{"id": "DEBIAN_DLA-1300.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1300-1 : xen security update", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2018-03-06T00:00:00", "modified": "2018-03-06T00:00:00", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}, "href": "https://www.tenable.com/plugins/nessus/107134", "reporter": "This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html", "https://packages.debian.org/source/wheezy/xen"], "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "type": "nessus", "lastseen": "2021-01-12T09:39:05", "edition": 15, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-7540", "RH:CVE-2018-7541"]}, {"type": "cve", "idList": ["CVE-2018-7541", "CVE-2018-7540"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1577-1:71995", "DEBIAN:DLA-1300-1:11474", "DEBIAN:DSA-4131-1:D22BC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874580", "OPENVAS:1361412562310891300", "OPENVAS:1361412562310891577", "OPENVAS:1361412562310874805", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310704131", "OPENVAS:1361412562310874659", "OPENVAS:1361412562310874408", "OPENVAS:1361412562310874259", "OPENVAS:1361412562310874189"]}, {"type": "nessus", "idList": ["XEN_SERVER_XSA-252.NASL", "SUSE_SU-2018-0909-1.NASL", "DEBIAN_DSA-4131.NASL", "CITRIX_XENSERVER_CTX232655.NASL", "FEDORA_2018-C553A586C8.NASL", "XEN_SERVER_XSA-255.NASL", "FEDORA_2018-0746DAC335.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "CITRIX_XENSERVER_CTX232096.NASL", "ORACLEVM_OVMSA-2018-0021.NASL"]}, {"type": "citrix", "idList": ["CTX232655"]}, {"type": "fedora", "idList": ["FEDORA:698AD6087A96", "FEDORA:520A96076F57", "FEDORA:728DA604CD72", "FEDORA:D5F726042B1F", "FEDORA:977BB60A6180", "FEDORA:BCAE760875D9", "FEDORA:2C89F6167407", "FEDORA:EAC7F6435E1F", "FEDORA:73C6F628E99A", "FEDORA:6315F608DDDD"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0909-1", "OPENSUSE-SU-2018:1274-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:0678-1"]}, {"type": "gentoo", "idList": ["GLSA-201810-06"]}], "modified": "2021-01-12T09:39:05", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-01-12T09:39:05", "rev": 2}, "vulnersScore": 5.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1300-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107134);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\");\n\n script_name(english:\"Debian DLA-1300-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-docs-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxen-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-dev\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml-dev\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxenstore3.0\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-docs-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-amd64\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-i386\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-amd64\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-i386\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-common\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xenstore-utils\", reference:\"4.1.6.lts1-13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "107134", "cpe": ["p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64", "p-cpe:/a:debian:debian_linux:xen-system-i386", "p-cpe:/a:debian:debian_linux:xen-utils-4.1", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xenstore-utils", "p-cpe:/a:debian:debian_linux:xen-docs-4.1", "p-cpe:/a:debian:debian_linux:libxen-ocaml", "p-cpe:/a:debian:debian_linux:libxen-ocaml-dev", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:libxen-4.1"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "immutableFields": []}

{"redhatcve": [{"lastseen": "2021-05-07T17:36:19", "bulletinFamily": "info", "cvelist": ["CVE-2018-7540"], "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.\n", "modified": "2019-10-12T02:42:40", "published": "2018-02-28T06:48:52", "id": "RH:CVE-2018-7540", "href": "https://access.redhat.com/security/cve/cve-2018-7540", "type": "redhatcve", "title": "CVE-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-05-07T17:36:19", "bulletinFamily": "info", "cvelist": ["CVE-2018-7541"], "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.\n", "modified": "2019-10-12T02:42:25", "published": "2018-02-28T06:49:14", "id": "RH:CVE-2018-7541", "href": "https://access.redhat.com/security/cve/cve-2018-7541", "type": "redhatcve", "title": "CVE-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "cve": [{"lastseen": "2021-04-23T00:24:31", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-02-27T19:29:00", "title": "CVE-2018-7540", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2018-11-13T11:29:00", "cpe": ["cpe:/o:xen:xen:4.10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-7540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T00:24:31", "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.", "edition": 8, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-27T19:29:00", "title": "CVE-2018-7541", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-7541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.10.0:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2019-05-30T02:22:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "description": "Package : xen\nVersion : 4.1.6.lts1-13\nCVE ID : CVE-2018-7540 CVE-2018-7541\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-03-06T06:48:15", "published": "2018-03-06T06:48:15", "id": "DEBIAN:DLA-1300-1:11474", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201803/msg00003.html", "title": "[SECURITY] [DLA 1300-1] xen security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-09-12T00:53:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4131-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 04, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-7542\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\n\n Jann Horn discovered that missing checks in page table freeing may\n result in denial of service.\n\nCVE-2018-7541\n\n Jan Beulich discovered that incorrect error handling in grant table\n checks may result in guest-to-host denial of service and potentially\n privilege escalation.\n\nCVE-2018-7542\n\n Ian Jackson discovered that insufficient handling of x86 PVH guests\n without local APICs may result in guest-to-host denial of service.