Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-426.NASLHistoryMar 27, 2019 - 12:00 a.m.
openSUSE Security Update : qemu (openSUSE-2019-426) (Spectre)
2019-03-2700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
This update for qemu fixes the following issues :
This security issue was fixed :
-
CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885).
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
This patch permits the new x86 cpu feature flag named ‘ssbd’ to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well.
For this feature to be enabled please use the qemu commandline
-cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature.
spec-ctrl and ssbd support is also required in the host.
This non-security issue was fixed :
- Fix qemu-guest-agent uninstall (boo#1093169)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-426.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123186);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2018-3639");
script_name(english:"openSUSE Security Update : qemu (openSUSE-2019-426) (Spectre)");
script_summary(english:"Check for the openSUSE-2019-426 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for qemu fixes the following issues :
This security issue was fixed :
- CVE-2018-3639: Spectre v4 vulnerability mitigation
support for KVM guests (bsc#1092885).
Systems with microprocessors utilizing speculative
execution and speculative execution of memory reads
before the addresses of all prior memory writes are
known may allow unauthorized disclosure of information
to an attacker with local user access via a side-channel
analysis.
This patch permits the new x86 cpu feature flag named
'ssbd' to be presented to the guest, given that the host
has this feature, and KVM exposes it to the guest as
well.
For this feature to be enabled please use the qemu
commandline
-cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take
advantage of the feature.
spec-ctrl and ssbd support is also required in the host.
This non-security issue was fixed :
- Fix qemu-guest-agent uninstall (boo#1093169)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092885"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093169"
);
script_set_attribute(attribute:"solution", value:"Update the affected qemu packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ipxe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ksm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-seabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-sgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-testsuite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-vgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/22");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-arm-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-arm-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-curl-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-curl-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-dmg-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-dmg-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-gluster-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-gluster-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-iscsi-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-iscsi-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-rbd-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-rbd-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-ssh-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-block-ssh-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-debugsource-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-extra-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-extra-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-guest-agent-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-guest-agent-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-ipxe-1.0.0-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-ksm-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-kvm-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-lang-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-linux-user-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-linux-user-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-linux-user-debugsource-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-ppc-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-ppc-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-s390-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-s390-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-seabios-1.11.0-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-sgabios-8-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-testsuite-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-tools-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-tools-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-vgabios-1.11.0-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-x86-2.11.1-lp150.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"qemu-x86-debuginfo-2.11.1-lp150.7.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-linux-user / qemu-linux-user-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | qemu | p-cpe:/a:novell:opensuse:qemu |
| novell | opensuse | qemu-arm | p-cpe:/a:novell:opensuse:qemu-arm |
| novell | opensuse | qemu-arm-debuginfo | p-cpe:/a:novell:opensuse:qemu-arm-debuginfo |
| novell | opensuse | qemu-block-curl | p-cpe:/a:novell:opensuse:qemu-block-curl |
| novell | opensuse | qemu-block-curl-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo |
| novell | opensuse | qemu-block-dmg | p-cpe:/a:novell:opensuse:qemu-block-dmg |
| novell | opensuse | qemu-block-dmg-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo |
| novell | opensuse | qemu-block-gluster | p-cpe:/a:novell:opensuse:qemu-block-gluster |
| novell | opensuse | qemu-block-gluster-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo |
| novell | opensuse | qemu-block-iscsi | p-cpe:/a:novell:opensuse:qemu-block-iscsi |
Related
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2018:1659) (Spectre)
2018-05-23 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)
2018-05-23 00:00:00
openSUSE Security Update : libvirt (openSUSE-2019-424) (Spectre)
2019-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.212.b04-0.fc29
2019-05-03 03:43:22
ibm
ibm
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
java-1.8.0-openjdk security update
2018-05-22 00:00:00
f5
f5
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
suse
suse
Security update for libvirt (moderate)
2018-08-13 12:07:25
Security update for libvirt (important)
2018-06-09 15:07:56
openvas
openvas
Ubuntu Update for qemu USN-3651-1
2018-10-26 00:00:00
CentOS Update for qemu-guest-agent CESA-2018:1660 centos6
2018-05-23 00:00:00
openSUSE: Security Advisory for libvirt (openSUSE-SU-2018:1621-1)
2018-10-26 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
redhat
redhat
(RHSA-2018:2171) Important: kernel security update
2018-07-11 15:14:50
(RHSA-2018:2161) Important: kernel security and bug fix update
2018-07-10 15:28:42
(RHSA-2018:2001) Important: qemu-kvm security update
2018-06-26 14:59:53
centos
centos
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:30:51
java security update
2018-05-22 15:32:03
debiancve
debiancve
CVE-2018-3639
2018-05-22 12:29:00
virtuozzo
virtuozzo
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
vmware
vmware
symantec
symantec
Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-21 00:00:00
msrc
msrc
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
2018-05-21 07:00:00
osv
osv
CVE-2018-3639
2018-05-22 12:29:00
xen - security update
2018-05-25 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2018-06-08 18:34:00
Important: libvirt
2018-06-07 23:33:00
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
ubuntu
ubuntu
QEMU update
2018-06-12 00:00:00
cve
cve
CVE-2018-3639
2018-05-22 12:29:00
veracode
veracode
Information Disclosure
2019-01-15 09:22:18
zdt
zdt
photon
photon
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
Related for OPENSUSE-2019-426.NASL