Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.FEDORA_2013-1644.NASL
HistoryFeb 06, 2013 - 12:00 a.m.

Fedora 18 : libvirt-0.10.2.3-1.fc18 (2013-1644)

2013-02-0600:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

  • Rebased to version 0.10.2.3

    • Fix libxl driver to build against xen 4.2 (bz #870689)

    • Fix possible crash when destroying guests (bz #877110)

    • Fix loading sysctl file (bz #887017)

    • Fix svirt memory leak (bz #890039)

    • Fix attaching PCI netdev to VM (bz #893131)

    • Fix libvirtd segfault on shutdown (bz #903184)

    • Raise mem limit to stop qemu processes from getting OOM killed (bz #903432)

    • CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-1644.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64477);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-0170");
  script_bugtraq_id(57578);
  script_xref(name:"FEDORA", value:"2013-1644");

  script_name(english:"Fedora 18 : libvirt-0.10.2.3-1.fc18 (2013-1644)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Rebased to version 0.10.2.3

    - Fix libxl driver to build against xen 4.2 (bz #870689)

    - Fix possible crash when destroying guests (bz #877110)

    - Fix loading sysctl file (bz #887017)

    - Fix svirt memory leak (bz #890039)

    - Fix attaching PCI netdev to VM (bz #893131)

    - Fix libvirtd segfault on shutdown (bz #903184)

    - Raise mem limit to stop qemu processes from getting
      OOM killed (bz #903432)

    - CVE-2013-0170 libvirt: use-after-free in
      virNetMessageFree() (bz #893450, bz #905173)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=893450"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f930a4a9"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libvirt package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC18", reference:"libvirt-0.10.2.3-1.fc18")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
VendorProductVersionCPE
fedoraprojectfedoralibvirtp-cpe:/a:fedoraproject:fedora:libvirt
fedoraprojectfedora18cpe:/o:fedoraproject:fedora:18

Related

nessus 11
openvas 24
ubuntucve 1
cve 1
veracode 2
prion 1
debiancve 1
suse 3
fedora 5
redhat 1
oraclelinux 2
centos 1
ubuntu 1
gentoo 1
securityvulns 2
osv 16
nessus
nessus
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130128)
2013-01-29 00:00:00
SuSE 11.2 Security Update : libvirt (SAT Patch Number 7310)
2013-02-21 00:00:00
Fedora 16 : libvirt-0.9.6.4-1.fc16 (2013-1642)
2013-02-08 00:00:00
openvas
openvas
RedHat Update for libvirt RHSA-2013:0199-01
2013-01-31 00:00:00
Fedora Update for libvirt FEDORA-2013-1644
2013-02-08 00:00:00
SuSE Update for update openSUSE-SU-2013:0275-1 (update)
2013-03-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-0170
2013-01-28 00:00:00
cve
cve
CVE-2013-0170
2013-02-08 20:55:00
veracode
veracode
Denial Of Service (DoS)
2018-07-25 09:17:44
Denial Of Service (DoS)
2019-01-15 08:54:43
prion
prion
Design/Logic Flaw
2013-02-08 20:55:00
debiancve
debiancve
CVE-2013-0170
2013-02-08 20:55:00
suse
suse
update for libvirt (important)
2013-02-12 10:06:10
Security update for libvirt (important)
2013-02-21 18:04:26
libvirt to fix use-after-free in virNetMessageFree() (important)
2013-02-12 10:04:34
fedora
fedora
[SECURITY] Fedora 18 Update: libvirt-0.10.2.3-1.fc18
2013-02-05 16:55:04
[SECURITY] Fedora 18 Update: libvirt-0.10.2.5-1.fc18
2013-05-29 00:52:13
[SECURITY] Fedora 16 Update: libvirt-0.9.6.4-1.fc16
2013-02-08 02:07:48
redhat
redhat
(RHSA-2013:0199) Important: libvirt security update
2013-01-28 00:00:00
oraclelinux
oraclelinux
libvirt security update
2013-01-28 00:00:00
libvirt security, bug fix, and enhancement update
2013-02-27 00:00:00
centos
centos
libvirt security update
2013-01-28 21:41:46
ubuntu
ubuntu
libvirt vulnerabilities
2013-01-29 00:00:00
gentoo
gentoo
libvirt: Multiple vulnerabilities
2013-09-25 00:00:00
securityvulns
securityvulns
libvirt DoS vulnerabilities
2013-02-04 00:00:00
[USN-1708-1] libvirt vulnerabilities
2013-02-04 00:00:00
osv
osv
CVE-2022-0897
2022-03-25 19:15:10
CVE-2020-12430
2020-04-28 20:15:12
CVE-2018-6764
2018-02-23 17:29:00
JSON
Related for FEDORA_2013-1644.NASL
nessus11openvas24ubuntucve1cve1veracode2prion1debiancve1suse3fedora5redhat1oraclelinux2centos1ubuntu1gentoo1securityvulns2osv16