{"id": "OPENSUSE-2018-1530.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : xen (openSUSE-2018-1530)", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue was found in the LSI53C895A SCSI Host Bus Adapter\n emulation while writing a message in lsi_do_msgin\n (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that\n could have been triggered by nested VT-x that where not\n properly restricted (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from\n attempting to use INVPCID with a non-canonical addresses\n (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that\n could have caused conflicts with shadow paging\n (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB\n flushing / improper large page mappings with AMD IOMMUs\n (XSA-275)(bsc#1115040).\n\nNon-security issues fixed :\n\n - Added upstream bug fixes (bsc#1027519).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "published": "2018-12-13T00:00:00", "modified": "2018-12-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/119642", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1115045", "https://bugzilla.opensuse.org/show_bug.cgi?id=1027519", "https://bugzilla.opensuse.org/show_bug.cgi?id=1115047", "https://bugzilla.opensuse.org/show_bug.cgi?id=1108940", "https://bugzilla.opensuse.org/show_bug.cgi?id=1114405", "https://bugzilla.opensuse.org/show_bug.cgi?id=1115040", "https://bugzilla.opensuse.org/show_bug.cgi?id=1114423"], "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "type": "nessus", "lastseen": "2021-01-20T12:35:37", "edition": 15, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310875528", "OPENVAS:1361412562310852177", "OPENVAS:1361412562310876553", "OPENVAS:1361412562310876441", "OPENVAS:1361412562310852221", "OPENVAS:1361412562310852436", "OPENVAS:1361412562310704369", "OPENVAS:1361412562310891949", "OPENVAS:1361412562310877008", "OPENVAS:1361412562310876137"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4004-1", "OPENSUSE-SU-2018:4111-1", "OPENSUSE-SU-2018:4147-1", "OPENSUSE-SU-2018:4304-1", "OPENSUSE-SU-2019:1226-1"]}, {"type": "nessus", "idList": ["FEDORA_2019-BCE6498890.NASL", "SUSE_SU-2018-4070-1.NASL", "SUSE_SU-2019-0003-1.NASL", "DEBIAN_DLA-1949.NASL", "OPENSUSE-2018-1624.NASL", "CITRIX_XENSERVER_CTX239432.NASL", "SUSE_SU-2019-0020-1.NASL", "DEBIAN_DSA-4369.NASL", "OPENSUSE-2019-1046.NASL", "SUSE_SU-2018-4300-1.NASL"]}, {"type": "cve", "idList": ["CVE-2018-18883", "CVE-2018-19966", "CVE-2018-18849", "CVE-2018-19961", "CVE-2018-19965", "CVE-2018-19962"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4454-1:F5C49", "DEBIAN:DSA-4369-1:07573", "DEBIAN:DLA-1949-1:95A46", "DEBIAN:DLA-1781-1:BE52E"]}, {"type": "citrix", "idList": ["CTX239100", "CTX239432"]}, {"type": "fedora", "idList": ["FEDORA:925F660BC44D", "FEDORA:5D8CE608ED0D", "FEDORA:1CB13619263C", "FEDORA:D16B26094E7B", "FEDORA:501B260EC97D", "FEDORA:5267F604C2BD", "FEDORA:A833A6076D01", "FEDORA:BED2C6068713", "FEDORA:830BA60779B9", "FEDORA:936F660E6650"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4312", "ELSA-2018-4313", "ELSA-2019-4520"]}, {"type": "ubuntu", "idList": ["USN-3826-1"]}], "modified": "2021-01-20T12:35:37", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-01-20T12:35:37", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1530.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119642);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-1530)\");\n script_summary(english:\"Check for the openSUSE-2018-1530 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue was found in the LSI53C895A SCSI Host Bus Adapter\n emulation while writing a message in lsi_do_msgin\n (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that\n could have been triggered by nested VT-x that where not\n properly restricted (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from\n attempting to use INVPCID with a non-canonical addresses\n (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that\n could have caused conflicts with shadow paging\n (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB\n flushing / improper large page mappings with AMD IOMMUs\n (XSA-275)(bsc#1115040).\n\nNon-security issues fixed :\n\n - Added upstream bug fixes (bsc#1027519).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-debugsource-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-devel-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-doc-html-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-debuginfo-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-debuginfo-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-4.9.3_03-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "119642", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "immutableFields": []}

{"openvas": [{"lastseen": "2020-01-31T17:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-13T00:00:00", "id": "OPENVAS:1361412562310852177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852177", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:4111-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852177\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\",\n \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-13 07:30:34 +0100 (Thu, 13 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:4111-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4111-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2018:4111-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue was found in\n the LSI53C895A SCSI Host Bus Adapter emulation while writing a message\n in lsi_do_msgin (bsc#1114423).\n\n - CVE-2018-18883: Fixed a NULL pointer dereference that could have been\n triggered by nested VT-x that where not properly restricted\n (XSA-278)(bsc#1114405).\n\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n Non-security issues fixed:\n\n - Added upstream bug fixes (bsc#1027519).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1530=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.3_03~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:30:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310891949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891949", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1949-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891949\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19966\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 02:00:09 +0000 (Wed, 09 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1949-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1949-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the DLA-1949-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.4lts5-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876137", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-3e89502cb1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876137\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:36:04 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-3e89502cb1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3e89502cb1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LN27JE7V6VL542IPGWJCUQQEF5M64PUI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-3e89502cb1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:46:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2017-15595"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\nPaul Durrant discovered that incorrect TLB handling could result in\ndenial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\nMatthew Daley discovered that incorrect handling of the INVPCID\ninstruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\nIt was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege\nescalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\nIt was discovered that an error in some Intel CPUs could result in\ndenial of service by a guest instance.", "modified": "2019-07-04T00:00:00", "published": "2019-01-14T00:00:00", "id": "OPENVAS:1361412562310704369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704369", "type": "openvas", "title": "Debian Security Advisory DSA 4369-1 (xen - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4369-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2019 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704369\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-15595\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\",\n \"CVE-2018-19967\");\n script_name(\"Debian Security Advisory DSA 4369-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-14 00:00:00 +0100 (Mon, 14 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4369.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2019 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.5+shim4.10.2+xsa282-1+deb9u11.