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-03-04T10:00:04", "published": "2018-03-04T10:00:04", "id": "DEBIAN:DSA-4131-1:D22BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00057.html", "title": "[SECURITY] [DSA 4131-1] xen security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-08-12T00:51:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-15470", "CVE-2018-12893", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-12891"], "description": "Package : xen\nVersion : 4.4.4lts4-0+deb8u1\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 \n CVE-2018-12893 CVE-2018-15469 CVE-2018-15470\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-11-12T13:09:59", "published": "2018-11-12T13:09:59", "id": "DEBIAN:DLA-1577-1:71995", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00013.html", "title": "[SECURITY] [DLA 1577-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-29T20:07:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "modified": "2020-01-29T00:00:00", "published": "2018-03-27T00:00:00", "id": "OPENVAS:1361412562310891300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891300", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1300-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891300\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1300-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-07-04T18:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\nJann Horn discovered that missing checks in page table freeing may\nresult in denial of service.\n\nCVE-2018-7541\nJan Beulich discovered that incorrect error handling in grant table\nchecks may result in guest-to-host denial of service and potentially\nprivilege escalation.\n\nCVE-2018-7542\nIan Jackson discovered that insufficient handling of x86 PVH guests\nwithout local APICs may result in guest-to-host denial of service.", "modified": "2019-07-04T00:00:00", "published": "2018-03-04T00:00:00", "id": "OPENVAS:1361412562310704131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704131", "type": "openvas", "title": "Debian Security Advisory DSA 4131-1 (xen - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4131-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704131\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_name(\"Debian Security Advisory DSA 4131-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-04 00:00:00 +0100 (Sun, 04 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4131.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/xen\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\nJann Horn discovered that missing checks in page table freeing may\nresult in denial of service.\n\nCVE-2018-7541\nJan Beulich discovered that incorrect error handling in grant table\nchecks may result in guest-to-host denial of service and potentially\nprivilege escalation.\n\nCVE-2018-7542\nIan Jackson discovered that insufficient handling of x86 PVH guests\nwithout local APICs may result in guest-to-host denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310874189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874189", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-c553a586c8", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c553a586c8_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-c553a586c8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874189\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:37:51 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-c553a586c8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c553a586c8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EON2NY7TTGVGFRL4CFQGVPUCGIDVKO42\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.1~5.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-21T00:00:00", "id": "OPENVAS:1361412562310874259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874259", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-0746dac335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0746dac335_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-0746dac335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874259\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:11:29 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-0746dac335\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0746dac335\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGRVYJZOR6DZ26U3INZ7MMCY6DDQSG65\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-29T20:06:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-15470", "CVE-2018-12893", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-12891"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "modified": "2020-01-29T00:00:00", "published": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310891577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891577", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1577-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891577\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-7540\",\n \"CVE-2018-7541\", \"CVE-2018-8897\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1577-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 00:00:00 +0100 (Mon, 12 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T16:46:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2018-05-12T00:00:00", "id": "OPENVAS:1361412562310851742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851742", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851742\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 05:51:06 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-7540\", \"CVE-2018-7541\",\n \"CVE-2018-7542\", \"CVE-2018-8897\", \"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptible L3/L4 pagetable freeing\n (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-454=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1274-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-17T00:00:00", "id": "OPENVAS:1361412562310874580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874580", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-98684f429b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_98684f429b_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-98684f429b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874580\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-17 05:46:54 +0200 (Thu, 17 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2018-10982\", \"CVE-2018-10981\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-98684f429b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-98684f429b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6OEW7BFEIZGLUN6VOIHINTWV4FXDAXG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~3.