{"id": "FEDORA_2020-295ED0B1E0.NASL", "bulletinFamily": "scanner", "title": "Fedora 31 : xen (2020-295ed0b1e0)", "description": "multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741]\n(#1823912, #1823914) Missing memory barriers in read-write unlock\npaths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in\nGNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad\ncontinuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742]\n(#1823943)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2020-05-01T00:00:00", "modified": "2020-05-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/136210", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2020-295ed0b1e0"], "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "type": "nessus", "lastseen": "2020-07-11T01:55:04", "edition": 5, "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-202005-08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0599-1"]}, {"type": "fedora", "idList": ["FEDORA:1FA1463156AC", "FEDORA:AADD7604A709", "FEDORA:A907C60FDFF0"]}, {"type": "nessus", "idList": ["SUSE_SU-2020-1630-1.NASL", "SUSE_SU-2020-1124-1.NASL", "DEBIAN_DSA-4723.NASL", "XEN_SERVER_XSA-316.NASL", "SUSE_SU-2020-1139-1.NASL", "GENTOO_GLSA-202005-08.NASL", "OPENSUSE-2020-599.NASL", "SUSE_SU-2020-2234-1.NASL", "SUSE_SU-2020-1138-1.NASL", "FEDORA_2020-CBC3149753.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877742", "OPENVAS:1361412562310853137", "OPENVAS:1361412562310877828", "OPENVAS:1361412562310704723", "OPENVAS:1361412562310877775"]}, {"type": "cve", "idList": ["CVE-2020-11741", "CVE-2020-11739", "CVE-2020-11742", "CVE-2020-11740", "CVE-2020-11743"]}, {"type": "citrix", "idList": ["CTX270837"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4723-1:912C0"]}, {"type": "xen", "idList": ["XSA-314", "XSA-318", "XSA-316", "XSA-313"]}], "modified": "2020-07-11T01:55:04", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2020-07-11T01:55:04", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-295ed0b1e0.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136210);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_xref(name:\"FEDORA\", value:\"2020-295ed0b1e0\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"Fedora 31 : xen (2020-295ed0b1e0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741]\n(#1823912, #1823914) Missing memory barriers in read-write unlock\npaths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in\nGNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad\ncontinuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742]\n(#1823943)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-295ed0b1e0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"xen-4.12.2-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "136210", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:31"], "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "scheme": null}

{"gentoo": [{"lastseen": "2020-05-15T03:08:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.12.2-r2\"", "edition": 1, "modified": "2020-05-14T00:00:00", "published": "2020-05-14T00:00:00", "id": "GLSA-202005-08", "href": "https://security.gentoo.org/glsa/202005-08", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-05-02T02:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n (bsc#1168140).\n - CVE-2020-11739: Missing memory barriers in read-write unlock paths\n (bsc#1168142).\n - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n - arm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\n Non-security issues fixed:\n\n - Xenstored Crashed during VM install (bsc#1167152)\n - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\n bsc#1134506)\n - Update API compatibility versions, fixes issues for libvirt.\n (bsc#1167007, bsc#1157490)\n - aacraid blocks xen commands (bsc#1155200)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-05-02T00:40:00", "published": "2020-05-02T00:40:00", "id": "OPENSUSE-SU-2020:0599-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11741", "CVE-2020-11742", "CVE-2020-11743"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-04-25T02:37:42", "published": "2020-04-25T02:37:42", "id": "FEDORA:A907C60FDFF0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: xen-4.13.0-7.fc32", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11741", "CVE-2020-11742", "CVE-2020-11743"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-05-01T03:48:40", "published": "2020-05-01T03:48:40", "id": "FEDORA:1FA1463156AC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: xen-4.12.2-3.fc31", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11741", "CVE-2020-11742", "CVE-2020-11743"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-05-11T03:15:47", "published": "2020-05-11T03:15:47", "id": "FEDORA:AADD7604A709", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xen-4.11.4-1.fc30", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-07-11T03:52:29", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11742: Bad continuation handling in\n GNTTABOP_copy (bsc#1169392).\n\n - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple\n xenoprof issues (bsc#1168140).\n\n - CVE-2020-11739: Missing memory barriers in read-write\n unlock paths (bsc#1168142).\n\n - CVE-2020-11743: Bad error path in GNTTABOP_map_grant\n (bsc#1168143).\n\n - arm: a CPU may speculate past the ERET instruction\n (bsc#1160932).\n\nNon-security issues fixed :\n\n - Xenstored Crashed during VM install (bsc#1167152)\n\n - DomU hang: soft lockup CPU #0 stuck under high load\n (bsc#1165206, bsc#1134506)\n\n - Update API compatibility versions, fixes issues for\n libvirt. (bsc#1167007, bsc#1157490)\n\n - aacraid blocks xen commands (bsc#1155200)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-05-04T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2020-599)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-05-04T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2020-599.NASL", "href": "https://www.tenable.com/plugins/nessus/136312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-599.