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/xen\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\nPaul Durrant discovered that incorrect TLB handling could result in\ndenial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\nMatthew Daley discovered that incorrect handling of the INVPCID\ninstruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\nIt was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege\nescalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\nIt was discovered that an error in some Intel CPUs could result in\ndenial of service by a guest instance.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:48:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-01-01T00:00:00", "id": "OPENVAS:1361412562310852221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852221", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:4304-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852221\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-01 04:01:26 +0100 (Tue, 01 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:4304-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4304-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00073.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2018:4304-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Update to Xen 4.10.2 bug fix release (bsc#1027519).\n\n Security vulnerabilities fixed:\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\n TLB flushing with AMD IOMMUs, which potentially allowed a guest to\n escalate its privileges, may cause a Denial of Service (DoS) affecting\n the entire host, or may be able to access data it is not supposed to\n access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in\n case non-canonical addresses are accessed, which may allow a guest to\n cause Xen to crash, resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\n which conflicted with shadow paging and allowed a guest to cause Xen to\n crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to improper restriction of nested\n VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial\n of Service (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\n guests to enable Branch Trace Store and may cause a Denial of Service\n (DoS) of the entire host. (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\n properly implemented and may cause a Denial of Service (DoS). (XSA-268)\n (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\n writes, which allowed a guest to write memory unbounded leading to\n system-wide Denial\n of Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n (XSA-273) (bsc#1091107)\n\n Other bugs fixed:\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1624=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.10.2_04~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19665", "CVE-2019-6778", "CVE-2018-19961", "CVE-2019-9824", "CVE-2018-19966", "CVE-2018-19967"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-18T00:00:00", "id": "OPENVAS:1361412562310852436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852436", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2019:1226-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852436\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-19665\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\",\n \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2019-6778\", \"CVE-2019-9824\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-18 02:01:09 +0000 (Thu, 18 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2019:1226-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1226-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2019:1226-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the\n host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)\n\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp\n (bsc#1123157).\n\n - Fixed an issue which could allow malicious or buggy guests with passed\n through PCI devices to be able to escalate their privileges, crash the\n host, or access data belonging to other guests. Additionally memory\n leaks were also possible (bsc#1126140).\n\n - Fixed a race condition issue which could allow malicious PV guests to\n escalate their privilege to that\n of the hypervisor (bsc#1126141).\n\n - Fixed an issue which could allow a malicious unprivileged guest\n userspace process to escalate its privilege to that of other userspace\n processes in the same guest and potentially thereby to that\n of the guest operating system (bsc#1126201).\n\n - CVE-2019-9824: Fixed an information leak in SLiRP networking\n implementation which could allow a user/process to read uninitialised\n stack memory contents (bsc#1129623).\n\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n\n - Fixed an issue which could allow malicious PV guests may cause a host\n crash or gain access to data pertaining to other guests.Additionally,\n vulnerable configurations are likely to be unstable even in the absence\n of an attack (bsc#1126198).\n\n - Fixed multiple access violations introduced by XENMEM_exchange hypercall\n which could allow a single PV guest to leak arbitrary amounts of memory,\n leading to a denial of service (bsc#1126192).\n\n - Fixed an issue which could allow malicious 64bit PV guests to cause a\n host crash (bsc#1127400).\n\n - Fixed an issue which could allow malicious or buggy x86 PV guest kernels\n to mount a Denial of Service attack affecting the whole system\n (bsc#1126197).\n\n - Fixed an issue which could allow an untrusted PV domain with access to a\n physical device to DMA into its own pagetables leading to privilege\n escalation (bsc#1126195).\n\n - Fixed an issue which could allow a malicious or buggy x86 PV guest\n kernels can mount a Denial of Service attack affecting the whole system\n (bsc#1126196).\n\n Other issues addressed:\n\n - ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.4_02~37.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-05T01:40:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-12126", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-12127", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-06-02T00:00:00", "id": "OPENVAS:1361412562310876441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876441", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-1f5832fc0e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876441\");\n script_version(\"2019-06-04T07:02:10+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 07:02:10 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-02 02:14:45 +0000 (Sun, 02 Jun 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-1f5832fc0e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1f5832fc0e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-1f5832fc0e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~5.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-05T18:45:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-12126", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-12127", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-07-04T00:00:00", "published": "2019-07-03T00:00:00", "id": "OPENVAS:1361412562310876553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876553", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-899ef6056c", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876553\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-03 02:14:22 +0000 (Wed, 03 Jul 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-899ef6056c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-899ef6056c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYQMPU6JCA3G7LGCPK4KO4VZICQ4CB7F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-899ef6056c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.1~6.