Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2016-73853A7A16.NASLHistoryJul 15, 2016 - 12:00 a.m.
Fedora 23 : 2:qemu (2016-73853a7a16)
2016-07-1500:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
-
CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083)
-
CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue
-
CVE-2016-5106: scsi: megasas: out-of-bounds write (bz #1339581)
-
CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585)
-
CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573)
-
CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740)
-
CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744)
-
CVE-2016-5238: scsi: esp: OOB write (bz #1341932)
-
CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325)
-
CVE-2016-5337: scsi: megasas: information leakage (bz #1343910)
-
Add deps on edk2-ovmf and edk2-aarch64
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2016-73853a7a16.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(92255);
script_version("2.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-4002", "CVE-2016-4453", "CVE-2016-4454", "CVE-2016-4952", "CVE-2016-5105", "CVE-2016-5106", "CVE-2016-5107", "CVE-2016-5238", "CVE-2016-5337", "CVE-2016-5338");
script_xref(name:"FEDORA", value:"2016-73853a7a16");
script_name(english:"Fedora 23 : 2:qemu (2016-73853a7a16)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - CVE-2016-4002: net: buffer overflow in MIPSnet (bz
#1326083)
- CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue
- CVE-2016-5106: scsi: megasas: out-of-bounds write (bz
#1339581)
- CVE-2016-5105: scsi: megasas: stack information leakage
(bz #1339585)
- CVE-2016-5107: scsi: megasas: out-of-bounds read (bz
#1339573)
- CVE-2016-4454: display: vmsvga: out-of-bounds read (bz
#1340740)
- CVE-2016-4453: display: vmsvga: infinite loop (bz
#1340744)
- CVE-2016-5238: scsi: esp: OOB write (bz #1341932)
- CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325)
- CVE-2016-5337: scsi: megasas: information leakage (bz
#1343910)
- Add deps on edk2-ovmf and edk2-aarch64
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected 2:qemu package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:qemu");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/26");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC23", reference:"qemu-2.4.1-11.fc23", epoch:"2")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:qemu");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 2 | p-cpe:/a:fedoraproject:fedora:2:qemu |
| fedoraproject | fedora | 23 | cpe:/o:fedoraproject:fedora:23 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5338
bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16
Related
nessus
nessus
Fedora 22 : 2:qemu (2016-ea3002b577)
2016-07-15 00:00:00
Fedora 24 : 2:qemu (2016-a80eab65ba)
2016-07-15 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : QEMU regression (USN-3047-2)
2016-08-15 00:00:00
openvas
openvas
Fedora Update for qemu FEDORA-2016-ea3002b577
2016-07-10 00:00:00
Fedora Update for qemu FEDORA-2016-73853a7a16
2016-07-10 00:00:00
Fedora Update for qemu FEDORA-2016-a80eab65ba
2016-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: qemu-2.4.1-11.fc23
2016-07-02 19:35:10
[SECURITY] Fedora 22 Update: qemu-2.3.1-16.fc22
2016-07-02 19:29:05
[SECURITY] Fedora 24 Update: qemu-2.6.0-4.fc24
2016-06-25 19:31:45
ubuntu
ubuntu
QEMU regression
2016-08-12 00:00:00
QEMU vulnerabilities
2016-08-04 00:00:00
QEMU vulnerabilities
2016-05-12 00:00:00
suse
suse
Security update for qemu (important)
2016-10-21 19:08:51
Security update for qemu (important)
2016-10-26 14:11:23
Security update for xen (important)
2016-08-18 18:09:54
archlinux
archlinux
qemu: multiple issues
2016-06-08 00:00:00
qemu-arch-extra: multiple issues
2016-06-08 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2016-09-25 00:00:00
prion
prion
Design/Logic Flaw
2016-09-02 14:59:00
Command injection
2016-09-02 14:59:00
Information disclosure
2016-06-14 14:59:00
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
cve
cve
osv
osv
qemu - security update
2018-11-29 00:00:00
debian
debian
[SECURITY] [DLA 1599-1] qemu security update
2018-11-30 14:28:32
ibm
ibm
Security Bulletin: Vulnerabilities in QEMU affect PowerKVM
2018-06-18 01:34:46
Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
2018-06-18 01:33:29
mageia
mageia
Updated qemu packages fix security vulnerabilities
2016-05-18 23:14:22
Related for FEDORA_2016-73853A7A16.NASL