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136312);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2020-599)\");\n script_summary(english:\"Check for the openSUSE-2020-599 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11742: Bad continuation handling in\n GNTTABOP_copy (bsc#1169392).\n\n - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple\n xenoprof issues (bsc#1168140).\n\n - CVE-2020-11739: Missing memory barriers in read-write\n unlock paths (bsc#1168142).\n\n - CVE-2020-11743: Bad error path in GNTTABOP_map_grant\n (bsc#1168143).\n\n - arm: a CPU may speculate past the ERET instruction\n (bsc#1160932).\n\nNon-security issues fixed :\n\n - Xenstored Crashed during VM install (bsc#1167152)\n\n - DomU hang: soft lockup CPU #0 stuck under high load\n (bsc#1165206, bsc#1134506)\n\n - Update API compatibility versions, fixes issues for\n libvirt. (bsc#1167007, bsc#1157490)\n\n - aacraid blocks xen commands (bsc#1155200)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1165206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-debugsource-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-devel-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-debuginfo-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-debuginfo-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.2_04-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.2_04-lp151.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T01:58:31", "description": "update to 4.11.4\n\n----\n\nmultiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741]\n(#1823912, #1823914) Missing memory barriers in read-write unlock\npaths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in\nGNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad\ncontinuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742]\n(#1823943)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-05-11T00:00:00", "title": "Fedora 30 : xen (2020-cbc3149753)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-05-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2020-CBC3149753.NASL", "href": "https://www.tenable.com/plugins/nessus/136438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-cbc3149753.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136438);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_xref(name:\"FEDORA\", value:\"2020-cbc3149753\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"Fedora 30 : xen (2020-cbc3149753)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 4.11.4\n\n----\n\nmultiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741]\n(#1823912, #1823914) Missing memory barriers in read-write unlock\npaths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in\nGNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad\ncontinuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742]\n(#1823943)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc3149753\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"xen-4.11.4-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T02:23:24", "description": "The remote host is affected by the vulnerability described in GLSA-202005-08\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-05-15T00:00:00", "title": "GLSA-202005-08 : Xen: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-05-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-tools"], "id": "GENTOO_GLSA-202005-08.NASL", "href": "https://www.tenable.com/plugins/nessus/136638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202005-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136638);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_xref(name:\"GLSA\", value:\"202005-08\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"GLSA-202005-08 : Xen: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-202005-08\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202005-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Xen users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.12.2-r2'\n All Xen Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/xen-tools-4.12.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/xen\", unaffected:make_list(\"ge 4.12.2-r2\"), vulnerable:make_list(\"lt 4.12.2-r2\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-tools\", unaffected:make_list(\"ge 4.12.2-r1\"), vulnerable:make_list(\"lt 4.12.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:27:09", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed :\n\nXenstored Crashed during VM install (bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-04-29T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1124-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-04-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-libs-32bit-debuginfo"], "id": "SUSE_SU-2020-1124-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1124-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136076);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1124-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed :\n\nXenstored Crashed during VM install (bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11743/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201124-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bda4ce7e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-1124=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1124=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1124=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11741\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-devel-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.2_04-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.2_04-3.