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T15:34:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2019-18420", "CVE-2018-12126", "CVE-2019-18422", "CVE-2019-18424", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-12127", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19966", "CVE-2019-18423", "CVE-2018-19967", "CVE-2018-19964", "CVE-2019-18421", "CVE-2019-18425", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-11-19T00:00:00", "published": "2019-11-17T00:00:00", "id": "OPENVAS:1361412562310877008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877008", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-865bb16900", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877008\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2019-18420\", \"CVE-2019-18425\", \"CVE-2019-18421\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18422\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-17 03:31:28 +0000 (Sun, 17 Nov 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-865bb16900\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-865bb16900\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-865bb16900 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.2~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-19962", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-3620", "CVE-2018-3665", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-19966", "CVE-2018-10982", "CVE-2018-19967", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the\n ", "modified": "2019-04-02T00:00:00", "published": "2019-03-28T00:00:00", "id": "OPENVAS:1361412562310875528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875528", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-bce6498890", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875528\");\n script_version(\"2019-04-02T06:16:35+0000\");\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\",\n \"CVE-2018-19967\", \"CVE-2018-18883\", \"CVE-2018-3620\", \"CVE-2018-3646\",\n \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\",\n \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\",\n \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-10472\",\n \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-02 06:16:35 +0000 (Tue, 02 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-28 13:54:39 +0000 (Thu, 28 Mar 2019)\");\n script_name(\"Fedora Update for xen FEDORA-2019-bce6498890\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-bce6498890\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'xen' package(s) announced via the FEDORA-2019-bce6498890 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and\n xm command line tools, needed to manage virtual machines running under the\n Xen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.3~2.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-04-30T11:09:51", "description": "This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-18849: Fixed an out of bounds memory access issue was found\nin the LSI53C895A SCSI Host Bus Adapter emulation while writing a\nmessage in lsi_do_msgin (bsc#1114423).\n\nCVE-2018-18883: Fixed a NULL pointer dereference that could have been\ntriggered by nested VT-x that where not properly restricted\n(XSA-278)(bsc#1114405).\n\nCVE-2018-19965: Fixed denial of service issue from attempting to use\nINVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\nCVE-2018-19966: Fixed issue introduced by XSA-240 that could have\ncaused conflicts with shadow paging (XSA-280)(bsc#1115047).\n\nCVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\nimproper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\nNon-security issues fixed: Added upstream bug fixes (bsc#1027519).\n\nFixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-12-13T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "modified": "2018-12-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-4070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4070-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119648);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-18849: Fixed an out of bounds memory access issue was found\nin the LSI53C895A SCSI Host Bus Adapter emulation while writing a\nmessage in lsi_do_msgin (bsc#1114423).\n\nCVE-2018-18883: Fixed a NULL pointer dereference that could have been\ntriggered by nested VT-x that where not properly restricted\n(XSA-278)(bsc#1114405).\n\nCVE-2018-19965: Fixed denial of service issue from attempting to use\nINVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n\nCVE-2018-19966: Fixed issue introduced by XSA-240 that could have\ncaused conflicts with shadow paging (XSA-280)(bsc#1115047).\n\nCVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\nimproper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\nNon-security issues fixed: Added upstream bug fixes (bsc#1027519).\n\nFixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184070-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14d54f65\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2896=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2896=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2896=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.3_03-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.3_03-3.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:16:45", "description": "This update for xen fixes the following issues :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-19665: Fixed an integer overflow resulting in memory\ncorruption in various Bluetooth functions, allowing this to crash qemu\nprocess resulting in Denial of Service (DoS). (bsc#1117756).\n\nCVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A\nSCSI host bus adapter emulation, which allowed a user and/or process\nto crash the qemu process resulting in a Denial of Service (DoS).\n(bsc#1114423)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed an issue with live migrations, which used to fail when spectre\nis enabled on xen boot cmdline (bsc#1116380)\n\nUpstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2019:0020-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19665", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "modified": "2019-01-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2019-0020-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0020-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120987);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-18849\", \"CVE-2018-19665\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2019:0020-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-19665: Fixed an integer overflow resulting in memory\ncorruption in various Bluetooth functions, allowing this to crash qemu\nprocess resulting in Denial of Service (DoS). (bsc#1117756).\n\nCVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A\nSCSI host bus adapter emulation, which allowed a user and/or process\nto crash the qemu process resulting in a Denial of Service (DoS).\n(bsc#1114423)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed an issue with live migrations, which used to fail when spectre\nis enabled on xen boot cmdline (bsc#1116380)\n\nUpstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19665/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190020-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54faf792\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-20=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-20=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-20=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-20=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-20=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.6_05-43.45.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.6_05-43.45.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T02:39:38", "description": "xen: various flaws (#1685577) grant table transfer issues on large\nhosts [XSA-284] race with pass-through device hotplug [XSA-285] x86:\nsteal_page violates page_struct access discipline [XSA-287] x86:\nInconsistent PV IOMMU discipline [XSA-288] missing preemption in x86\nPV page table unvalidation [XSA-290] x86/PV: page type reference\ncounting issue with failed IOMMU update [XSA-291] x86: insufficient\nTLB flushing when using PCID [XSA-292] x86: PV kernel context switch\ncorruption [XSA-293] x86 shadow: Insufficient TLB flushing when using\nPCID [XSA-294]\n\n----\n\nupdate to xen-4.10.3\n\n----\n\n - insufficient TLB flushing / improper large page mappings\n with AMD IOMMUs [XSA-275] (#1651665)\n\n - x86: DoS from attempting to use INVPCID with a\n non-canonical addresses [XSA-279]\n\n - Fix for XSA-240 conflicts with shadow paging [XSA-280]\n\n----\n\nguest use of HLE constructs may lock up host [XSA-282]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-03-25T00:00:00", "title": "Fedora 28 : xen (2019-bce6498890)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-BCE6498890.NASL", "href": "https://www.tenable.com/plugins/nessus/123046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-bce6498890.