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-15597", "CVE-2018-10472", "CVE-2017-17564", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2017-17566", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-02T00:00:00", "id": "OPENVAS:1361412562310874408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874408", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-604574c943", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_604574c943_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-604574c943\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:58:54 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-604574c943\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-604574c943\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLLQI3WPM62M45JCLWN4SSYWILJ7EHI5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-3639", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-09T00:00:00", "id": "OPENVAS:1361412562310874659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874659", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-aec846c0ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_aec846c0ef_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-aec846c0ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874659\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-09 06:00:05 +0200 (Sat, 09 Jun 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-aec846c0ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-aec846c0ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXWQTCUKDG3QIEY5FXMOSW4CV7SD6SKX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~4.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2018-12892", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2018-12893", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-3665", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-12891", "CVE-2018-3639", "CVE-2017-15595"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-07-15T00:00:00", "id": "OPENVAS:1361412562310874805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874805", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-1a467757ce", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1a467757ce_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-1a467757ce\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874805\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:02:45 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\",\n \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-1a467757ce\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1a467757ce\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q2DYZXIZH5NK6GZ24XMBJ24W6MHVDAW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-30T23:05:43", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-7540\n Jann Horn discovered that missing checks in page table\n freeing may result in denial of service.\n\n - CVE-2018-7541\n Jan Beulich discovered that incorrect error handling in\n grant table checks may result in guest-to-host denial of\n service and potentially privilege escalation.\n\n - CVE-2018-7542\n Ian Jackson discovered that insufficient handling of x86\n PVH guests without local APICs may result in\n guest-to-host denial of service.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "title": "Debian DSA-4131-1 : xen - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4131.NASL", "href": "https://www.tenable.com/plugins/nessus/107123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4131. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107123);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"DSA\", value:\"4131\");\n\n script_name(english:\"Debian DSA-4131-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-7540\n Jann Horn discovered that missing checks in page table\n freeing may result in denial of service.\n\n - CVE-2018-7541\n Jan Beulich discovered that incorrect error handling in\n grant table checks may result in guest-to-host denial of\n service and potentially privilege escalation.\n\n - CVE-2018-7542\n Ian Jackson discovered that insufficient handling of x86\n PVH guests without local APICs may result in\n guest-to-host denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4131\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-01-07T10:15:49", "description": "update Xen page-table isolation (XPTI) mitigation and add Branch\nTarget Injection (BTI) mitigation for XSA-254 DoS via non-preemptable\nL3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1\ntransition may crash Xen [XSA-255] (#1549570) x86 PVH guest without\nLAPIC may DoS the host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-21T00:00:00", "title": "Fedora 26 : xen (2018-0746dac335)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2018-03-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-0746DAC335.NASL", "href": "https://www.tenable.com/plugins/nessus/108492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0746dac335.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108492);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"FEDORA\", value:\"2018-0746dac335\");\n\n script_name(english:\"Fedora 26 : xen (2018-0746dac335)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update Xen page-table isolation (XPTI) mitigation and add Branch\nTarget Injection (BTI) mitigation for XSA-254 DoS via non-preemptable\nL3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1\ntransition may crash Xen [XSA-255] (#1549570) x86 PVH guest without\nLAPIC may DoS the host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0746dac335\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.3-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-01-07T10:21:22", "description": "add Xen page-table isolation (XPTI) mitigation and Branch Target\nInjection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4\npagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition\nmay crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS\nthe host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-07T00:00:00", "title": "Fedora 27 : xen (2018-c553a586c8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2018-03-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2018-C553A586C8.NASL", "href": "https://www.tenable.com/plugins/nessus/107176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-c553a586c8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107176);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"FEDORA\", value:\"2018-c553a586c8\");\n\n script_name(english:\"Fedora 27 : xen (2018-c553a586c8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"add Xen page-table isolation (XPTI) mitigation and Branch Target\nInjection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4\npagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition\nmay crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS\nthe host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c553a586c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.1-5.