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T05:03:22", "description": "This update for xen to version 4.12.2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\nCVE-2020-7211: Fixed potential directory traversal using relative\npaths via tftp server on Windows host (bsc#1161181).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed: Xenstored Crashed during VM install\n(bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nProblems Booting Fedora31 VM on sles15 sp1 Xen Dom0 (bsc#1162040).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-04-30T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1139-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-7211", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-04-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-1139-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1139-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136164);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\", \"CVE-2020-7211\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1139-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen to version 4.12.2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\nCVE-2020-7211: Fixed potential directory traversal using relative\npaths via tftp server on Windows host (bsc#1161181).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed: Xenstored Crashed during VM install\n(bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nProblems Booting Fedora31 VM on sles15 sp1 Xen Dom0 (bsc#1162040).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7211/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201139-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?032927e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-1139=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-1139=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11741\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.2_04-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.2_04-3.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T05:03:21", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\nCVE-2020-7211: Fixed potential directory traversal using relative\npaths via tftp server on Windows host (bsc#1161181).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed: Xenstored Crashed during VM install\n(bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-04-30T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1138-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-7211", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-04-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-1138-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1138-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136163);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\", \"CVE-2020-7211\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n script_xref(name:\"IAVB\", value:\"2020-B-0023-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1138-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\nCVE-2020-7211: Fixed potential directory traversal using relative\npaths via tftp server on Windows host (bsc#1161181).\n\narm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed: Xenstored Crashed during VM install\n(bsc#1167152)\n\nDomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\nbsc#1134506)\n\nUpdate API compatibility versions, fixes issues for libvirt.\n(bsc#1167007, bsc#1157490)\n\naacraid blocks xen commands (bsc#1155200)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7211/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201138-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?368f57a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-1138=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-1138=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11741\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.11.3_04-2.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.11.3_04-2.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:29:43", "description": "This update for xen fixes the following issues :\n\nbsc#1174543 - secure boot related fixes\n\nbsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe\nsnprintf() usages\n\nbsc#1169392 - CVE-2020-11742: Bad continuation handling in\nGNTTABOP_copy\n\nbsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues\n\nbsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write\nunlock paths\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-14T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:2234-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-8608", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-08-14T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-2234-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2234-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139595);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-8608\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:2234-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nbsc#1174543 - secure boot related fixes\n\nbsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe\nsnprintf() usages\n\nbsc#1169392 - CVE-2020-11742: Bad continuation handling in\nGNTTABOP_copy\n\nbsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues\n\nbsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write\nunlock paths\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8608/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202234-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43c8e04d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2234=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2234=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2234=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2234=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.6_08-43.64.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.6_08-43.64.