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123046);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19963\", \"CVE-2018-19965\", \"CVE-2018-19966\");\n script_xref(name:\"FEDORA\", value:\"2019-bce6498890\");\n\n script_name(english:\"Fedora 28 : xen (2019-bce6498890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1685577) grant table transfer issues on large\nhosts [XSA-284] race with pass-through device hotplug [XSA-285] x86:\nsteal_page violates page_struct access discipline [XSA-287] x86:\nInconsistent PV IOMMU discipline [XSA-288] missing preemption in x86\nPV page table unvalidation [XSA-290] x86/PV: page type reference\ncounting issue with failed IOMMU update [XSA-291] x86: insufficient\nTLB flushing when using PCID [XSA-292] x86: PV kernel context switch\ncorruption [XSA-293] x86 shadow: Insufficient TLB flushing when using\nPCID [XSA-294]\n\n----\n\nupdate to xen-4.10.3\n\n----\n\n - insufficient TLB flushing / improper large page mappings\n with AMD IOMMUs [XSA-275] (#1651665)\n\n - x86: DoS from attempting to use INVPCID with a\n non-canonical addresses [XSA-279]\n\n - Fix for XSA-240 conflicts with shadow paging [XSA-280]\n\n----\n\nguest use of HLE constructs may lock up host [XSA-282]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-bce6498890\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"xen-4.10.3-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:41:33", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation. For Debian 8 'Jessie', these problems have been\nfixed in version 4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-10-09T00:00:00", "title": "Debian DLA-1949-1 : xen security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "modified": "2019-10-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen-system-arm64", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64", "p-cpe:/a:debian:debian_linux:xen-system-armhf", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xenstore-utils", "p-cpe:/a:debian:debian_linux:libxen-4.4", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:xen-utils-4.4"], "id": "DEBIAN_DLA-1949.NASL", "href": "https://www.tenable.com/plugins/nessus/129734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1949-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129734);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19966\");\n\n script_name(english:\"Debian DLA-1949-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation. For Debian 8 'Jessie', these problems have been\nfixed in version 4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.4lts5-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T03:03:53", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.11.1 bug fix release (bsc#1027519)\n\nCVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator,\nwhich could occur when a packet with large packet size is processed. A\nuser inside a guest could have used this flaw to crash the qemu\nprocess resulting in a Denial of Service (DoS). (bsc#1111014)\n\nCVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A\nSCSI host bus adapter emulation, which allowed a user and/or process\nto crash the qemu process resulting in a Denial of Service (DoS).\n(bsc#1114423)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19963: Fixed the allocation of pages used to communicate with\nexternal emulators, which may have cuased Xen to crash, resulting in a\nDenial of Service (DoS). (XSA-276) (bsc#1115043)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS) (XSA-280)\n(bsc#1115047)\n\nCVE-2018-19967: Fixed HLE constructs that allowed guests to lock up\nthe host, resulting in a Denial of Service (DoS). (XSA-282)\n(bsc#1114988)\n\nCVE-2018-19964: Fixed the incorrect error handling of p2m page\nremovals, which allowed a guest to cause a deadlock, resulting in a\nDenial of Service (DoS) affecting the entire host. (XSA-277)\n(bsc#1115044)\n\nCVE-2018-19665: Fixed an integer overflow resulting in memory\ncorruption in various Bluetooth functions, allowing this to crash qemu\nprocess resulting in Denial of Service (DoS). (bsc#1117756).\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0003-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19965", "CVE-2018-19665", "CVE-2018-17963", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-19964"], "modified": "2019-01-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2019-0003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0003-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2018-17963\", \"CVE-2018-18849\", \"CVE-2018-18883\", \"CVE-2018-19665\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19963\", \"CVE-2018-19964\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-19967\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0003-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.11.1 bug fix release (bsc#1027519)\n\nCVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator,\nwhich could occur when a packet with large packet size is processed. A\nuser inside a guest could have used this flaw to crash the qemu\nprocess resulting in a Denial of Service (DoS). (bsc#1111014)\n\nCVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A\nSCSI host bus adapter emulation, which allowed a user and/or process\nto crash the qemu process resulting in a Denial of Service (DoS).\n(bsc#1114423)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19963: Fixed the allocation of pages used to communicate with\nexternal emulators, which may have cuased Xen to crash, resulting in a\nDenial of Service (DoS). (XSA-276) (bsc#1115043)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS) (XSA-280)\n(bsc#1115047)\n\nCVE-2018-19967: Fixed HLE constructs that allowed guests to lock up\nthe host, resulting in a Denial of Service (DoS). (XSA-282)\n(bsc#1114988)\n\nCVE-2018-19964: Fixed the incorrect error handling of p2m page\nremovals, which allowed a guest to cause a deadlock, resulting in a\nDenial of Service (DoS) affecting the entire host. (XSA-277)\n(bsc#1115044)\n\nCVE-2018-19665: Fixed an integer overflow resulting in memory\ncorruption in various Bluetooth functions, allowing this to crash qemu\nprocess resulting in Denial of Service (DoS). (bsc#1117756).\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19665/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19967/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190003-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d0f22aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-3=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-3=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-3=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.1_02-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.1_02-2.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:09:12", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-19961 / CVE-2018-19962\n Paul Durrant discovered that incorrect TLB handling\n could result in denial of service, privilege escalation\n or information leaks.\n\n - CVE-2018-19965\n Matthew Daley discovered that incorrect handling of the\n INVPCID instruction could result in denial of service by\n PV guests.\n\n - CVE-2018-19966\n It was discovered that a regression in the fix to\n address CVE-2017-15595 could result in denial of\n service, privilege escalation or information leaks by a\n PV guest.\n\n - CVE-2018-19967\n It was discovered that an error in some Intel CPUs could\n result in denial of service by a guest instance.", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-15T00:00:00", "title": "Debian DSA-4369-1 : xen - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2017-15595"], "modified": "2019-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4369.NASL", "href": "https://www.tenable.com/plugins/nessus/121168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4369. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121168);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-19967\");\n script_xref(name:\"DSA\", value:\"4369\");\n\n script_name(english:\"Debian DSA-4369-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-19961 / CVE-2018-19962\n Paul Durrant discovered that incorrect TLB handling\n could result in denial of service, privilege escalation\n or information leaks.\n\n - CVE-2018-19965\n Matthew Daley discovered that incorrect handling of the\n INVPCID instruction could result in denial of service by\n PV guests.\n\n - CVE-2018-19966\n It was discovered that a regression in the fix to\n address CVE-2017-15595 could result in denial of\n service, privilege escalation or information leaks by a\n PV guest.\n\n - CVE-2018-19967\n It was discovered that an error in some Intel CPUs could\n result in denial of service by a guest instance.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-19961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-19962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-19965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-19966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-19967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.5+shim4.10.2+xsa282-1+deb9u11.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.5+shim4.10.2+xsa282-1+deb9u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:16:43", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\nguests to enable Branch Trace Store and may cause a Denial of Service\n(DoS) of the entire host. (XSA-269) (bsc#1103276)\n\nCVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\nproperly implemented and may cause a Denial of Service (DoS).