.amzn2.0.1.aarch64 \n qemu-audio-pa-3.1.0-7.amzn2.0.1.aarch64 \n qemu-audio-sdl-3.1.0-7.amzn2.0.1.aarch64 \n qemu-ui-curses-3.1.0-7.amzn2.0.1.aarch64 \n qemu-ui-gtk-3.1.0-7.amzn2.0.1.aarch64 \n qemu-ui-sdl-3.1.0-7.amzn2.0.1.aarch64 \n qemu-kvm-3.1.0-7.amzn2.0.1.aarch64 \n qemu-kvm-core-3.1.0-7.amzn2.0.1.aarch64 \n qemu-user-3.1.0-7.amzn2.0.1.aarch64 \n qemu-user-binfmt-3.1.0-7.amzn2.0.1.aarch64 \n qemu-user-static-3.1.0-7.amzn2.0.1.aarch64 \n qemu-system-aarch64-3.1.0-7.amzn2.0.1.aarch64 \n qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.aarch64 \n qemu-system-x86-3.1.0-7.amzn2.0.1.aarch64 \n qemu-system-x86-core-3.1.0-7.amzn2.0.1.aarch64 \n qemu-debuginfo-3.1.0-7.amzn2.0.1.aarch64 \n \n i686: \n qemu-3.1.0-7.amzn2.0.1.i686 \n qemu-common-3.1.0-7.amzn2.0.1.i686 \n qemu-guest-agent-3.1.0-7.amzn2.0.1.i686 \n qemu-img-3.1.0-7.amzn2.0.1.i686 \n ivshmem-tools-3.1.0-7.amzn2.0.1.i686 \n qemu-block-curl-3.1.0-7.amzn2.0.1.i686 \n qemu-block-dmg-3.1.0-7.amzn2.0.1.i686 \n qemu-block-iscsi-3.1.0-7.amzn2.0.1.i686 \n qemu-block-nfs-3.1.0-7.amzn2.0.1.i686 \n qemu-block-ssh-3.1.0-7.amzn2.0.1.i686 \n qemu-audio-alsa-3.1.0-7.amzn2.0.1.i686 \n qemu-audio-oss-3.1.0-7.amzn2.0.1.i686 \n qemu-audio-pa-3.1.0-7.amzn2.0.1.i686 \n qemu-audio-sdl-3.1.0-7.amzn2.0.1.i686 \n qemu-ui-curses-3.1.0-7.amzn2.0.1.i686 \n qemu-ui-gtk-3.1.0-7.amzn2.0.1.i686 \n qemu-ui-sdl-3.1.0-7.amzn2.0.1.i686 \n qemu-kvm-3.1.0-7.amzn2.0.1.i686 \n qemu-kvm-core-3.1.0-7.amzn2.0.1.i686 \n qemu-user-3.1.0-7.amzn2.0.1.i686 \n qemu-user-binfmt-3.1.0-7.amzn2.0.1.i686 \n qemu-user-static-3.1.0-7.amzn2.0.1.i686 \n qemu-system-aarch64-3.1.0-7.amzn2.0.1.i686 \n qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.i686 \n qemu-system-x86-3.1.0-7.amzn2.0.1.i686 \n qemu-system-x86-core-3.1.0-7.amzn2.0.1.i686 \n qemu-debuginfo-3.1.0-7.amzn2.0.1.i686 \n \n src: \n qemu-3.1.0-7.amzn2.0.1.src \n \n x86_64: \n qemu-3.1.0-7.amzn2.0.1.x86_64 \n qemu-common-3.1.0-7.amzn2.0.1.x86_64 \n qemu-guest-agent-3.1.0-7.amzn2.0.1.x86_64 \n qemu-img-3.1.0-7.amzn2.0.1.x86_64 \n ivshmem-tools-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-curl-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-dmg-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-iscsi-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-nfs-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-rbd-3.1.0-7.amzn2.0.1.x86_64 \n qemu-block-ssh-3.1.0-7.amzn2.0.1.x86_64 \n qemu-audio-alsa-3.1.0-7.amzn2.0.1.x86_64 \n qemu-audio-oss-3.1.0-7.amzn2.0.1.x86_64 \n qemu-audio-pa-3.1.0-7.amzn2.0.1.x86_64 \n qemu-audio-sdl-3.1.0-7.amzn2.0.1.x86_64 \n qemu-ui-curses-3.1.0-7.amzn2.0.1.x86_64 \n qemu-ui-gtk-3.1.0-7.amzn2.0.1.x86_64 \n qemu-ui-sdl-3.1.0-7.amzn2.0.1.x86_64 \n qemu-kvm-3.1.0-7.amzn2.0.1.x86_64 \n qemu-kvm-core-3.1.0-7.amzn2.0.1.x86_64 \n qemu-user-3.1.0-7.amzn2.0.1.x86_64 \n qemu-user-binfmt-3.1.0-7.amzn2.0.1.x86_64 \n qemu-user-static-3.1.0-7.amzn2.0.1.x86_64 \n qemu-system-aarch64-3.1.0-7.amzn2.0.1.x86_64 \n qemu-system-aarch64-core-3.1.0-7.amzn2.0.1.x86_64 \n qemu-system-x86-3.1.0-7.amzn2.0.1.x86_64 \n qemu-system-x86-core-3.1.0-7.amzn2.0.1.x86_64 \n qemu-debuginfo-3.1.0-7.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-07-18T17:45:00", "published": "2019-07-18T17:45:00", "id": "ALAS2-2019-1248", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html", "title": "Important: qemu", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8608", "CVE-2019-9824"], "description": "**Issue Overview:**\n\nIn libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. ([CVE-2020-8608 __](<https://access.redhat.com/security/cve/CVE-2020-8608>))\n\ntcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. ([CVE-2019-9824 __](<https://access.redhat.com/security/cve/CVE-2019-9824>))\n\n \n**Affected Packages:** \n\n\nqemu\n\n \n**Issue Correction:** \nRun _yum update qemu_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n qemu-3.1.0-8.amzn2.0.3.aarch64 \n qemu-common-3.1.0-8.amzn2.0.3.aarch64 \n qemu-guest-agent-3.1.0-8.amzn2.0.3.aarch64 \n qemu-img-3.1.0-8.amzn2.0.3.aarch64 \n ivshmem-tools-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-curl-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-dmg-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-iscsi-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-nfs-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-rbd-3.1.0-8.amzn2.0.3.aarch64 \n qemu-block-ssh-3.1.0-8.amzn2.0.3.aarch64 \n qemu-audio-alsa-3.1.0-8.amzn2.0.3.aarch64 \n qemu-audio-oss-3.1.0-8.amzn2.0.3.aarch64 \n qemu-audio-pa-3.1.0-8.amzn2.0.3.aarch64 \n qemu-audio-sdl-3.1.0-8.amzn2.0.3.aarch64 \n qemu-ui-curses-3.1.0-8.amzn2.0.3.aarch64 \n qemu-ui-gtk-3.1.0-8.amzn2.0.3.aarch64 \n qemu-ui-sdl-3.1.0-8.amzn2.0.3.aarch64 \n qemu-kvm-3.1.0-8.amzn2.0.3.aarch64 \n qemu-kvm-core-3.1.0-8.amzn2.0.3.aarch64 \n qemu-user-3.1.0-8.amzn2.0.3.aarch64 \n qemu-user-binfmt-3.1.0-8.amzn2.0.3.aarch64 \n qemu-user-static-3.1.0-8.amzn2.0.3.aarch64 \n qemu-system-aarch64-3.1.0-8.amzn2.0.3.aarch64 \n qemu-system-aarch64-core-3.1.0-8.amzn2.0.3.aarch64 \n qemu-system-x86-3.1.0-8.amzn2.0.3.aarch64 \n qemu-system-x86-core-3.1.0-8.amzn2.0.3.aarch64 \n qemu-debuginfo-3.1.0-8.amzn2.0.3.aarch64 \n \n i686: \n qemu-3.1.0-8.amzn2.0.3.i686 \n qemu-common-3.1.0-8.amzn2.0.3.i686 \n qemu-guest-agent-3.1.0-8.amzn2.0.3.i686 \n qemu-img-3.1.0-8.amzn2.0.3.i686 \n ivshmem-tools-3.1.0-8.amzn2.0.3.i686 \n qemu-block-curl-3.1.0-8.amzn2.0.3.i686 \n qemu-block-dmg-3.1.0-8.amzn2.0.3.i686 \n qemu-block-iscsi-3.1.0-8.amzn2.0.3.i686 \n qemu-block-nfs-3.1.0-8.amzn2.0.3.i686 \n qemu-block-ssh-3.1.0-8.amzn2.0.3.i686 \n qemu-audio-alsa-3.1.0-8.amzn2.0.3.i686 \n qemu-audio-oss-3.1.0-8.amzn2.0.3.i686 \n qemu-audio-pa-3.1.0-8.amzn2.0.3.i686 \n qemu-audio-sdl-3.1.0-8.amzn2.0.3.i686 \n qemu-ui-curses-3.1.0-8.amzn2.0.3.i686 \n qemu-ui-gtk-3.1.0-8.amzn2.0.3.i686 \n qemu-ui-sdl-3.1.0-8.amzn2.0.3.i686 \n qemu-kvm-3.1.0-8.amzn2.0.3.i686 \n qemu-kvm-core-3.1.0-8.amzn2.0.3.i686 \n qemu-user-3.1.0-8.amzn2.0.3.i686 \n qemu-user-binfmt-3.1.0-8.amzn2.0.3.i686 \n qemu-user-static-3.1.0-8.amzn2.0.3.i686 \n qemu-system-aarch64-3.1.0-8.amzn2.0.3.i686 \n qemu-system-aarch64-core-3.1.0-8.amzn2.0.3.i686 \n qemu-system-x86-3.1.0-8.amzn2.0.3.i686 \n qemu-system-x86-core-3.1.0-8.amzn2.0.3.i686 \n qemu-debuginfo-3.1.0-8.amzn2.0.3.i686 \n \n src: \n qemu-3.1.0-8.amzn2.0.3.src \n \n x86_64: \n qemu-3.1.0-8.amzn2.0.3.x86_64 \n qemu-common-3.1.0-8.amzn2.0.3.x86_64 \n qemu-guest-agent-3.1.0-8.amzn2.0.3.x86_64 \n qemu-img-3.1.0-8.amzn2.0.3.x86_64 \n ivshmem-tools-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-curl-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-dmg-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-iscsi-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-nfs-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-rbd-3.1.0-8.amzn2.0.3.x86_64 \n qemu-block-ssh-3.1.0-8.amzn2.0.3.x86_64 \n qemu-audio-alsa-3.1.0-8.amzn2.0.3.x86_64 \n qemu-audio-oss-3.1.0-8.amzn2.0.3.x86_64 \n qemu-audio-pa-3.1.0-8.amzn2.0.3.x86_64 \n qemu-audio-sdl-3.1.0-8.amzn2.0.3.x86_64 \n qemu-ui-curses-3.1.0-8.amzn2.0.3.x86_64 \n qemu-ui-gtk-3.1.0-8.amzn2.0.3.x86_64 \n qemu-ui-sdl-3.1.0-8.amzn2.0.3.x86_64 \n qemu-kvm-3.1.0-8.amzn2.0.3.x86_64 \n qemu-kvm-core-3.1.0-8.amzn2.0.3.x86_64 \n qemu-user-3.1.0-8.amzn2.0.3.x86_64 \n qemu-user-binfmt-3.1.0-8.amzn2.0.3.x86_64 \n qemu-user-static-3.1.0-8.amzn2.0.3.x86_64 \n qemu-system-aarch64-3.1.0-8.amzn2.0.3.x86_64 \n qemu-system-aarch64-core-3.1.0-8.amzn2.0.3.x86_64 \n qemu-system-x86-3.1.0-8.amzn2.0.3.x86_64 \n qemu-system-x86-core-3.1.0-8.amzn2.0.3.x86_64 \n qemu-debuginfo-3.1.0-8.amzn2.0.3.x86_64 \n \n \n", "edition": 1, "modified": "2020-07-21T16:34:00", "published": "2020-07-21T16:34:00", "id": "ALAS2-2020-1467", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1467.html", "title": "Important: qemu", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-12T14:47:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-12155", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-07-11T00:00:00", "published": "2019-07-09T00:00:00", "id": "OPENVAS:1361412562310876564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876564", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2019-52a8f5468e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876564\");\n script_version(\"2019-07-11T11:32:19+0000\");\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-5008\", \"CVE-2018-20815\", \"CVE-2019-9824\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-11 11:32:19 +0000 (Thu, 11 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:14:54 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-52a8f5468e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-52a8f5468e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the FEDORA-2019-52a8f5468e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor emulator which achieves a good\nemulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.1.0~9.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9824", "CVE-2019-12155"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192255", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-2255)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2255\");\n script_version(\"2020-01-23T12:43:03+0000\");\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:43:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:43:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-2255)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2255\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2255\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2019-2255 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.(CVE-2019-9824)\n\ninterface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~156.5.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~156.5.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~156.5.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-06-12T20:43:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-10T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844007", "type": "openvas", "title": "Ubuntu Update for qemu USN-3978-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844007\");\n script_version(\"2019-06-10T08:12:11+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-20815\",\n \"CVE-2019-11091\", \"CVE-2019-5008\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-10 08:12:11 +0000 (Mon, 10 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:02:55 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for qemu USN-3978-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3978-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3978-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the USN-3978-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKurtis Miller discovered that a buffer overflow existed in QEMU when\nloading a device tree blob. A local attacker could use this to execute\narbitrary code. (CVE-2018-20815)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that a NULL pointer dereference existed in the sun4u\npower device implementation in QEMU. A local attacker could use this\nto cause a denial of service. This issue only affected Ubuntu 18.10\nand Ubuntu 19.04. (CVE-2019-5008)\n\nWilliam Bowling discovered that an information leak existed in the SLiRP\nnetworking implementation of QEMU. An attacker could use this to expose\nsensitive information. (CVE-2019-9824)\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.12+dfsg-3ubuntu8.7\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.12+dfsg-3ubuntu8.7\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:3.1+dfsg-2ubuntu3.