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-04-30T22:49:59", "description": "The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "title": "Citrix XenServer Multiple Vulnerabilities (CTX232655)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2016-2074", "CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX232655.NASL", "href": "https://www.tenable.com/plugins/nessus/108887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108887);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2016-2074\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_bugtraq_id(85700, 103174, 103177);\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX232655)\"); \n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.\"\n);\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX232655\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2018/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2018/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\nif (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix1 = \"XS70E052\"; # CTX233362\n fix2 = \"XS70E051\"; # CTX233364\n if (fix1 >!< patches && fix2 >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71ECU1012\"; # CTX233365\n fix2 = \"XS71ECU1013\"; # CTX233363\n if (fix >!< patches && fix2 >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E016\"; # CTX233366\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.3($|[^0-9])\")\n{\n fix = \"XS73E003\"; # CTX233368\n if (fix >!< patches) vuln = TRUE;\n}\n\n\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-05-01T02:28:17", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: xen\n commit=b2a6db11ced11291a472bc1bda20ce329eda4d66\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)&nbsp [Orabug: 27571750]&nbsp \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)&nbsp [Orabug: 27571737]&nbsp \n (CVE-2018-7540)\n\n - BUILDINFO: xen\n commit=873b8236e886daa3c26dae28d0c1c53d88447dc0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)&nbsp [Orabug: 27533309]\n\n - BUILDINFO: xen\n commit=81602116e75b6bbc519366b242c71888aa1b1673\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp \n [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553376]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: xen\n commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:\n 27445678]\n\n - BUILDINFO: xen\n commit=9657d91fcbf49798d2c5135866e1947113d536dc\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)&nbsp [Orabug:\n 27375688]\n\n - BUILDINFO: xen\n commit=4e5826dfcb56d3a868a9934646989f8483f03b3c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)&nbsp [Orabug: 27409718]", "edition": 34, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "title": "OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2018-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/107130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107130);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: xen\n commit=b2a6db11ced11291a472bc1bda20ce329eda4d66\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)&nbsp [Orabug: 27571750]&nbsp \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)&nbsp [Orabug: 27571737]&nbsp \n (CVE-2018-7540)\n\n - BUILDINFO: xen\n commit=873b8236e886daa3c26dae28d0c1c53d88447dc0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)&nbsp [Orabug: 27533309]\n\n - BUILDINFO: xen\n commit=81602116e75b6bbc519366b242c71888aa1b1673\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp \n [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553376]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: xen\n commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:\n 27445678]\n\n - BUILDINFO: xen\n commit=9657d91fcbf49798d2c5135866e1947113d536dc\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)&nbsp [Orabug:\n 27375688]\n\n - BUILDINFO: xen\n commit=4e5826dfcb56d3a868a9934646989f8483f03b3c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)&nbsp [Orabug: 27409718]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-March/000832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de7c508d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.36.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.36.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-05-01T02:28:06", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=9ccc143584e12027a8db854d19ce8a120d22cfac\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)&nbsp [Orabug: 27614581]&nbsp \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)&nbsp [Orabug: 27614605]&nbsp \n (CVE-2018-7540)\n\n - xend: allow setting topology if smt is off in bios\n (Elena Ufimtseva)&nbsp \n\n - x86/svm: clear CPUID IBPB when feature is not supported\n (Elena Ufimtseva)&nbsp [Orabug: 27416699]\n\n - x86/domain: Move hvm_vcpu_initialize before\n cpuid_policy_changed (Elena Ufimtseva)&nbsp [Orabug:\n 27416699]\n\n - x86, amd_ucode: support multiple container files\n appended together (Aravind Gopalakrishnan)&nbsp \n [Orabug: 27416699]\n\n - x86/intel: change default governor to performance (Joao\n Martins) \n\n - x86/cpuidle: Disable deep C-states due to erratum AAJ72\n (Joao Martins)&nbsp [Orabug: 27614625]\n\n - Revert 'set max cstate to 1' (Joao Martins)&nbsp \n [Orabug: 27614625]\n\n - x86/cpuidle: add new CPU families (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86/Intel: Broadwell doesn't have\n PKG_C[8,9,10]_RESIDENCY MSRs (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - mwait-idle: add KBL support (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait-idle: add SKX support (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait_idle: Skylake Client Support (Len Brown)&nbsp \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86/idle: update to include further package/core\n residency MSRs (Jan Beulich)&nbsp [Orabug: 27614625]\n\n - mwait-idle: support additional Broadwell model (Len\n Brown) [Orabug: 27614625]\n\n - x86/mwait-idle: Broadwell support (Len Brown)&nbsp \n [Orabug: 27614625]\n\n - x86/mwait-idle: disable Baytrail Core and Module C6\n auto-demotion (Len Brown)&nbsp [Orabug: 27614625]\n\n - mwait-idle: add CPU model 54 (Atom N2000 series) (Jan\n Kiszka) [Orabug: 27614625]\n\n - mwait-idle: support Bay Trail (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait-idle: allow sparse sub-state numbering, for Bay\n Trail (Len Brown)&nbsp [Orabug: 27614625]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=c837c35e1c04791a50f930926ba815ca5b4d3661\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: restore smt parameter on guest reboot (Elena\n Ufimtseva) [Orabug: 27574191]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp \n [Orabug: 27553369]&nbsp (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553369]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)&nbsp [Orabug: 