\n(XSA-268) (bsc#1103275)\n\nCVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\nwrites, which allowed a guest to write memory unbounded leading to\nsystem-wide Denial of Service (DoS). (XSA-272) (bsc#1103279)\n\nCVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n(XSA-273) (bsc#1091107)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed a kernel oops related to fs/dcache.c called by\nd_materialise_unique() (bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-4300-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120196", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4300-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120196);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\nTLB flushing with AMD IOMMUs, which potentially allowed a guest to\nescalate its privileges, may cause a Denial of Service (DoS) affecting\nthe entire host, or may be able to access data it is not supposed to\naccess. (XSA-275) (bsc#1115040)\n\nCVE-2018-19965: Fixed an issue related to the INVPCID instruction in\ncase non-canonical addresses are accessed, which may allow a guest to\ncause Xen to crash, resulting in a Denial of Service (DoS) affecting\nthe entire host. (XSA-279) (bsc#1115045)\n\nCVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\nwhich conflicted with shadow paging and allowed a guest to cause Xen\nto crash, resulting in a Denial of Service (DoS). (XSA-280)\n(bsc#1115047)\n\nCVE-2018-18883: Fixed an issue related to inproper restriction of\nnested VT-x, which allowed a guest to cause Xen to crash, resulting in\na Denial of Service (DoS). (XSA-278) (bsc#1114405)\n\nCVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\nguests to enable Branch Trace Store and may cause a Denial of Service\n(DoS) of the entire host. (XSA-269) (bsc#1103276)\n\nCVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\nproperly implemented and may cause a Denial of Service (DoS).\n(XSA-268) (bsc#1103275)\n\nCVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\nwrites, which allowed a guest to write memory unbounded leading to\nsystem-wide Denial of Service (DoS). (XSA-272) (bsc#1103279)\n\nCVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n(XSA-273) (bsc#1091107)\n\nOther bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3\nHV (bsc#1108940)\n\nFixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n\nFixed a kernel oops related to fs/dcache.c called by\nd_materialise_unique() (bsc#1094508)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15468/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15469/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184300-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3af96718\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2018-3063=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-3063=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-devel-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.2_04-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:40:23", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2019-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/123167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1046.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123167);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2019-1046 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-debugsource-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-devel-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs-32bit / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:35:54", "description": "This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-12-31T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "modified": "2018-12-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2018-1624.NASL", "href": "https://www.tenable.com/plugins/nessus/119951", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1624.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119951);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-18883\", \"CVE-2018-19961\", \"CVE-2018-19962\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-3646\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2018-1624 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related\n to insufficient TLB flushing with AMD IOMMUs, which\n potentially allowed a guest to escalate its privileges,\n may cause a Denial of Service (DoS) affecting the entire\n host, or may be able to access data it is not supposed\n to access. (XSA-275) (bsc#1115040)\n\n - CVE-2018-19965: Fixed an issue related to the INVPCID\n instruction in case non-canonical addresses are\n accessed, which may allow a guest to cause Xen to crash,\n resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n\n - CVE-2018-19966: Fixed an issue related to a previous fix\n for XSA-240, which conflicted with shadow paging and\n allowed a guest to cause Xen to crash, resulting in a\n Denial of Service (DoS). (XSA-280) (bsc#1115047)\n\n - CVE-2018-18883: Fixed an issue related to inproper\n restriction of nested VT-x, which allowed a guest to\n cause Xen to crash, resulting in a Denial of Service\n (DoS). (XSA-278) (bsc#1114405)\n\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling,\n which allowed guests to enable Branch Trace Store and\n may cause a Denial of Service (DoS) of the entire host.\n (XSA-269) (bsc#1103276)\n\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM,\n which were not properly implemented and may cause a\n Denial of Service (DoS). (XSA-268) (bsc#1103275)\n\n - CVE-2018-15470: Fixed an issue in the logic in\n oxenstored for handling writes, which allowed a guest to\n write memory unbounded leading to system-wide Denial of\n Service (DoS). (XSA-272) (bsc#1103279)\n\n - CVE-2018-3646: Mitigations for VMM aspects of L1\n Terminal Fault (XSA-273) (bsc#1091107)\n\nOther bugs fixed :\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV\n (bsc#1108940)\n\n - Fixed an issue with xpti=no-dom0 not working as expected\n (bsc#1105528)\n\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-debugsource-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-devel-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-libs-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.2_04-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.2_04-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T01:42:21", "description": "The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities. All of which allow a denial-of-service attack and one\nallowing privilege escalation as well as information disclosure.\nPlease refer to the vendor advisory for mitigating factors.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-11-26T00:00:00", "title": "Citrix XenServer Multiple Vulnerabilities (CTX239432)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19967"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX239432.NASL", "href": "https://www.tenable.com/plugins/nessus/119148", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119148);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-19961\",\n \"CVE-2018-19962\",\n \"CVE-2018-19965\",\n \"CVE-2018-19967\"\n );\n script_bugtraq_id(105985, 106182);\n script_xref(name:\"IAVA\", value:\"2018-A-0381\");\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX239432)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\nmissing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities. All of which allow a denial-of-service attack and one\nallowing privilege escalation as well as information disclosure.\nPlease refer to the vendor advisory for mitigating factors.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX239432\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19961\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\napp_info = vcf::xenserver::get_app_info();\n\nconstraints = [\n { \"equal\" : \"7.0\", \"patches\" : # XenServer 7.0\n [\"XS70E064\"] }, # CTX239434\n { \"equal\" : \"7.1.1\", \"patches\" : # XenServer 7.1 LTSR CU1\n [\"XS71ECU1032\"] }, # CTX239435\n { \"equal\" : \"7.5\", \"patches\" : # XenServer 7.5\n [\"XS75E007\"] }, # CTX239436\n { \"equal\" : \"7.6\", \"patches\" : # XenServer 7.6\n [\"XS76E002\"] } # CTX239437\n];\n\nvcf::xenserver::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-12-13T05:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-18849", "CVE-2018-19966"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue was found in\n the LSI53C895A SCSI Host Bus Adapter emulation while writing a message\n in lsi_do_msgin (bsc#1114423).