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:3.1+dfsg-2ubuntu3.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.11+dfsg-1ubuntu7.13\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.11+dfsg-1ubuntu7.13\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.5+dfsg-5ubuntu10.38\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.38\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:02:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8934", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-3812"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-26T00:00:00", "id": "OPENVAS:1361412562310852454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852454", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1274-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852454\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-20815\", \"CVE-2019-3812\", \"CVE-2019-8934\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-26 02:00:51 +0000 (Fri, 26 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1274-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1274-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2019:1274-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).\n\n - CVE-2019-8934: Added method to specify whether or not to expose certain\n ppc64 hostinformation (bsc#1126455).\n\n - CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in\n virtual monitor interface (bsc#1125721).\n\n - CVE-2018-20815: Fixed a denial of service possibility in device tree\n processing (bsc#1130675).\n\n Non-security issue fixed:\n\n - Backported Skylake-Server vcpu model support from qemu v2.11\n (FATE#327261 bsc#1131955).\n\n - Added ability to set virtqueue size using virtqueue_size parameter\n (FATE#327255 bsc#1118900).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1274=1\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~59.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~59.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11806", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310891781", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891781", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-1781-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891781\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-11806\", \"CVE-2018-18849\", \"CVE-2018-20815\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:00:09 +0000 (Fri, 10 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-1781-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1781-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/901017\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/912535\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the DLA-1781-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were found in QEMU, a fast processor emulator:\n\nCVE-2018-11806\n\nIt was found that the SLiRP networking implementation could use a wrong\nsize when reallocating its buffers, which can be exploited by a\nprivileged user on a guest to cause denial of service or possibly\narbitrary code execution on the host system.\n\nCVE-2018-18849\n\nIt was found that the LSI53C895A SCSI Host Bus Adapter emulation was\nsusceptible to an out of bounds memory access, which could be leveraged\nby a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\nA heap buffer overflow was found in the load_device_tree function,\nwhich could be used by a malicious user to potentially execute\narbitrary code with the privileges of the QEMU process.\n\nCVE-2019-9824\n\nWilliam Bowling discovered that the SLiRP networking implementation did\nnot handle some messages properly, which could be triggered to leak\nmemory via crafted messages.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.1+dfsg-12+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:29:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13164", "CVE-2019-5008", "CVE-2019-14378", "CVE-2019-12155"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852968", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2019:2041-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852968\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-5008\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:49:52 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2019:2041-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2041-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2019:2041-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet\n input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for null pointer dereference while\n releasing spice resources (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed\n when names are too long (bsc#1140402).\n\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual\n machine possible through guest device driver (bsc#1133031).