Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-3.NASL
HistoryJan 05, 2015 - 12:00 a.m.

openSUSE Security Update : libvirt (openSUSE-SU-2015:0008-1)

2015-01-0500:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

  • CVE-2014-8135: libvirt: local denial of service in storage driver 87b9437f-CVE-2014-8135.patch bsc#910860

    • CVE-2014-8136: libvirt: local denial of service in qemu driver 2bdcd29c-CVE-2014-8136.patch bsc#910862

    • CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() 57023c0a-CVE-2014-8131.patch, cb104ef7-CVE-2014-8131.patch bsc#909274

    • Get /proc/sys/net/ipv[46] read-write for wicked to work in containers. bsc#904432. ba9b7252-sys-net-rw.patch

    • Fix potential crasher in virt-aa-helper 2222123-virt-aa-helper-crash.patch

    • ip link add now needs the ‘name’ parameter.
      433b427-iplink-name.patch

    • Fixes for virt-sandbox-service to work :

    • Allow adding virt-sandbox service config to apparmor rules. c264eea-virt-aa-helper-sandbox.patch

    • fix symlink resolving for containers to start.
      72fecf1-lxc-resolve-symlinks.patch

    • fix unmounting file system if it contains the source to mount. e50457d-lxc-unmount-check.patch

    • Remove security_driver = ‘none’ in qemu config. This completely disabled all security drivers instead of probing them.

    • Changed default value of QEMU’s security_default_confined to 0 to keep QEMU domains unconfined by default.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-3.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80355);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-8131", "CVE-2014-8135", "CVE-2014-8136");

  script_name(english:"openSUSE Security Update : libvirt (openSUSE-SU-2015:0008-1)");
  script_summary(english:"Check for the openSUSE-2015-3 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - CVE-2014-8135: libvirt: local denial of service in
    storage driver 87b9437f-CVE-2014-8135.patch bsc#910860

  - CVE-2014-8136: libvirt: local denial of service in qemu
    driver 2bdcd29c-CVE-2014-8136.patch bsc#910862

  - CVE-2014-8131: Fix possible deadlock and segfault in
    qemuConnectGetAllDomainStats()
    57023c0a-CVE-2014-8131.patch,
    cb104ef7-CVE-2014-8131.patch bsc#909274

  - Get /proc/sys/net/ipv[46] read-write for wicked to work
    in containers. bsc#904432. ba9b7252-sys-net-rw.patch

  - Fix potential crasher in virt-aa-helper
    2222123-virt-aa-helper-crash.patch

  - ip link add now needs the 'name' parameter.
    433b427-iplink-name.patch

  - Fixes for virt-sandbox-service to work :

  - Allow adding virt-sandbox service config to apparmor
    rules. c264eea-virt-aa-helper-sandbox.patch

  - fix symlink resolving for containers to start.
    72fecf1-lxc-resolve-symlinks.patch

  - fix unmounting file system if it contains the source to
    mount. e50457d-lxc-unmount-check.patch

  - Remove security_driver = 'none' in qemu config. This
    completely disabled all security drivers instead of
    probing them.

  - Changed default value of QEMU's
    security_default_confined to 0 to keep QEMU domains
    unconfined by default."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=904432"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909274"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910862"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libvirt packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libvirt-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-client-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-client-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-config-network-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-config-nwfilter-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-interface-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-lxc-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-network-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-network-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nodedev-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nwfilter-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-qemu-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-secret-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-storage-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-uml-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-uml-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-vbox-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-vbox-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-lxc-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-qemu-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-uml-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-vbox-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-debugsource-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-devel-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-lock-sanlock-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-lock-sanlock-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-login-shell-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libvirt-login-shell-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-debuginfo-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-devel-32bit-1.2.9-8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-client-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibvirtp-cpe:/a:novell:opensuse:libvirt
novellopensuselibvirt-clientp-cpe:/a:novell:opensuse:libvirt-client
novellopensuselibvirt-client-32bitp-cpe:/a:novell:opensuse:libvirt-client-32bit
novellopensuselibvirt-client-debuginfop-cpe:/a:novell:opensuse:libvirt-client-debuginfo
novellopensuselibvirt-client-debuginfo-32bitp-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit
novellopensuselibvirt-daemonp-cpe:/a:novell:opensuse:libvirt-daemon
novellopensuselibvirt-daemon-config-networkp-cpe:/a:novell:opensuse:libvirt-daemon-config-network
novellopensuselibvirt-daemon-config-nwfilterp-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter
novellopensuselibvirt-daemon-debuginfop-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo
novellopensuselibvirt-daemon-driver-interfacep-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface
Rows per page:
1-10 of 461