\n - CVE-2018-18883: Fixed a NULL pointer dereference that could have been\n triggered by nested VT-x that where not properly restricted\n (XSA-278)(bsc#1114405).\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n\n Non-security issues fixed:\n\n - Added upstream bug fixes (bsc#1027519).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-12-13T03:17:36", "published": "2018-12-13T03:17:36", "id": "OPENSUSE-SU-2018:4111-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-30T14:02:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-15468", "CVE-2018-15470", "CVE-2018-19965", "CVE-2018-3646", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-15469", "CVE-2018-19966"], "description": "This update for xen fixes the following issues:\n\n Update to Xen 4.10.2 bug fix release (bsc#1027519).\n\n Security vulnerabilities fixed:\n\n - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient\n TLB flushing with AMD IOMMUs, which potentially allowed a guest to\n escalate its privileges, may cause a Denial of Service (DoS) affecting\n the entire host, or may be able to access data it is not supposed to\n access. (XSA-275) (bsc#1115040)\n - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in\n case non-canonical addresses are accessed, which may allow a guest to\n cause Xen to crash, resulting in a Denial of Service (DoS) affecting the\n entire host. (XSA-279) (bsc#1115045)\n - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240,\n which conflicted with shadow paging and allowed a guest to cause Xen to\n crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)\n - CVE-2018-18883: Fixed an issue related to inproper restriction of nested\n VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial\n of Service (DoS). (XSA-278) (bsc#1114405)\n - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed\n guests to enable Branch Trace Store and may cause a Denial of Service\n (DoS) of the entire host. (XSA-269) (bsc#1103276)\n - CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not\n properly implemented and may cause a Denial of Service (DoS). (XSA-268)\n (bsc#1103275)\n - CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling\n writes, which allowed a guest to write memory unbounded leading to\n system-wide Denial\n of Service (DoS). (XSA-272) (bsc#1103279)\n - CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault\n (XSA-273) (bsc#1091107)\n\n Other bugs fixed:\n\n - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n - Fixed a kernel oops related to fs/dcache.c called by\n d_materialise_unique() (bsc#1094508)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-29T15:11:23", "published": "2018-12-29T15:11:23", "id": "OPENSUSE-SU-2018:4304-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00073.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-04-17T22:20:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19665", "CVE-2019-6778", "CVE-2018-19961", "CVE-2019-9824", "CVE-2018-19966", "CVE-2018-19967"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the\n host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp\n (bsc#1123157).\n - Fixed an issue which could allow malicious or buggy guests with passed\n through PCI devices to be able to escalate their privileges, crash the\n host, or access data belonging to other guests. Additionally memory\n leaks were also possible (bsc#1126140).\n - Fixed a race condition issue which could allow malicious PV guests to\n escalate their privilege to that\n of the hypervisor (bsc#1126141).\n - Fixed an issue which could allow a malicious unprivileged guest\n userspace process to escalate its privilege to that of other userspace\n processes in the same guest and potentially thereby to that\n of the guest operating system (bsc#1126201).\n - CVE-2019-9824: Fixed an information leak in SLiRP networking\n implementation which could allow a user/process to read uninitialised\n stack memory contents (bsc#1129623).\n - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /\n improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).\n - CVE-2018-19965: Fixed denial of service issue from attempting to use\n INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).\n - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused\n conflicts with shadow paging (XSA-280)(bsc#1115047).\n - Fixed an issue which could allow malicious PV guests may cause a host\n crash or gain access to data pertaining to other guests.Additionally,\n vulnerable configurations are likely to be unstable even in the absence\n of an attack (bsc#1126198).\n - Fixed multiple access violations introduced by XENMEM_exchange hypercall\n which could allow a single PV guest to leak arbitrary amounts of memory,\n leading to a denial of service (bsc#1126192).\n - Fixed an issue which could allow malicious 64bit PV guests to cause a\n host crash (bsc#1127400).\n - Fixed an issue which could allow malicious or buggy x86 PV guest kernels\n to mount a Denial of Service attack affecting the whole system\n (bsc#1126197).\n - Fixed an issue which could allow an untrusted PV domain with access to a\n physical device to DMA into its own pagetables leading to privilege\n escalation (bsc#1126195).\n - Fixed an issue which could allow a malicious or buggy x86 PV guest\n kernels can mount a Denial of Service attack affecting the whole system\n (bsc#1126196).\n\n Other issues addressed:\n\n - Upstream bug fixes (bsc#1027519)\n - Fixed an issue where live migrations were failing when spectre was\n enabled on xen boot cmdline (bsc#1116380).\n - Fixed an issue where setup of grant_tables and other variables may fail\n (bsc#1126325).\n - Fixed a building issue (bsc#1119161).\n - Fixed an issue where xpti=no-dom0 was not working as expected\n (bsc#1105528).\n - Packages should no longer use /var/adm/fillup-templates (bsc#1069468).\n - Added Xen cmdline option &quot;suse_vtsc_tolerance&quot; to avoid TSC emulation\n for HVM domUs (bsc#1026236).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-04-17T21:19:38", "published": "2019-04-17T21:19:38", "id": "OPENSUSE-SU-2019:1226-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-16T03:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-12-16T00:09:23", "published": "2018-12-16T00:09:23", "id": "OPENSUSE-SU-2018:4147-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html", "title": "Security update for qemu (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-07T15:29:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found\n in the NVM Express Controller emulation in QEMU. It could occur in\n nvme_cmb_ops routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or potentially run\n arbitrary code with privileges of the QEMU process (bsc#1114529).\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n - In order to improve spectre mitigation for s390x, add a new feature in\n the QEMU cpu model to provide the etoken cpu feature for guests\n (bsc#1107489).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-07T12:23:09", "published": "2018-12-07T12:23:09", "id": "OPENSUSE-SU-2018:4004-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T06:52:34", "description": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.", "edition": 8, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19961", "type": "cve", "cwe": ["CWE-459"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19961"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19961", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19961", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:34", "description": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.", "edition": 8, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19962", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19962"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19962", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:33", "description": "An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-01T00:29:00", "title": "CVE-2018-18883", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18883"], "modified": "2019-01-24T14:23:00", "cpe": ["cpe:/o:xen:xen:4.11.0"], "id": "CVE-2018-18883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18883", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:33", "description": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-03-21T16:00:00", "title": "CVE-2018-18849", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18849"], "modified": "2019-05-31T14:29:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:qemu:qemu:3.0.