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-26T05:46:43", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, guest-to-host privilege\nescalation or information leaks.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-07-14T00:00:00", "title": "Debian DSA-4723-1 : xen - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567", "CVE-2020-15563", "CVE-2020-15564", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "modified": "2020-07-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:xen"], "id": "DEBIAN_DSA-4723.NASL", "href": "https://www.tenable.com/plugins/nessus/138394", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4723. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138394);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\n \"CVE-2020-11739\",\n \"CVE-2020-11740\",\n \"CVE-2020-11741\",\n \"CVE-2020-11742\",\n \"CVE-2020-11743\",\n \"CVE-2020-15563\",\n \"CVE-2020-15564\",\n \"CVE-2020-15565\",\n \"CVE-2020-15566\",\n \"CVE-2020-15567\"\n );\n script_xref(name:\"DSA\", value:\"4723\");\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"Debian DSA-4723-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, guest-to-host privilege\nescalation or information leaks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/xen\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/xen\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2020/dsa-4723\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.11.4+24-gddaaccbbab-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libxen-dev\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxencall1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxendevicemodel1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxenevtchn1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxenforeignmemory1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxengnttab1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxenmisc4.11\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxenstore3.0\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxentoolcore1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libxentoollog1\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-doc\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-hypervisor-4.11-amd64\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-hypervisor-4.11-arm64\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-hypervisor-4.11-armhf\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-hypervisor-common\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-system-amd64\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-system-arm64\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-system-armhf\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-utils-4.11\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xen-utils-common\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xenstore-utils\", reference:\"4.11.4+24-gddaaccbbab-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:28:42", "description": "This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest, leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19579: Fixed a privilege escalation where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nXenstored Crashed during VM install (bsc#1167152)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.8, "vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-18T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2019-19577", "CVE-2020-11740", "CVE-2019-19581", "CVE-2020-0543", "CVE-2019-19580", "CVE-2020-7211", "CVE-2019-19578", "CVE-2019-19583", "CVE-2020-11741", "CVE-2020-11742", "CVE-2019-19579"], "modified": "2020-06-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-1630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137624);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19583\", \"CVE-2020-0543\", \"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-7211\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest, leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19579: Fixed a privilege escalation where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nXenstored Crashed during VM install (bsc#1167152)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7211/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201630-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0121a5ca\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1630=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1630=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1630=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1630=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1630=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1630=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1630=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19579\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.4_06-3.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-09T07:24:43", "description": "According to its self-reported version number, the Xen hypervisor installed on\nthe remote host is affected by a denial of service vulnerability. Grant table\noperations are expected to return 0 for success, and a negative number for\nerrors. Some misplaced brackets cause one error path to return 1 instead of a\nnegative value. The grant table code in Linux treats this condition as success,\nand proceeds with incorrectly initialised state. A buggy or malicious guest can\nconstruct its grant table in such a way that, when a backend domain tries to\nmap a grant, it hits the incorrect error path. This will crash a Linux based\ndom0 or backend domain. \n\nNote only systems with the XSA-295 patch applied are affected. All other hosts\nare not vulnerable.", "edition": 3, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-04-24T00:00:00", "title": "Xen Bad error path in GNTTABOP_map_grant DoS (XSA-316)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11743"], "modified": "2020-04-24T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-316.NASL", "href": "https://www.tenable.com/plugins/nessus/135928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135928);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/08\");\n\n script_cve_id(\"CVE-2020-11743\");\n script_xref(name:\"IAVB\", value:\"2020-B-0019-S\");\n\n script_name(english:\"Xen Bad error path in GNTTABOP_map_grant DoS (XSA-316)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor installed on\nthe remote host is affected by a denial of service vulnerability. Grant table\noperations are expected to return 0 for success, and a negative number for\nerrors. Some misplaced brackets cause one error path to return 1 instead of a\nnegative value. The grant table code in Linux treats this condition as success,\nand proceeds with incorrectly initialised state. A buggy or malicious guest can\nconstruct its grant table in such a way that, when a backend domain tries to\nmap a grant, it hits the incorrect error path. This will crash a Linux based\ndom0 or backend domain. \n\nNote only systems with the XSA-295 patch applied are affected. All other hosts\nare not vulnerable.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/xsa/advisory-316.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch or workaround according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\n\napp_name = 'Xen Hypervisor';\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += ' (changeset ' + changeset + ')';\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == 'managed')\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.9']['fixed_ver'] = '4.9.4';\nfixes['4.9']['fixed_ver_display'] = '4.9.4 (changeset 773686b)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"4e79375\", \"8d26adc\",\n \"b3718b7\", \"cf2e9cc\", \"43ab30b\", \"55bd90d\", \"173e805\", \"248f22e\",\n \"ec229c2\", \"e879bfe\", \"ce126c9\", \"4b69427\", \"8d1ee9f\", \"e60b3a9\",\n \"25f5530\", \"49db55f\", \"fa34ed5\", \"704f7ec\", \"a930a74\", \"8c52ee2\",\n \"2e15a19\", \"70639ac\", \"c3b479d\", \"e349eae\", \"632fb4e\", \"4608c6d\",\n \"7daacca\", \"859e48e\", \"5be2dd0\", \"b0147bd\", \"cadd66a\", \"d3c4b60\",\n \"d59f5c4\", \"44303c6\", \"79538ba\", \"80c3157\", \"73f1a55\", \"bc20fb1\",\n \"754a531\", \"7b032c2\", \"ff4fdf0\", \"8d2a688\", \"b9013d7\", \"bc8e5ec\",\n \"34907f5\", \"e70bf7e\", \"fa0b891\", \"3a8177c\", \"04ec835\", \"8d63ec4\",\n \"1ff6b4d\", \"f092d86\", \"e4b534f\", \"87c49fe\", \"19becb8\", \"43775c0\",\n \"f6b0f33\", \"a17e75c\", \"67530e7\", \"f804549\", \"84f81a8\", \"56aa239\",\n \"105db42\", \"d9da3ea\", \"ac90240\", \"3db28b0\", \"9b6f1c0\", \"0c4bbad\",\n \"917d8d3\", \"3384ea4\", \"352421f\", \"04e9dcb\", \"1612f15\", \"f952b1d\",\n \"63d9330\", \"f72414a\", \"ac3a5f8\", \"1ae6b8e\", \"1dd3dcc\", \"7390fa1\",\n \"7e78dc4\", \"8fdfb1e\", \"55d36e2\", \"045f37c\", \"dd7e637\", \"7a40b5b\", \"f5acf97\");\n\nfixes['4.10']['fixed_ver'] = '4.10.4';\nfixes['4.10']['fixed_ver_display'] = '4.10.4 (changeset cbedabf)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"38e589d\", \"a91b8fc\",\n \"3e0c316\", \"49a5d6e\", \"6cb1cb9\", \"ba2776a\", \"9d143e8\", \"fe8dab3\",\n \"07e546e\", \"fefa5f9\", \"c9f9ff7\", \"406d40d\", \"e489955\", \"37139f1\",\n \"fde09cb\", \"804ba02\", \"e8c3971\", \"a8c4293\", \"aa40452\", \"1da3dab\",\n \"e5632c4\", \"902e72d\", \"6a14610\", \"ea815b2\", \"13ad331\", \"61b75d9\",\n \"e70e7bf\", \"e966e2e\", \"dfa16a1\", \"a71e199\", \"c98be9e\", \"a548e10\",\n \"d3c0e84\", \"53b1572\", \"7203f9a\", \"6d1659d\", \"a782173\", \"24e90db\",\n \"0824bc6\", \"e6f3135\", \"3131bf9\");\n\nfixes['4.11']['fixed_ver'] = '4.11.4';\nfixes['4.11']['fixed_ver_display'] = '4.11.4-pre (changeset 52da389)';\nfixes['4.11']['affected_ver_regex'] = '^4\\\\.11\\\\.';\nfixes['4.11']['affected_changesets'] = make_list(\"d430e15\", \"7900cb7\",\n \"06a5a27\", \"affb032\", \"5adb81a\", \"4b4ec47\", \"8f51dad\", \"09508fd\",\n \"ac3b39c\", \"480d9b4\", \"dfcd120\", \"696d142\", \"6bc54c0\", \"f9e2a60\",\n \"98cf186\", \"a12c52d\", \"21fc266\", \"7224587\", \"2ffed5c\", \"8348cc7\",\n \"a4f502e\", \"5abd261\", \"b187c14\", \"8fa2976\", \"9e48faf\", \"888a7da\",\n \"06adda7\", \"346eae8\", \"0e126cc\", \"ddffc4d\", \"14b62ab\", \"6561994\",\n \"f562c6b\", \"d35cbee\", \"85e047d\", \"d9dd863\", \"0e5be46\", \"146d5bd\",\n \"81bd09f\", \"b9527ec\", \"d627249\", \"d397a5a\", \"6a40067\", \"a700446\",\n \"0d91d9d\", \"005c9b8\", \"1432cd5\", \"608be81\", \"d81c711\", \"3d2cc67\",\n \"d4a67be\", \"b8a8278\", \"06555fd\");\n\nfixes['4.12']['fixed_ver'] = '4.12.3';\nfixes['4.12']['fixed_ver_display'] = '4.12.3-pre (changeset 46bde05)';\nfixes['4.12']['affected_ver_regex'] = '^4\\\\.12\\\\.';\nfixes['4.12']['affected_changesets'] = make_list(\"1541b26\", \"45624a7\",\n \"dc3fb83\", \"e8c8071\", \"a46cd06\", \"524e739\", \"36f810b\", \"752558e\",\n \"c1a1c4e\", \"4c69d1c\", \"9a082e1\", \"e282e87\", \"f326440\", \"736c67b\",\n \"94f0bb7\", \"4c18745\", \"3c37292\", \"813757c\", \"824bdb4\", \"30acb65\",\n \"2d86de4\", \"c03afae\", \"3d89e04\", \"95d956d\", \"b165d13\", \"8663b6a\",\n \"636b40d\", \"16803a6\", \"d32c575\", \"e4f4127\", \"b9063ce\", \"58d3a68\",\n \"a12589f\", \"5454111\", \"7ee6e17\", \"71382e9\");\n\nfixes['4.13']['fixed_ver'] = '4.13.1';\nfixes['4.13']['fixed_ver_display'] = '4.13.1-pre (changeset d91d4fe)';\nfixes['4.13']['affected_ver_regex'] = '^4\\\\.13\\\\.';\nfixes['4.13']['affected_changesets'] = make_list(\"b6a2c42\", \"ef922bd\",\n \"65b16f3\", \"736da59\", \"460003e\", \"2e05b8a\", \"c0dad81\", \"436c54e\",\n \"181614a\", \"04497b3\", \"ad5e611\", \"b3e08a6\", \"71b7ead\", \"d5be080\",\n \"c7a1e58\", \"18d9129\", \"16670ad\", \"69c8307\", \"e519573\", \"680356e\",\n \"6a5ebbb\", \"e9fdf6a\", \"ac75ea8\", \"a99de9d\", \"e1e24c5\", \"0d16bb7\",\n \"07ac8a9\", \"431ddeb\", \"5e10699\", \"655897c\", \"a8fbb0f\", \"d3f3e44\",\n \"1bfc29f\", \"86f0b73\", \"994ff51\", \"c7409f8\", \"fbb17c4\", \"80dd503\",\n \"e6854fe\", \"9e779d1\", \"0518c16\", \"ef5961d\", \"1482807\", \"8a717bd\",\n \"c0d0b4e\", \"c080e5b\", \"7f11b1c\", \"95d43cd\", \"328dd23\", \"e312149\",\n \"659efd4\", \"721f2c3\", \"3baeeed\", \"01acc25\", \"fe0496e\", \"55ca8ab\",\n \"cb071e4\", \"efb9c68\", \"6a10d04\", \"492be8e\", \"c1264bf\");\n\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n 'Installed version', display_version,\n 'Fixed version', fix,\n 'Path', path\n);\n\norder = make_list('Path', 'Installed version', 'Fixed version');\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_NOTE);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-08T08:52:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310877742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877742", "type": "openvas", "title": "Fedora: Security Advisory for xen (FEDORA-2020-440457afe4)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877742\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11739\", \"CVE-2020-11743\", \"CVE-2020-11742\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 03:15:11 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for xen (FEDORA-2020-440457afe4)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-440457afe4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2020-440457afe4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.13.0~7.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-22T13:26:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "The remote host is missing an update for the ", "modified": "2020-05-20T00:00:00", "published": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310877828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877828", "type": "openvas", "title": "Fedora: Security Advisory for xen (FEDORA-2020-cbc3149753)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877828\");\n script_version(\"2020-05-20T02:28:18+0000\");\n script_cve_id(\"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11739\", \"CVE-2020-11743\", \"CVE-2020-11742\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-20 02:28:18 +0000 (Wed, 20 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-15 03:23:26 +0000 (Fri, 15 May 2020)\");\n script_name(\"Fedora: Security Advisory for xen (FEDORA-2020-cbc3149753)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-cbc3149753\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2020-cbc3149753 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.4~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T16:55:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "The remote host is missing an update for the ", "modified": "2020-05-07T00:00:00", "published": "2020-05-02T00:00:00", "id": "OPENVAS:1361412562310877775", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877775", "type": "openvas", "title": "Fedora: Security Advisory for xen (FEDORA-2020-295ed0b1e0)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877775\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11739\", \"CVE-2020-11743\", \"CVE-2020-11742\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-02 03:20:54 +0000 (Sat, 02 May 2020)\");\n script_name(\"Fedora: Security Advisory for xen (FEDORA-2020-295ed0b1e0)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-295ed0b1e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2020-295ed0b1e0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.12.2~3.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T16:45:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "The remote host is missing an update for the ", "modified": "2020-05-07T00:00:00", "published": "2020-05-02T00:00:00", "id": "OPENVAS:1361412562310853137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853137", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2020:0599-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853137\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-02 03:01:11 +0000 (Sat, 02 May 2020)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2020:0599-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0599-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2020:0599-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n\n - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n (bsc#1168140).\n\n - CVE-2020-11739: Missing memory barriers in read-write unlock paths\n (bsc#1168142).\n\n - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n\n - arm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\n Non-security issues fixed:\n\n - Xenstored Crashed during VM install (bsc#1167152)\n\n - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,\n bsc#1134506)\n\n - Update API compatibility versions, fixes issues for libvirt.\n (bsc#1167007, bsc#1157490)\n\n - aacraid blocks xen commands (bsc#1155200)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-599=1\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.12.2_04~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:07:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567", "CVE-2020-15563", "CVE-2020-15564", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "The remote host is missing an update for the ", "modified": "2020-07-14T00:00:00", "published": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310704723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704723", "type": "openvas", "title": "Debian: Security Advisory for xen (DSA-4723-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704723\");\n script_version(\"2020-07-14T03:00:27+0000\");\n script_cve_id(\"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-11743\", \"CVE-2020-15563\", \"CVE-2020-15564\", \"CVE-2020-15565\", \"CVE-2020-15566\", \"CVE-2020-15567\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 03:00:27 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-14 03:00:27 +0000 (Tue, 14 Jul 2020)\");\n script_name(\"Debian: Security Advisory for xen (DSA-4723-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4723.