Related

openvas 8
gentoo 1
nessus 12
altlinux 1
fedora 2
debiancve 3
prion 3
cvelist 3
ubuntucve 3
cve 3
f5 2
mageia 1
securityvulns 2
oraclelinux 1
centos 1
redhat 1
ubuntu 1
osv 15
openvas
openvas
Gentoo Security Advisory GLSA 201412-36
2015-09-29 00:00:00
Fedora Update for libvirt FEDORA-2015-1892
2015-02-15 00:00:00
Mageia: Security Advisory (MGASA-2015-0002)
2022-01-28 00:00:00
gentoo
gentoo
libvirt: Denial of service
2014-12-24 00:00:00
nessus
nessus
GLSA-201412-36 : libvirt: Denial of Service
2014-12-26 00:00:00
Fedora 21 : libvirt-1.2.9.2-1.fc21 (2015-1892)
2015-02-16 00:00:00
Mandriva Linux Security Advisory : libvirt (MDVSA-2015:023)
2015-01-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.2.11-alt1
2014-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: libvirt-1.2.9.2-1.fc21
2015-02-15 03:07:07
[SECURITY] Fedora 20 Update: libvirt-1.1.3.9-1.fc20
2015-02-17 08:10:35
debiancve
debiancve
CVE-2014-8131
2015-01-06 15:59:00
CVE-2014-8135
2014-12-19 15:59:00
CVE-2014-8136
2014-12-19 15:59:00
prion
prion
Null pointer dereference
2014-12-19 15:59:00
Design/Logic Flaw
2015-01-06 15:59:00
Design/Logic Flaw
2014-12-19 15:59:00
cvelist
cvelist
CVE-2014-8135
2014-12-19 15:00:00
CVE-2014-8131
2015-01-06 15:00:00
CVE-2014-8136
2014-12-19 15:00:00
ubuntucve
ubuntucve
CVE-2014-8135
2014-12-19 00:00:00
CVE-2014-8131
2015-01-06 00:00:00
CVE-2014-8136
2014-12-19 00:00:00
cve
cve
CVE-2014-8131
2015-01-06 15:59:00
CVE-2014-8135
2014-12-19 15:59:00
CVE-2014-8136
2014-12-19 15:59:00
f5
f5
K17218 : Libvirt vulnerability CVE-2014-8135
2015-09-03 00:00:00
SOL17218 - Libvirt vulnerability CVE-2014-8135
2015-09-03 00:00:00
mageia
mageia
Updated libvirt packages fix CVE-2014-8136
2015-01-05 19:30:30
securityvulns
securityvulns
libvirt / qemu DoS
2015-01-18 00:00:00
[ MDVSA-2015:023 ] libvirt
2015-01-18 00:00:00
oraclelinux
oraclelinux
libvirt security, bug fix, and enhancement update
2015-03-11 00:00:00
centos
centos
libvirt security update
2015-03-17 13:28:58
redhat
redhat
(RHSA-2015:0323) Low: libvirt security, bug fix, and enhancement update
2015-03-05 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2016-01-12 00:00:00
osv
osv
CVE-2020-10701
2021-05-27 19:15:07
CVE-2020-12430
2020-04-28 20:15:12
CVE-2018-6764
2018-02-23 17:29:00
JSON
Related for OPENSUSE-2015-3.NASL
openvas8gentoo1nessus12altlinux1fedora2debiancve3prion3cvelist3ubuntucve3cve3f52mageia1securityvulns2oraclelinux1centos1redhat1ubuntu1osv15