\n\n Bug fixes and enhancements:\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge\n (jsc#SLE-4883)\n\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n\n - Add in documentation about md-clear feature (bsc#1138534)\n\n - Fix SEV issue where older machine type is not processed correctly\n (bsc#1144087)\n\n - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\n - Further refine arch-capabilities handling to help with security and\n performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\n - Add support for one more security/performance related vcpu feature\n (bsc#1136778) (fate#327796)\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2041=1\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-alsa\", rpm:\"qemu-audio-alsa~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-alsa-debuginfo\", rpm:\"qemu-audio-alsa-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-oss\", rpm:\"qemu-audio-oss~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-oss-debuginfo\", rpm:\"qemu-audio-oss-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-pa\", rpm:\"qemu-audio-pa~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-pa-debuginfo\", rpm:\"qemu-audio-pa-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-sdl\", rpm:\"qemu-audio-sdl~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-sdl-debuginfo\", rpm:\"qemu-audio-sdl-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster\", rpm:\"qemu-block-gluster~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster-debuginfo\", rpm:\"qemu-block-gluster-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-nfs\", rpm:\"qemu-block-nfs~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-nfs-debuginfo\", rpm:\"qemu-block-nfs-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debuginfo\", rpm:\"qemu-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~3.1.1~lp151.7.3.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~3.1.1~lp151.7.3.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~3.1.1~lp151.7.3.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-curses\", rpm:\"qemu-ui-curses~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-curses-debuginfo\", rpm:\"qemu-ui-curses-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-gtk\", rpm:\"qemu-ui-gtk~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-gtk-debuginfo\", rpm:\"qemu-ui-gtk-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-sdl\", rpm:\"qemu-ui-sdl~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-sdl-debuginfo\", rpm:\"qemu-ui-sdl-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~3.1.1~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.12.0~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.12.0~lp151.7.3.3\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:32:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20815"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201029", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2020-1029)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1029\");\n script_version(\"2020-01-23T13:16:43+0000\");\n script_cve_id(\"CVE-2018-20815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:16:43 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:16:43 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2020-1029)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1029\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1029\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu' package(s) announced via the EulerOS-SA-2020-1029 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.(CVE-2018-20815)\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-alsa\", rpm:\"qemu-audio-alsa~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-oss\", rpm:\"qemu-audio-oss~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-pa\", rpm:\"qemu-audio-pa~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-audio-sdl\", rpm:\"qemu-audio-sdl~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster\", rpm:\"qemu-block-gluster~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-nfs\", rpm:\"qemu-block-nfs~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-common\", rpm:\"qemu-common~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-system-aarch64\", rpm:\"qemu-system-aarch64~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-system-aarch64-core\", rpm:\"qemu-system-aarch64-core~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-curses\", rpm:\"qemu-ui-curses~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-gtk\", rpm:\"qemu-ui-gtk~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ui-sdl\", rpm:\"qemu-ui-sdl~3.0.1~3.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-20T14:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12155"], "description": "The remote host is missing an update for the ", "modified": "2019-09-20T00:00:00", "published": "2019-09-19T00:00:00", "id": "OPENVAS:1361412562310883104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883104", "type": "openvas", "title": "CentOS Update for qemu-img CESA-2019:2607 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883104\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-12155\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:02:31 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"CentOS Update for qemu-img CESA-2019:2607 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:2607\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-September/023428.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-img'\n package(s) announced via the CESA-2019:2607 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * QEMU: qxl: null pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'qemu-img' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~167.