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4723-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the DSA-4723-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, guest-to-host privilege\nescalation or information leaks.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+24-gddaaccbbab-1~deb10u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxencall1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxendevicemodel1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenevtchn1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenforeignmemory1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxengnttab1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenmisc4.11\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxentoolcore1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxentoollog1\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-doc\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-amd64\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-arm64\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-armhf\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-common\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.11\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.11.4+24-gddaaccbbab-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T07:36:56", "description": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.", "edition": 12, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-04-14T13:15:00", "title": "CVE-2020-11741", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11741"], "modified": "2020-07-13T16:15:00", "cpe": ["cpe:/o:xen:xen:4.13.0", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-11741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11741", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:56", "description": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.", "edition": 12, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-04-14T13:15:00", "title": "CVE-2020-11739", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11739"], "modified": "2020-07-13T16:15:00", "cpe": ["cpe:/o:xen:xen:4.13.0", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-11739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11739", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:56", "description": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.", "edition": 12, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-14T13:15:00", "title": "CVE-2020-11742", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11742"], "modified": "2020-07-13T16:15:00", "cpe": ["cpe:/o:xen:xen:4.13.0", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-11742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11742", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:56", "description": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.", "edition": 12, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-14T13:15:00", "title": "CVE-2020-11743", "type": "cve", "cwe": ["CWE-755"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11743"], "modified": "2020-07-13T16:15:00", "cpe": ["cpe:/o:xen:xen:4.13.0", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-11743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11743", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:56", "description": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.", "edition": 13, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-14T13:15:00", "title": "CVE-2020-11740", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11740"], "modified": "2020-07-13T16:15:00", "cpe": ["cpe:/o:xen:xen:4.13.0"], "id": "CVE-2020-11740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11740", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:xen:xen:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*"]}], "citrix": [{"lastseen": "2020-12-24T11:42:43", "bulletinFamily": "software", "cvelist": ["CVE-2020-11740", "CVE-2020-11741", "CVE-2020-11742", "CVE-2020-11743"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p id=\"cq-gen346\">Several issues have been identified within Citrix Hypervisor, which could, if exploited, allow:</p>\n<ul id=\"cq-gen347\">\n<li>privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data left by a previous VM)</li>\n<li>privileged code in a guest VM to cause the host to crash</li>\n</ul>\n<p id=\"cq-gen348\">These vulnerabilities affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1.</p>\n<p id=\"cq-gen349\">These issues have the following identifiers:</p>\n<ul id=\"cq-gen350\">\n<li> <span style=\"letter-spacing: 0.0px;\">CVE-2020-11740</span></li>\n<li>CVE-2020-11741</li>\n<li>CVE-2020-11742</li>\n<li>CVE-2020-11743</li>\n</ul>\n<p id=\"cq-gen351\">Note that support for PV guests was removed in Citrix Hypervisor 8.1. The provided hotfix for Citrix Hypervisor 8.1 does address both issues but customers should not assume that Citrix will address any future security issues related to PV guests running on Citrix Hypervisor 8.1.