27553369]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=bdecffda647e17f8aaeb4057bd1064236075bc9c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)&nbsp [Orabug: 27533309]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - hvmloader: Correct nr_vnodes when init_vnuma_info fails\n (Annie Li)&nbsp \n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1fb819ca1b801af1f59983f34776501336a57979\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Fail migration if destination does not allow pv guest\n running (Annie Li)&nbsp [Orabug: 27465310]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:\n 27445667]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=d5afa57c42732dc35a572582099c67ee3c397434\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Enable creating pv guest on OVM3.4.4 by default (Annie\n Li) [Orabug: 27424482]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen/x86: Make sure identify_cpu is called with traps\n enabled (Joao Martins)&nbsp [Orabug: 27393237]\n\n - xend: disallow pv guests to run (Joao Martins)&nbsp \n [Orabug: 27370330]\n\n - hvmloader, x86/hvm, domctl: enumerate apicid based on\n vcpu_to_vnode (Joao Martins)&nbsp [Orabug: 27119689]\n\n - xend: conditionally use dom0 vcpus for vnuma auto (Joao\n Martins) \n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)&nbsp [Orabug:\n 27375704]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)&nbsp [Orabug: 27409734]", "edition": 34, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "title": "OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2018-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/107129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0020.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107129);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=9ccc143584e12027a8db854d19ce8a120d22cfac\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)&nbsp [Orabug: 27614581]&nbsp \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)&nbsp [Orabug: 27614605]&nbsp \n (CVE-2018-7540)\n\n - xend: allow setting topology if smt is off in bios\n (Elena Ufimtseva)&nbsp \n\n - x86/svm: clear CPUID IBPB when feature is not supported\n (Elena Ufimtseva)&nbsp [Orabug: 27416699]\n\n - x86/domain: Move hvm_vcpu_initialize before\n cpuid_policy_changed (Elena Ufimtseva)&nbsp [Orabug:\n 27416699]\n\n - x86, amd_ucode: support multiple container files\n appended together (Aravind Gopalakrishnan)&nbsp \n [Orabug: 27416699]\n\n - x86/intel: change default governor to performance (Joao\n Martins) \n\n - x86/cpuidle: Disable deep C-states due to erratum AAJ72\n (Joao Martins)&nbsp [Orabug: 27614625]\n\n - Revert 'set max cstate to 1' (Joao Martins)&nbsp \n [Orabug: 27614625]\n\n - x86/cpuidle: add new CPU families (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86/Intel: Broadwell doesn't have\n PKG_C[8,9,10]_RESIDENCY MSRs (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - mwait-idle: add KBL support (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait-idle: add SKX support (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait_idle: Skylake Client Support (Len Brown)&nbsp \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)&nbsp \n [Orabug: 27614625]\n\n - x86/idle: update to include further package/core\n residency MSRs (Jan Beulich)&nbsp [Orabug: 27614625]\n\n - mwait-idle: support additional Broadwell model (Len\n Brown) [Orabug: 27614625]\n\n - x86/mwait-idle: Broadwell support (Len Brown)&nbsp \n [Orabug: 27614625]\n\n - x86/mwait-idle: disable Baytrail Core and Module C6\n auto-demotion (Len Brown)&nbsp [Orabug: 27614625]\n\n - mwait-idle: add CPU model 54 (Atom N2000 series) (Jan\n Kiszka) [Orabug: 27614625]\n\n - mwait-idle: support Bay Trail (Len Brown)&nbsp [Orabug:\n 27614625]\n\n - mwait-idle: allow sparse sub-state numbering, for Bay\n Trail (Len Brown)&nbsp [Orabug: 27614625]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=c837c35e1c04791a50f930926ba815ca5b4d3661\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: restore smt parameter on guest reboot (Elena\n Ufimtseva) [Orabug: 27574191]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp \n [Orabug: 27553369]&nbsp (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553369]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)&nbsp [Orabug: 27553369]&nbsp (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)&nbsp [Orabug: 27553369]&nbsp \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=bdecffda647e17f8aaeb4057bd1064236075bc9c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)&nbsp [Orabug: 27533309]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - hvmloader: Correct nr_vnodes when init_vnuma_info fails\n (Annie Li)&nbsp \n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1fb819ca1b801af1f59983f34776501336a57979\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Fail migration if destination does not allow pv guest\n running (Annie Li)&nbsp [Orabug: 27465310]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:\n 27445667]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=d5afa57c42732dc35a572582099c67ee3c397434\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Enable creating pv guest on OVM3.4.4 by default (Annie\n Li) [Orabug: 27424482]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen/x86: Make sure identify_cpu is called with traps\n enabled (Joao Martins)&nbsp [Orabug: 27393237]\n\n - xend: disallow pv guests to run (Joao Martins)&nbsp \n [Orabug: 27370330]\n\n - hvmloader, x86/hvm, domctl: enumerate apicid based on\n vcpu_to_vnode (Joao Martins)&nbsp [Orabug: 27119689]\n\n - xend: conditionally use dom0 vcpus for vnuma auto (Joao\n Martins) \n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)&nbsp [Orabug:\n 27375704]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)&nbsp [Orabug: 27409734]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-March/000831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?884f76d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-155.0.22.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-155.0.22.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-05-01T04:08:29", "description": "This update for xen fixes the following issues: Update to Xen 4.7.5\nbug fix only release (bsc#1027519) Security issues fixed :\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4\n pagetable freeing (XSA-252) (bsc#1080635)\n\n - CVE-2018-7541: A grant table v2 -> v1 transition may\n crash Xen (XSA-255) (bsc#1080662)\n\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed\n information leaks via side effects of speculative\n execution (XSA-254). Includes Spectre v2 mitigation.