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~167.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~167.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~167.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-21T14:51:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5008"], "description": "QEMU is prone to a Denial of Service (DoS) vulnerability.", "modified": "2020-01-20T00:00:00", "published": "2019-05-02T00:00:00", "id": "OPENVAS:1361412562310113381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113381", "type": "openvas", "title": "QEMU <= 3.1.50 Denial of Service Vulnerability", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113381\");\n script_version(\"2020-01-20T15:09:17+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-20 15:09:17 +0000 (Mon, 20 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-02 12:52:59 +0000 (Thu, 02 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2019-5008\");\n script_bugtraq_id(108024);\n\n script_name(\"QEMU <= 3.1.50 Denial of Service Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_qemu_detect_lin.nasl\");\n script_mandatory_keys(\"QEMU/Lin/Ver\");\n\n script_tag(name:\"summary\", value:\"QEMU is prone to a Denial of Service (DoS) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hw/sparc64/sun4u.c is vulnerable to a NULL pointer dereference, which allows\n an attacker to cause a denial of service via a device driver.\");\n\n script_tag(name:\"affected\", value:\"QEMU through version 3.1.50.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.0.0.\");\n\n script_xref(name:\"URL\", value:\"https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/\");\n script_xref(name:\"URL\", value:\"https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:qemu:qemu\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE ) )\n exit( 0 );\n\nlocation = infos[\"location\"];\nversion = infos[\"version\"];\n\nif( version_is_less( version: version, test_version: \"4.0.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.0.0\", install_path: location );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-05T18:46:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9824"], "description": "The remote host is missing an update for the ", "modified": "2019-07-04T00:00:00", "published": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310883077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883077", "type": "openvas", "title": "CentOS Update for qemu-guest-agent CESA-2019:1650 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883077\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-04 02:00:41 +0000 (Thu, 04 Jul 2019)\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2019:1650 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1650\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-July/023350.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-guest-agent'\n package(s) announced via the CESA-2019:1650 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack\nvariables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'qemu-guest-agent' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.506.el6_10.4\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.506.el6_10.4\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.506.el6_10.4\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.506.el6_10.4\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-20815", "CVE-2019-11091", "CVE-2019-12155", "CVE-2019-5008", "CVE-2019-9824"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-07-09T00:56:39", "published": "2019-07-09T00:56:39", "id": "FEDORA:4852F614170A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2019-05-28T11:21:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824", "CVE-2018-20815"], "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-3.1.0-r4\"", "edition": 1, "modified": "2019-04-24T00:00:00", "published": "2019-04-24T00:00:00", "id": "GLSA-201904-25", "href": "https://security.gentoo.org/glsa/201904-25", "title": "QEMU: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-06-04T22:42:49", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824", "CVE-2018-20815", "CVE-2019-3812"], "description": "[12:2.9.0-21.el7]\n- x86: Add mds feature (Karl Heubaum) \n- e1000: Never increment the RX undersize count register (Chris Kenna) \n- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29643540]\n- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29643540]\n- kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support (Bandan Das) [Orabug: 29643540]\n- x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540]\n- x86: Data structure changes to support MSR based features (Robert Hoo) [Orabug: 29643540]\n- kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl (Robert Hoo) [Orabug: 29643540]\n- i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR (Robert Hoo) [Orabug: 29643540]\n- i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540]\n- update Linux headers to 4.16-rc5 (Paolo Bonzini) [Orabug: 29643540]\n- linux-headers: update (Cornelia Huck) [Orabug: 29643540]\n- linux-headers: update to 4.15-rc1 (Eric Auger) [Orabug: 29643540]\n- linux-headers: sync against v4.14-rc1 (Alexey Perevalov) [Orabug: 29643540]\n- linux header sync against v4.13-rc1 (Christian Borntraeger) [Orabug: 29643540]\n- linux-headers: update to 4.13-rc0 (Christian Borntraeger) [Orabug: 29643540]\n- parfait: --disable-avx2 no longer needed by rpmbuild (Liam Merwick) [Orabug: 28733157]\n- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 28733157]\n- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 28733157]\n- parfait: provide option to upload results (Liam Merwick) [Orabug: 28733157]\n- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 28733157]\n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28733157]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28733157]\n- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29546331] {CVE-2018-20815}\n- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29501785] {CVE-2019-9824}\n- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29377317] {CVE-2019-3812}", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4631", "href": "http://linux.oracle.com/errata/ELSA-2019-4631.