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix Hypervisor 8.1: CTX270795 \u2013 <a href=\"https://support.citrix.com/article/CTX270795\">https://support.citrix.com/article/CTX270795</a></p>\n<p>Citrix Hypervisor 8.0: CTX270794 \u2013 <a href=\"https://support.citrix.com/article/CTX270794\">https://support.citrix.com/article/CTX270794</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX270793 \u2013 <a href=\"https://support.citrix.com/article/CTX270793\">https://support.citrix.com/article/CTX270793</a></p>\n<p>Citrix XenServer 7.0: CTX270792 \u2013 <a href=\"https://support.citrix.com/article/CTX270792\">https://support.citrix.com/article/CTX270792</a></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>2020-04-14</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2020-04-14T04:00:00", "published": "2020-04-14T04:00:00", "id": "CTX270837", "href": "https://support.citrix.com/article/CTX270837", "type": "citrix", "title": "Citrix Hypervisor Multiple Security Updates", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:56:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11739", "CVE-2020-11740", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567", "CVE-2020-15563", "CVE-2020-15564", "CVE-2020-11743", "CVE-2020-11741", "CVE-2020-11742"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4723-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 12, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 \n CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 \n CVE-2020-15566 CVE-2020-15567\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, guest-to-host privilege\nescalation or information leaks.\n \nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+24-gddaaccbbab-1~deb10u1.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 5, "modified": "2020-07-12T20:40:10", "published": "2020-07-12T20:40:10", "id": "DEBIAN:DSA-4723-1:912C0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00128.html", "title": "[SECURITY] [DSA 4723-1] xen security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2020-04-14T16:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-11740", "CVE-2020-11741"], "description": "#### ISSUE DESCRIPTION\nUnprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. This is CVE-2020-11740.\nFurthermore, for guests for which &quot;active&quot; profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This is CVE-2020-11741.\n#### IMPACT\nA malicious guest may be able to access sensitive information pertaining to other guests. Guests with &quot;active profiling&quot; enabled can crash the host (DoS). Privilege escalation cannot be ruled out.\n#### VULNERABLE SYSTEMS\nOnly x86 PV guests can leverage the vulnerabilities. Arm guests and x86 HVM and PVH guests cannot leverage the vulnerabilities.\nAll Xen versions back to at least 3.2 are vulnerable.\nAny x86 PV guest can leverage the information leak. Only x86 PV guests whose host administrator has explicitly enabled &quot;active profiling&quot; for an untrusted guest can exploit the DoS / potential privilege escalation.\nOnly builds of Xen with the Xenoprof functionality enabled at build time are vulnerable. The option to disable the functionality at build time was been introduced in Xen 4.7.\n", "edition": 1, "modified": "2020-04-14T12:00:00", "published": "2020-04-14T12:00:00", "id": "XSA-313", "href": "http://xenbits.xen.org/xsa/advisory-313.html", "title": "multiple xenoprof issues", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-04-14T16:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-11739"], "description": "#### ISSUE DESCRIPTION\nThe read-write unlock paths don&#39;t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones.\nIn other words, the unlock may be seen by another processor before all the memory accesses within the &quot;critical&quot; section.\nAs a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g a variable cannot be modified after a check) in the critical sections are not safe anymore.\nThe read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently.\n#### IMPACT\nA malicous guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nWhether an individual Arm-based CPU is vulnerable depends on its memory re-ordering properties. Consult your CPU vendor.\nx86 systems are not vulnerable.\n", "edition": 1, "modified": "2020-04-14T12:00:00", "published": "2020-04-14T12:00:00", "id": "XSA-314", "href": "http://xenbits.xen.org/xsa/advisory-314.html", "title": "Missing memory barriers in read-write unlock paths", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-04-14T16:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-11743"], "description": "#### ISSUE DESCRIPTION\nGrant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value.\nThe grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state.\n#### IMPACT\nA buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path.\nThis will crash a Linux based dom0 or backend domain.\n#### VULNERABLE SYSTEMS\nSystems running any version of Xen with the XSA-295 fixes are vulnerable. Systems which have not yet taken the XSA-295 fixes are not vulnerable.\nSystems running a Linux based dom0 or driver domain are vulnerable.\nSystems running a FreeBSD or NetBSD based dom0 or driver domain are not impacted, as they both treat any nonzero value as a failure.\nThe vulnerability of other systems will depend on how they behave when getting an unexpected positive number from the GNTTABOP_map_grant hypercall.\n", "edition": 1, "modified": "2020-04-14T12:00:00", "published": "2020-04-14T12:00:00", "id": "XSA-316", "href": "http://xenbits.xen.org/xsa/advisory-316.html", "title": "Bad error path in GNTTABOP_map_grant", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-04-14T16:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-11742"], "description": "#### ISSUE DESCRIPTION\nGrant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 / XSA-226 introduced a path through grant copy handling where success may be returned to the caller without any action taken.\nIn particular the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy.\n#### IMPACT\nA buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path.\nThis returns success to the caller without doing anything, which may cause in crashes or other incorrect behaviour.\n#### VULNERABLE SYSTEMS\nSystems running any version of Xen are vulnerable.\n", "edition": 1, "modified": "2020-04-14T12:00:00", "published": "2020-04-14T12:00:00", "id": "XSA-318", "href": "http://xenbits.xen.org/xsa/advisory-318.html", "title": "Bad continuation handling in GNTTABOP_copy", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}]}