\n (bsc#1074562)\n\n - Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1) (bsc#1087251)\n\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n\n - Add script, udev rule and systemd service to watch for\n vcpu online/offline events in a HVM domU They are\n triggered via xl vcpu-set domU N (fate#324965)\n\n - Make sure tools and tools-domU require libs from the\n very same build\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 32, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-04-11T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-0909-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0909-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109001);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues: Update to Xen 4.7.5\nbug fix only release (bsc#1027519) Security issues fixed :\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4\n pagetable freeing (XSA-252) (bsc#1080635)\n\n - CVE-2018-7541: A grant table v2 -> v1 transition may\n crash Xen (XSA-255) (bsc#1080662)\n\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed\n information leaks via side effects of speculative\n execution (XSA-254). Includes Spectre v2 mitigation.\n (bsc#1074562)\n\n - Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1) (bsc#1087251)\n\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n\n - Add script, udev rule and systemd service to watch for\n vcpu online/offline events in a HVM domU They are\n triggered via xl vcpu-set domU N (fate#324965)\n\n - Make sure tools and tools-domU require libs from the\n very same build\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5754/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7541/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180909-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ac88457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-612=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-612=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-612=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-04-30T22:49:59", "description": "The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "title": "Citrix XenServer Multiple Vulnerabilities (CTX232096)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17563", "CVE-2018-7541", "CVE-2017-17566"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX232096.NASL", "href": "https://www.tenable.com/plugins/nessus/108886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108886);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-17563\",\n \"CVE-2017-17564\",\n \"CVE-2017-17565\",\n \"CVE-2017-17566\",\n \"CVE-2018-7540\",\n \"CVE-2018-7541\"\n );\n script_bugtraq_id(\n 102167,\n 102169,\n 102172,\n 103174,\n 103177\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX232096)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX232096\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\npending = \"Refer to vendor for patch/mitigation options\";\n\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC051\"; # CTX232082\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.2\")\n{\n fix = \"XS62ESP1067\"; # CTX232083\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1065\"; # CTX232084\n if (fix >!< patches) vuln = TRUE;\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-30T21:19:55", "description": "According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.", "edition": 28, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-03-02T00:00:00", "title": "Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7540"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-252.NASL", "href": "https://www.tenable.com/plugins/nessus/107097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107097);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-7540\");\n script_bugtraq_id(103174);\n\n script_name(english:\"Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7540\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\n\nfixes['4.7']['fixed_ver'] = '4.7.5-pre';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\n\nfixes['4.8']['fixed_ver'] = '4.8.4-pre';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\n\nfixes['4.9']['fixed_ver'] = '4.9.2-pre';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\n\nfixes['4.10']['fixed_ver'] = '4.10.1-pre';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n fix = fixes[ver_branch]['fixed_ver'];\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-30T21:19:55", "description": "According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-02T00:00:00", "title": "Xen gnttab_map_frame() Function Missing Mapping Check Upgrade Guest-to-host DoS (XSA-255)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7541"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-255.NASL", "href": "https://www.tenable.com/plugins/nessus/107098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107098);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-7541\");\n script_bugtraq_id(103177);\n\n script_name(english:\"Xen gnttab_map_frame() Function Missing Mapping Check Upgrade Guest-to-host DoS (XSA-255)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-255.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7541\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 4972c38)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"bd461fc\", \"c9c1bb6\",\n \"0fbf30a\", \"7e20b9b\", \"d1618f4\", \"9d534c1\", \"dbb3553\", \"e54a8c6\",\n \"8005ed3\", \"9a852e0\", \"d779cc1\", \"c93bcf9\", \"15adcf3\", \"d7b8190\",\n \"2b1457f\", \"a357880\", \"ee23fcc\", \"5651015\", \"225e9c7\", \"3c70619\",\n \"1222333\", \"75bdd69\", \"8994cf3\", \"642c603\", \"c25ea9a\", \"feba571\",\n \"0163087\", \"44c2666\", \"db743b0\", \"41a5cce\", \"4e1b9e9\", \"4d21549\",\n \"ff4800c\", \"2613a1b\", \"8335c8a\", \"ab20c5c\", \"9089da9\", \"8edfc82\",\n \"af5b61a\", \"ec05090\", \"75263f7\", \"f7e273a\", \"03c7d2c\", \"9ce1a71\",\n \"a735c7a\", \"44ad7f6\", \"91dc902\", \"a065841\", \"c6e9e60\", \"f94c11d\",\n \"45ddc4e\", \"1ca93b7\", \"8c0c36e\", \"6e43623\", \"47d3e73\", \"ea80245\",\n \"37bb22b\", \"9b0c2a2\", \"8d3fe28\", \"be63d66\", \"9454e30\", \"aad5a67\",\n \"d8b0ebf\", \"f0208a4\", \"42b2c82\", \"57318e1\", \"9f22d72\", \"e0353b4\",\n \"76f1549\", \"9bac910\", \"c7a43e3\", \"913d4f8\", \"c5881c5\", \"b0239cd\",\n \"78fd0c3\", \"9079e0d\", \"1658a87\", \"22b6dfa\", \"a8cd231\", \"629eddd\",\n \"64c03bb\", \"b4660b4\", \"1ac8162\", \"747df3c\", \"5ae011e\", \"f974d32\",\n \"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.5';\nfixes['4.7']['fixed_ver_display'] = '4.7.5-pre (changeset c15b8dc)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"640691d\", \"69dcb65\",\n \"ade3bca\", \"c64e0c1\", \"e54670f\", \"7d56ef3\", \"aac4cbe\", \"68420b4\",\n \"e09548d\", \"be261bd\", \"327a783\", \"9f08fce\", \"4a38ec2\", \"65c9e06\",\n \"84d47ac\", \"b7dae55\", \"b2b7fe1\", \"c947e1e\", \"b1ae126\", \"72450c8\",\n \"e9220b4\", \"f961688\", \"91f7e46\", \"f291c01\", \"3cf4e29\", \"8860219\",\n \"62a2624\", \"c3f8df3\", \"3877c02\", \"f0ed5f9\", \"160b53c\", \"e131309\",\n \"9ede1ac\", \"d0cfbe8\", \"d596e6a\", \"f50ea84\", \"de3bdaa\", \"766990b\",\n \"4ac0229\", \"bafd63f\", \"d5bb425\", \"003ec3e\", \"fd884d6\", \"50c68df\",\n \"1bdcc9f\", \"2914ef5\", \"62b9706\", \"624abdc\", \"d7b73ed\", \"112c49c\",\n \"a5b0fa4\", \"e19d0af\", \"e19517a\", \"9b76908\", \"46025e3\", \"0e6c6fc\",\n \"40c4410\", \"f3b76b6\", \"4c937e2\", \"2307798\", \"7089465\", \"375896d\",\n \"99474d1\", \"f407332\", \"1c58d74\", \"d02140f\", \"fae9dd5\", \"caae052\",\n \"c90b5c1\", \"5b1c9fe\", \"2e6775e\", \"f2d19fb\", \"0baeec6\", \"664433a\",\n \"b3dfadc\", \"8f14027\", \"1967ced\", \"c3ddeca\", \"b9c150e\", \"5a99156\",\n \"4f34d9f\", \"4133de7\", \"b3981ea\", \"184f259\", \"67966a9\", \"af3f585\");\n\nfixes['4.8']['fixed_ver'] = '4.8.4';\nfixes['4.8']['fixed_ver_display'] = '4.8.4-pre (changeset 141be84)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"bb49733\", \"48faa50\",\n \"5938aa1\", \"d11783c\", \"8e1e3c7\", \"99ed786\", \"76bdfe8\", \"fee4689\",\n \"c0bfde6\", \"64c1742\", \"8615385\", \"e09a5c2\", \"ff570a3\", \"e6bcb41\",\n \"29e7171\", \"c3d195c\", \"2cd189e\", \"afdad6a\", \"532ccf4\", \"da49e51\",\n \"ca9583d\", \"479b879\", \"2eefd92\", \"60c50f2\", \"1838e21\", \"5732a8e\",\n \"987b08d\", \"eadcd83\", \"ef2464c\", \"17bfbc8\", \"499391b\", \"87cb0e2\", \"393de92\");\n\nfixes['4.9']['fixed_ver'] = '4.9.2';\nfixes['4.9']['fixed_ver_display'] = '4.9.2-pre (changeset e9bff96)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"8f42f0a\", \"aafb8ac\",\n \"88fbabc\", \"3b10e12\", \"7d5f8b3\", \"59999ae\", \"79d5197\", \"68c76d7\",\n \"bda3283\", \"a24b755\", \"13a30ba\", \"0177bf5\", \"2fdee60\", \"186c3c6\",\n \"e57d4d0\", \"1dcfd39\", \"f11cf29\", \"bd53bc8\", \"7648049\", \"602633e\",\n \"6fef46d\", \"30b9929\", \"447dce8\", \"29df8a5\", \"6403b50\", \"628b6af\",\n \"237a58b\", \"f0f7ce5\", \"d6e9725\", \"9aaa208\", \"40f9ae9\", \"ade9554\",\n \"a0ed034\", \"4d01dbc\", \"22379b6\", \"6e13ad7\", \"0d32237\", \"4ba59bd\",\n \"2997c5e\", \"751c879\", \"a2567d6\", \"9f79e8d\", \"fba48ef\", \"3790833\",\n \"50450c1\", \"2ec7ccb\", \"dc7d465\", \"1e09746\", \"87ea781\", \"96990e2\",\n \"2213ffe\", \"c3774d1\", \"f559d50\", \"f877aab\", \"0c3d524\", \"4d190d7\",\n \"a4a4abf\", \"432f715\", \"389df4f\", \"d6fe186\", \"6a39a56\", \"d9ade82\",\n \"c09e166\", \"df6db6c\", \"986fcb8\", \"da8c866\", \"47a7e3b\", \"57205c4\",\n \"09d7c30\", \"8edff60\", \"fe1147d\", \"78c61ba\", \"c9afe26\", \"4bd6306\",\n \"a20f838\", \"984bb18\", \"1b0029c\", \"32e364c\", \"d3db9e3\", \"c553285\",\n \"6260c47\", \"d1cca07\", \"0a0dcdc\", \"fb51cab\", \"61c13ed\", \"52ad651\");\n\nfixes['4.10']['fixed_ver'] = '4.10.1';\nfixes['4.10']['fixed_ver_display'] = '4.10.1-pre (changeset 16edf98)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"e2ceb2e\", \"1b1c059\",\n \"5e91fc4\", \"3921128\", \"cd2e143\", \"3181472\", \"5644514\", \"db12743\",\n \"bc0e599\", \"fc81946\", \"ce7d7c0\", \"a695f8d\", \"92efbe8\", \"8baba87\",\n \"79891ef\", \"641c11e\", \"05eba93\", \"a69cfdf\", \"0f4be6e\", \"0a7e6b5\",\n \"65ee6e0\", \"129880d\", \"c513244\", \"0e12c2c\", \"6aaf353\", \"32babfc\",\n \"47bbcb2\", \"8743fc2\", \"1830b20\", \"ab95cb0\", \"d02ef3d\", \"e32f814\",\n \"c534ab4\", \"be3138b\", \"79012ea\", \"bbd093c\", \"a69a8b5\", \"f167ebf\",\n \"c4c0187\", \"19ad8a7\", \"3caf32c\", \"df7be94\", \"f379b70\", \"728fadb\",\n \"9281129\", \"cae6e15\", \"d1f4283\", \"0f7a4fa\", \"b829d42\", \"7cccd6f\",\n \"234f481\", \"57dc197\", \"7209b8b\", \"910dd00\", \"50d24b9\", \"c89c622\",\n \"3b8d88d\", \"cdb1fb4\", \"a401864\", \"a87ec48\", \"9dc5eda\", \"135b67e\",\n \"682a9d8\", \"19dcd8e\", \"e5364c3\", \"e2dc7b5\", \"c8f4f45\", \"4150501\",\n \"ab7be6c\", \"f3fb667\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-03-06T17:36:32", "published": "2018-03-06T17:36:32", "id": "FEDORA:520A96076F57", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.1-5.fc27", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-03-20T17:37:29", "published": "2018-03-20T17:37:29", "id": "FEDORA:977BB60A6180", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-3.fc26", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-01T13:42:16", "published": "2018-05-01T13:42:16", "id": "FEDORA:698AD6087A96", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-2.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-06-07T11:50:56", "published": "2018-06-07T11:50:56", "id": "FEDORA:EAC7F6435E1F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-4.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-16T13:46:18", "published": "2018-05-16T13:46:18", "id": "FEDORA:BCAE760875D9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-3.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-3639", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-07-13T16:38:02", "published": "2018-07-13T16:38:02", "id": "FEDORA:73C6F628E99A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-6.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-25T02:03:43", "published": "2018-11-25T02:03:43", "id": "FEDORA:728DA604CD72", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.3-3.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-08-31T20:04:39", "published": "2018-08-31T20:04:39", "id": "FEDORA:D5F726042B1F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-7.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11334", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14318", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17046", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-12T18:27:24", "published": "2018-05-12T18:27:24", "id": "FEDORA:6315F608DDDD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-4.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-11T02:40:40", "published": "2018-11-11T02:40:40", "id": "FEDORA:2C89F6167407", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.3-2.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-12-24T11:42:53", "bulletinFamily": "software", "cvelist": ["CVE-2016-2074", "CVE-2018-7540", "CVE-2018-7541"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host.</p>\n<p>The following vulnerabilities have been addressed:</p>\n<ul>\n<li>CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability</li>\n<li>CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing</li>\n<li>CVE-2018-7541: grant table v2 -&gt; v1 transition may crash Xen</li>\n</ul>\n<p>The host compromise issue (CVE-2016-2074) affects Citrix XenServer versions 7.0 and 7.1 CU1 only.