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-03T02:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824"], "description": "[0.12.1.2-2.506.el6_10.4]\n- kvm-target-i386-Sanitize-the-XSAVE-related-feature-bits.patch [bz#1673779]\n- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689790]\n- Resolves: bz#1673779\n (RHEL8 VM's do not install on RHEL6 KVM hypervisor)\n- Resolves: bz#1689790\n (CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-6])", "edition": 1, "modified": "2019-07-02T00:00:00", "published": "2019-07-02T00:00:00", "id": "ELSA-2019-1650", "href": "http://linux.oracle.com/errata/ELSA-2019-1650.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-06-04T22:43:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-20123", "CVE-2018-19665", "CVE-2019-8934", "CVE-2018-12127", "CVE-2019-6778", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2018-18438", "CVE-2019-3812", "CVE-2019-6501", "CVE-2019-11091", "CVE-2018-12130"], "description": "[15:3.1.0-3.el7]\n- x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as\n fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}\n {CVE-2018-12130} {CVE-2019-11091}\n[15:3.1.0-2.el7]\n- x86: Add mds feature (Karl Heubaum) \n- e1000: Never increment the RX undersize count register (Chris Kenna) \n- qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562]\n- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548]\n- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548]\n- parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548]\n- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]\n- Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}\n- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815}\n- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824}\n- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}\n- scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501}\n- slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4640", "href": "http://linux.oracle.com/errata/ELSA-2019-4640.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-05T06:41:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-14378", "CVE-2019-12155"], "description": "[1.5.3-167.el7_7.1]\n- kvm-qxl-check-release-info-object.patch [bz#1732337]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]\n- Resolves: bz#1732337\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])\n- Resolves: bz#1734748\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])", "edition": 1, "modified": "2019-09-04T00:00:00", "published": "2019-09-04T00:00:00", "id": "ELSA-2019-2607", "href": "http://linux.oracle.com/errata/ELSA-2019-2607.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-11-10T10:21:03", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12155", "CVE-2019-9755", "CVE-2019-9824"], "description": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T00:47:18", "published": "2019-11-05T22:33:34", "id": "RHSA-2019:3345", "href": "https://access.redhat.com/errata/RHSA-2019:3345", "type": "redhat", "title": "(RHSA-2019:3345) Low: virt:rhel security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T14:45:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "modified": "2019-08-15T18:07:33", "published": "2019-08-15T18:01:18", "id": "RHSA-2019:2507", "href": "https://access.redhat.com/errata/RHSA-2019:2507", "type": "redhat", "title": "(RHSA-2019:2507) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-02T20:27:03", "published": "2019-07-02T20:16:14", "id": "RHSA-2019:1667", "href": "https://access.redhat.com/errata/RHSA-2019:1667", "type": "redhat", "title": "(RHSA-2019:1667) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es):\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* As newer machine remove csske feature, detection of the processor fail and machine used old version as fallback. This update make feature conditional so detection of newer cpu works properly. (BZ#1720262)", "modified": "2019-07-29T18:27:19", "published": "2019-07-29T16:48:27", "id": "RHSA-2019:1881", "href": "https://access.redhat.com/errata/RHSA-2019:1881", "type": "redhat", "title": "(RHSA-2019:1881) Important: qemu-kvm-ma security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-10T11:50:34", "published": "2019-07-10T00:41:09", "id": "RHSA-2019:1723", "href": "https://access.redhat.com/errata/RHSA-2019:1723", "type": "redhat", "title": "(RHSA-2019:1723) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-10T16:41:36", "published": "2019-07-10T16:09:28", "id": "RHSA-2019:1743", "href": "https://access.redhat.com/errata/RHSA-2019:1743", "type": "redhat", "title": "(RHSA-2019:1743) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-03T16:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12155"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-03T19:40:31", "published": "2019-09-03T17:20:18", "id": "RHSA-2019:2607", "href": "https://access.redhat.com/errata/RHSA-2019:2607", "type": "redhat", "title": "(RHSA-2019:2607) Low: qemu-kvm security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T00:44:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:45:44", "published": "2019-08-06T11:58:28", "id": "RHSA-2019:2078", "href": "https://access.redhat.com/errata/RHSA-2019:2078", "type": "redhat", "title": "(RHSA-2019:2078) Low: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-02T15:00:03", "published": "2019-07-02T14:35:37", "id": "RHSA-2019:1650", "href": "https://access.redhat.com/errata/RHSA-2019:1650", "type": "redhat", "title": "(RHSA-2019:1650) Low: qemu-kvm security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20815", "CVE-2019-6778"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* CVE-2018-20815 QEMU: device_tree: heap buffer overflow while loading device tree blob\n\n* CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_em\n\nThis update fixes the following bug:\n\n* 1705364 RHV VM pauses when 'dd' issued inside guest to a direct lun configured as virtio-scsi with scsi-passthrough\n\nUsers of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "modified": "2019-07-30T14:36:15", "published": "2019-07-30T14:30:29", "id": "RHSA-2019:1968", "href": "https://access.redhat.com/errata/RHSA-2019:1968", "type": "redhat", "title": "(RHSA-2019:1968) Important: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-5008", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKurtis Miller discovered that a buffer overflow existed in QEMU when \nloading a device tree blob. A local attacker could use this to execute \narbitrary code. (CVE-2018-20815)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that a NULL pointer dereference existed in the sun4u \npower device implementation in QEMU. A local attacker could use this \nto cause a denial of service. This issue only affected Ubuntu 18.10 \nand Ubuntu 19.04. (CVE-2019-5008)\n\nWilliam Bowling discovered that an information leak existed in the SLiRP \nnetworking implementation of QEMU. An attacker could use this to expose \nsensitive information. (CVE-2019-9824)", "edition": 4, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "USN-3978-1", "href": "https://ubuntu.com/security/notices/USN-3978-1", "title": "QEMU update", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:56:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815"], "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u11\nCVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824\nDebian Bug : 901017 912535\n\nSeveral vulnerabilities were found in QEMU, a fast processor emulator:\n\nCVE-2018-11806\n\n It was found that the SLiRP networking implementation could use a wrong\n size when reallocating its buffers, which can be exploited by a\n priviledged user on a guest to cause denial of service or possibly\n arbitrary code execution on the host system.\n\nCVE-2018-18849\n\n It was found that the LSI53C895A SCSI Host Bus Adapter emulation was\n susceptible to an out of bounds memory access, which could be leveraged\n by a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\n A heap buffer overflow was found in the load_device_tree function,\n which could be used by a malicious user to potentially execute\n arbitrary code with the priviledges of the QEMU process.\n\nCVE-2019-9824\n\n William Bowling discovered that the SLiRP networking implementation did\n not handle some messages properly, which could be triggered to leak\n memory via crafted messages.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-05-09T18:42:34", "published": "2019-05-09T18:42:34", "id": "DEBIAN:DLA-1781-1:BE52E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00010.html", "title": "[SECURITY] [DLA 1781-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:03:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13164", "CVE-2018-20815", "CVE-2019-14378"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4506-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 24, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2018-20815 CVE-2019-13164 CVE-2019-14378\nDebian Bug : 873012 933741 931351\n\nMultiple security issues were discovered in QEMU, a fast processor\nemulator, which could result in denial of service, the execution of\narbitrary code or bypass of ACLs.\n\nIn addition this update fixes a regression which could cause NBD\nconnections to hang.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:2.8+dfsg-6+deb9u8.\n\nWe recommend that you upgrade your qemu packages.\n\nFor the detailed security status of qemu please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qemu\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2019-08-24T09:56:14", "published": "2019-08-24T09:56:14", "id": "DEBIAN:DSA-4506-1:6D735", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00154.html", "title": "[SECURITY] [DSA 4506-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-04-25T22:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8934", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-3812"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9824: Fixed information leak in slirp (bsc#1129622).\n - CVE-2019-8934: Added method to specify whether or not to expose certain\n ppc64 hostinformation (bsc#1126455).\n - CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in\n virtual monitor interface (bsc#1125721).\n - CVE-2018-20815: Fixed a denial of service possibility in device tree\n processing (bsc#1130675).