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-18849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18849", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:34", "description": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.", "edition": 8, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19966", "type": "cve", "cwe": ["CWE-436"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19966"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19966", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19966", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:34", "description": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.", "edition": 7, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-12-08T04:29:00", "title": "CVE-2018-19965", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19965"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.11.1", "cpe:/a:citrix:xenserver:7.5", "cpe:/a:citrix:xenserver:7.0", "cpe:/a:citrix:xenserver:7.6", "cpe:/a:citrix:xenserver:7.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19965", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:05:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19961", "CVE-2018-19966"], "description": "Package : xen\nVersion : 4.4.4lts5-0+deb8u1\nCVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966\nXSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n \nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.4.4lts5-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-10-08T12:46:49", "published": "2019-10-08T12:46:49", "id": "DEBIAN:DLA-1949-1:95A46", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00008.html", "title": "[SECURITY] [DLA 1949-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-12T01:04:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19961", "CVE-2018-19966", "CVE-2018-19967", "CVE-2017-15595"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4369-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 14, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19965\n CVE-2018-19966 CVE-2018-19967\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-19961 / CVE-2018-19962\n\n Paul Durrant discovered that incorrect TLB handling could result in\n denial of service, privilege escalation or information leaks.\n\nCVE-2018-19965\n\n Matthew Daley discovered that incorrect handling of the INVPCID\n instruction could result in denial of service by PV guests.\n\nCVE-2018-19966\n\n It was discovered that a regression in the fix to address\n CVE-2017-15595 could result in denial of service, privilege\n escalation or information leaks by a PV guest.\n\nCVE-2018-19967\n\n It was discovered that an error in some Intel CPUs could result in\n denial of service by a guest instance.\n \nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.5+shim4.10.2+xsa282-1+deb9u11.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2019-01-14T22:10:01", "published": "2019-01-14T22:10:01", "id": "DEBIAN:DSA-4369-1:07573", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00007.html", "title": "[SECURITY] [DSA 4369-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:56:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815"], "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u11\nCVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824\nDebian Bug : 901017 912535\n\nSeveral vulnerabilities were found in QEMU, a fast processor emulator:\n\nCVE-2018-11806\n\n It was found that the SLiRP networking implementation could use a wrong\n size when reallocating its buffers, which can be exploited by a\n priviledged user on a guest to cause denial of service or possibly\n arbitrary code execution on the host system.\n\nCVE-2018-18849\n\n It was found that the LSI53C895A SCSI Host Bus Adapter emulation was\n susceptible to an out of bounds memory access, which could be leveraged\n by a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\n A heap buffer overflow was found in the load_device_tree function,\n which could be used by a malicious user to potentially execute\n arbitrary code with the priviledges of the QEMU process.\n\nCVE-2019-9824\n\n William Bowling discovered that the SLiRP networking implementation did\n not handle some messages properly, which could be triggered to leak\n memory via crafted messages.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-05-09T18:42:34", "published": "2019-05-09T18:42:34", "id": "DEBIAN:DLA-1781-1:BE52E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00010.html", "title": "[SECURITY] [DLA 1781-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:58:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-11806", "CVE-2018-12617", "CVE-2019-6778", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-16872", "CVE-2019-3812", "CVE-2019-12155", "CVE-2018-17958"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4454-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 30, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2018-11806 CVE-2018-12617 CVE-2018-16872 CVE-2018-17958 \n CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 \n CVE-2019-3812 CVE-2019-6778 CVE-2019-9824 CVE-2019-12155\n\nMultiple security issues were discovered in QEMU, a fast processor\nemulator, which could result in denial of service, the execution of\narbitrary code or information disclosure.\n\nIn addition this update backports support to passthrough the new\nmd-clear CPU flag added in the intel-microcode update shipped in DSA 4447\nto x86-based guests.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u6.\n\nWe recommend that you upgrade your qemu packages.\n\nFor the detailed security status of qemu please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qemu\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2019-05-30T18:06:35", "published": "2019-05-30T18:06:35", "id": "DEBIAN:DSA-4454-1:F5C49", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00099.html", "title": "[SECURITY] [DSA 4454-1] qemu security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-12-24T11:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-18883"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.</p>\n<p>This issue affects the following versions of Citrix XenServer: </p>\n<ul>\n<li>Citrix XenServer 7.6</li>\n<li>Citrix XenServer 7.5</li>\n<li>Citrix XenServer 7.1 LTSR CU1 </li>\n</ul>\n<p>The following vulnerabilities have been addressed: </p>\n<ul>\n<li>CVE-2018-18883: Nested VT-x usable even when disabled</li>\n<p> </p>\n</ul>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with only PV guests are not affected by this issue.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address this issue. Citrix recommends that affected customers install these hotfixes as their patching schedule permits. The hotfixes can be downloaded from the following locations:</p>\n<p> <br/> Citrix XenServer 7.6: CTX239128 \u2013 <a href=\"https://support.citrix.com/article/CTX239128\">https://support.citrix.com/article/CTX239128</a><br/> Citrix XenServer 7.5: CTX239127 \u2013 <a href=\"https://support.citrix.com/article/CTX239127\">https://support.citrix.com/article/CTX239127</a><br/> Citrix XenServer 7.1 LTSR CU1: CTX239126 \u2013 <a href=\"https://support.citrix.com/article/CTX239126\">https://support.citrix.com/article/CTX239126 </a></p>\n<p>Customers who are using the LivePatching feature of Citrix XenServer will not need to reboot servers to apply this hotfix if those servers were previously fully patched.<br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td width=\"50%\">26th October 2018 </td>\n<td>Initial Issue </td>\n</tr>\n<tr>\n<td valign=\"top\">1st November 2018</td>\n<td>Update with assigned CVE number </td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-08-15T04:00:00", "published": "2018-10-26T04:00:00", "id": "CTX239100", "href": "https://support.citrix.com/article/CTX239100", "type": "citrix", "title": "CVE-2018-18883 - Citrix XenServer Security Update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T11:42:52", "bulletinFamily": "software", "cvelist": ["CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19967"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.</p>\n<p>These issues affect the following supported versions of Citrix XenServer:</p>\n<ul>\n<li>Citrix XenServer 7.6</li>\n<li>Citrix XenServer 7.5</li>\n<li>Citrix XenServer 7.1 LTSR CU1</li>\n<li>Citrix XenServer 7.0</li>\n</ul>\n<p>The following issues have been addressed:</p>\n<ul>\n<li>CVE-2018-19961 / CVE-2018-19962: insufficient TLB flushing/improper large page mappings with AMD IOMMUs</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow code in an HVM guest VM to compromise the host.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to guests that are using the PCI passthrough feature in conjunction with AMD CPUs.</p>\n<ul>\n<li>CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical address</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow privileged code in a PV guest VM to crash the host.