<br/> The denial of service issues affect all supported versions of Citrix XenServer prior to version 7.4.<br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers using the \u201cLinux bridge\u201d networking mode are unaffected by the host compromise issue.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.3: CTX233368 \u2013 <a href=\"https://support.citrix.com/article/CTX233368\">https://support.citrix.com/article/CTX233368</a></p>\n<p>Citrix XenServer 7.2: CTX233366 \u2013 <a href=\"https://support.citrix.com/article/CTX233366\">https://support.citrix.com/article/CTX233366</a></p>\n<p>Citrix XenServer 7.1 LTSR CU1: CTX233363 \u2013 <a href=\"https://support.citrix.com/article/CTX233363\">https://support.citrix.com/article/CTX233363</a> and CTX233365 \u2013 <a href=\"https://support.citrix.com/article/CTX233365\">https://support.citrix.com/article/CTX233365</a></p>\n<p>Citrix XenServer 7.0: CTX233362 \u2013 <a href=\"https://support.citrix.com/article/CTX233362\">https://support.citrix.com/article/CTX233362</a> and CTX233364 \u2013 <a href=\"https://support.citrix.com/article/CTX233364\">https://support.citrix.com/article/CTX233364</a></p>\n<p>These hotfixes are not livepatchable.</p>\n<p>Citrix is actively working on remediating the denial of service issues for releases that are End of Maintenance but not yet End of Life.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>21st March 2018</td>\n<td>Initial publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2018-03-21T04:00:00", "published": "2018-03-21T04:00:00", "id": "CTX232655", "href": "https://support.citrix.com/article/CTX232655", "type": "citrix", "title": "Citrix XenServer Multiple Security Updates", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-04-10T21:08:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "description": "This update for xen fixes the following issues:\n\n Update to Xen 4.7.5 bug fix only release (bsc#1027519)\n\n Security issues fixed:\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing\n (XSA-252) (bsc#1080635)\n - CVE-2018-7541: A grant table v2 -&gt; v1 transition may crash Xen (XSA-255)\n (bsc#1080662)\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via\n side effects of speculative execution (XSA-254). Includes Spectre v2\n mitigation. (bsc#1074562)\n\n\n - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with\n crash(1) (bsc#1087251)\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n - Add script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU They are triggered via xl vcpu-set\n domU N (fate#324965)\n - Make sure tools and tools-domU require libs from the very same build\n\n", "edition": 1, "modified": "2018-04-10T18:07:40", "published": "2018-04-10T18:07:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00009.html", "id": "SUSE-SU-2018:0909-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-05-10T00:04:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n", "edition": 1, "modified": "2018-05-09T21:09:32", "published": "2018-05-09T21:09:32", "id": "SUSE-SU-2018:1184-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00013.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-05-12T02:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-05-12T00:37:01", "published": "2018-05-12T00:37:01", "id": "OPENSUSE-SU-2018:1274-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-03-15T02:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5683", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17564", "CVE-2017-11334", "CVE-2017-17565", "CVE-2017-17563", "CVE-2017-5715", "CVE-2017-18030", "CVE-2017-5898", "CVE-2018-7541", "CVE-2017-17566", "CVE-2017-15595"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks\n via side effects of speculative execution, aka &quot;Spectre&quot; and &quot;Meltdown&quot;\n attacks (bsc#1074562, bsc#1068032)\n - CVE-2018-5683: The vga_draw_text function allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) by leveraging improper memory address validation\n (bsc#1076116).\n - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS\n guest privileged users to cause a denial of service (out-of-bounds array\n access and QEMU process crash) via vectors related to negative pitch\n (bsc#1076180).\n - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS\n (unbounded recursion, stack consumption, and hypervisor crash) or\n possibly gain privileges via crafted page-table stacking (bsc#1061081)\n - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges in shadow mode by mapping a\n certain auxiliary page (bsc#1070158).\n - CVE-2017-17563: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging an incorrect\n mask for reference-count overflow checking in shadow mode (bsc#1070159).\n - CVE-2017-17564: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging incorrect error\n handling for reference counting in shadow mode (bsc#1070160).\n - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service\n (host OS crash) if shadow mode and log-dirty mode are in place, because\n of an incorrect assertion related to M2P (bsc#1070163).\n - Added missing intermediate preemption checks for guest requesting\n removal of memory. This allowed malicious guest administrator to cause\n denial of service due to the high cost of this operation (bsc#1080635).\n - Because of XEN not returning the proper error messages when\n transitioning grant tables from v2 to v1 a malicious guest was able to\n cause DoS or potentially allowed for privilege escalation as well as\n information leaks (bsc#1080662).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - Unprivileged domains could have issued well-timed writes to xenstore\n which conflict with transactions to stall progress of the control domain\n or driver domain, possibly leading to DoS (bsc#1030144, XSA-206).\n\n", "edition": 1, "modified": "2018-03-15T00:08:50", "published": "2018-03-15T00:08:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html", "id": "SUSE-SU-2018:0678-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2018-10-31T00:03:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-7542", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2017-5715", "CVE-2018-12893", "CVE-2018-3620", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-10982", "CVE-2018-5244", "CVE-2018-12891"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could cause a Denial of Service condition or disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.10.1-r2\"", "edition": 1, "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "GLSA-201810-06", "href": "https://security.gentoo.org/glsa/201810-06", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}