\n\n Non-security issue fixed:\n\n - Backported Skylake-Server vcpu model support from qemu v2.11\n (FATE#327261 bsc#1131955).\n - Added ability to set virtqueue size using virtqueue_size parameter\n (FATE#327255 bsc#1118900).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-04-25T21:11:32", "published": "2019-04-25T21:11:32", "id": "OPENSUSE-SU-2019:1274-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-09-01T20:40:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13164", "CVE-2019-5008", "CVE-2019-14378", "CVE-2019-12155"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet\n input (bsc#1143794).\n - CVE-2019-12155: Security fix for null pointer dereference while\n releasing spice resources (bsc#1135902).\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed\n when names are too long (bsc#1140402).\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual\n machine possible through guest device driver (bsc#1133031).\n\n Bug fixes and enhancements:\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge\n (jsc#SLE-4883)\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n - Add in documentation about md-clear feature (bsc#1138534)\n - Fix SEV issue where older machine type is not processed correctly\n (bsc#1144087)\n - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n - Further refine arch-capabilities handling to help with security and\n performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n - Add support for one more security/performance related vcpu feature\n (bsc#1136778) (fate#327796)\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-09-01T18:11:07", "published": "2019-09-01T18:11:07", "id": "OPENSUSE-SU-2019:2041-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-17T14:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2019-8934", "CVE-2018-12127", "CVE-2019-9824", "CVE-2018-20815", "CVE-2019-3812", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)\n - CVE-2019-8934: Added method to specify whether or not to expose certain\n ppc64 host information, which can be considered a security issue\n (bsc#1126455)\n - CVE-2019-3812: Fixed OOB memory access and information leak in virtual\n monitor interface (bsc#1125721)\n - CVE-2018-20815: Fix DOS possibility in device tree processing\n (bsc#1130675)\n - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream\n adjustments for the same. Basically now the security fix is to provide a\n dummy host-model and host-serial value, which\n overrides getting that value from the host\n - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86\n cpu feature "md-clear" (bsc#1111331)\n\n Other bugs fixed:\n\n - Use a new approach to handling the file input to -smbios option, which\n accepts either legacy or per-spec formats regardless of the machine type.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-17T12:10:19", "published": "2019-05-17T12:10:19", "id": "OPENSUSE-SU-2019:1405-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-09-03T14:40:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13164", "CVE-2019-14378", "CVE-2019-12155"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet\n input (bsc#1143794).\n - CVE-2019-12155: Security fix for null pointer dereference while\n releasing spice resources (bsc#1135902).\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed\n when names are too long (bsc#1140402).\n\n Bug fixes and enhancements:\n\n - Add vcpu features needed for Cascadelake-Server, Icelake-Client and\n Icelake-Server, especially the foundational arch-capabilities to help\n with security and performance on Intel hosts (bsc#1134883) (fate#327764)\n - Add support for one more security/performance related vcpu feature\n (bsc#1136778) (fate#327796)\n - Disable file locking in the Xen PV disk backend to avoid locking issues\n with PV domUs during migration. The issues triggered by the locking can\n not be properly handled in libxl. The locking introduced in qemu-2.10\n was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025).\n - Ignore csske for expanding the cpu model (bsc#1136540)\n - Fix vm migration is failing with input/output error when nfs server is\n disconnected (bsc#1119115)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-09-03T12:10:48", "published": "2019-09-03T12:10:48", "id": "OPENSUSE-SU-2019:2059-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12155"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2607\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-September/035466.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-09-18T18:53:46", "published": "2019-09-18T18:53:46", "id": "CESA-2019:2607", "href": "http://lists.centos.org/pipermail/centos-announce/2019-September/035466.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:28:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2078\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/006079.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 2, "modified": "2019-08-30T04:04:53", "published": "2019-08-30T04:04:53", "id": "CESA-2019:2078", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/006079.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-08T03:39:54", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9824"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1650\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-July/035388.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-07-03T17:01:43", "published": "2019-07-03T17:01:43", "id": "CESA-2019:1650", "href": "http://lists.centos.org/pipermail/centos-announce/2019-July/035388.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}