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to hosts with Intel CPUs that support the INVPCID instruction.</p>\n<p style=\"margin-left: 40.0px;\">This issue only occurs in Citrix XenServer 7.6.</p>\n<ul>\n<li>CVE-2018-19967: Intel Erratum: \u201cProcessor May Hang When Executing Code In an HLE Transaction\u201d.</li>\n</ul>\n<p style=\"margin-left: 40.0px;\">This issue may allow code running in a guest VM to cause the host to become unresponsive and/or crash.</p>\n<p style=\"margin-left: 40.0px;\">This issue is limited to hosts with Intel CPUs that are affected by the corresponding Intel erratum.</p>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule permits. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.6: CTX239437 \u2013 <a href=\"https://support.citrix.com/article/CTX239437\">https://support.citrix.com/article/CTX239437</a> </p>\n<p>Citrix XenServer 7.5: CTX239436 \u2013 <a href=\"https://support.citrix.com/article/CTX239436\">https://support.citrix.com/article/CTX239436</a> </p>\n<p>Citrix XenServer 7.1 LTSR CU1: CTX239435 \u2013 <a href=\"https://support.citrix.com/article/CTX239435\">https://support.citrix.com/article/CTX239435</a> </p>\n<p>Citrix XenServer 7.0: CTX239434 \u2013 <a href=\"https://support.citrix.com/article/CTX239434\">https://support.citrix.com/article/CTX239434</a> </p>\n<p> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>20th November 2018</td>\n<td>Initial Issue </td>\n</tr>\n<tr>\n<td>8th January 2019</td>\n<td>Updated CVE identifiers for TBA entries</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-01-08T05:00:00", "published": "2018-11-20T05:00:00", "id": "CTX239432", "href": "https://support.citrix.com/article/CTX239432", "type": "citrix", "title": "Citrix XenServer Security Update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-03-12T22:20:11", "published": "2019-03-12T22:20:11", "id": "FEDORA:D16B26094E7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-4.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-07-02T02:30:55", "published": "2019-07-02T02:30:55", "id": "FEDORA:501B260EC97D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-6.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-05-30T17:27:30", "published": "2019-05-30T17:27:30", "id": "FEDORA:830BA60779B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.1-5.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19963", "CVE-2018-19964", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2019-11091", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18421", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-11-17T01:42:57", "published": "2019-11-17T01:42:57", "id": "FEDORA:BED2C6068713", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.2-2.fc29", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-03-21T21:09:08", "published": "2019-03-21T21:09:08", "id": "FEDORA:5267F604C2BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-04T05:52:52", "published": "2018-11-04T05:52:52", "id": "FEDORA:1CB13619263C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-8.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-14T03:14:58", "published": "2018-11-14T03:14:58", "id": "FEDORA:936F660E6650", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-9.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18883"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-22T03:23:53", "published": "2018-11-22T03:23:53", "id": "FEDORA:925F660BC44D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xen-4.11.0-10.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-15746", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2018-12-04T03:05:00", "published": "2018-12-04T03:05:00", "id": "FEDORA:5D8CE608ED0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-15746", "CVE-2018-16867", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20191", "CVE-2019-3812", "CVE-2019-6778"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-03-25T06:10:52", "published": "2019-03-25T06:10:52", "id": "FEDORA:A833A6076D01", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[12:2.9.0-19.el7]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 28205376]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626490]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873208] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971701] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28949917] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885514] {CVE-2018-16847}\n- x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature (Jingqi Liu) [Orabug: 28985301]\n- i386: Define AMD's no SSB mitigation needed. (Konrad Rzeszutek Wilk) [Orabug: 28951578]\n- i386: define the AMD 'amd-ssbd' CPUID feature bit (Konrad Rzeszutek Wilk) [Orabug: 28951578]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 28897545]\n- hw/i386: Fix IVHD entry length for AMD IOMMU (Jan Kiszka) [Orabug: 28891184]\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891188]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886306]\n- i386: Add Intel Processor Trace feature support (Chao Peng) [Orabug: 28886306]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu)", "edition": 3, "modified": "2019-01-28T00:00:00", "published": "2019-01-28T00:00:00", "id": "ELSA-2019-4520", "href": "http://linux.oracle.com/errata/ELSA-2019-4520.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16867", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[15:3.0.0-3.el7]\n- monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]\n- monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]\n- Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480]\n- usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}\n[15:3.0.0-2.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921]\n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]\n- configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]", "edition": 4, "modified": "2018-12-21T00:00:00", "published": "2018-12-21T00:00:00", "id": "ELSA-2018-4313", "href": "http://linux.oracle.com/errata/ELSA-2018-4313.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:12:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16867", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[15:3.0.0-3.el7]\n- monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]\n- monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]\n- Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480]\n- usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}\n[15:3.0.0-2.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921]\n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]\n- configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]", "edition": 5, "modified": "2018-12-21T00:00:00", "published": "2018-12-21T00:00:00", "id": "ELSA-2018-4312", "href": "http://linux.oracle.com/errata/ELSA-2018-4312.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2018-12617", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-17958"], "description": "Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nNE2000 device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)\n\nIt was discovered that QEMU incorrectly handled the Slirp networking \nback-end. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu \n18.04 LTS. (CVE-2018-11806)\n\nFakhri Zulkifli discovered that the QEMU guest agent incorrectly handled \ncertain QMP commands. An attacker could possibly use this issue to crash \nthe QEMU guest agent, resulting in a denial of service. (CVE-2018-12617)\n\nLi Qiang discovered that QEMU incorrectly handled NVM Express Controller \nemulation. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. This \nissue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nRTL8139 device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nPCNET device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962)\n\nDaniel Shapira discovered that QEMU incorrectly handled large packet sizes. \nAn attacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2018-17963)\n\nIt was discovered that QEMU incorrectly handled LSI53C895A device \nemulation. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2018-18849)\n\nMoguofang discovered that QEMU incorrectly handled the IPowerNV LPC \ncontroller. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. This issue only affected Ubuntu \n18.04 LTS and Ubuntu 18.10. (CVE-2018-18954)\n\nZhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System \nsupport. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2018-19364)", "edition": 3, "modified": "2018-11-26T00:00:00", "published": "2018-11-26T00:00:00", "id": "USN-3826-1", "href": "https://ubuntu.com/security/notices/USN-3826-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}