{"id": "ORACLELINUX_ELSA-2019-1264.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 7 : libvirt (ELSA-2019-1264)", "description": "From Red Hat Security Advisory 2019:1264 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)", "published": "2019-05-28T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/125442", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2019-May/008761.html"], "cvelist": ["CVE-2019-10132"], "type": "nessus", "lastseen": "2021-01-01T04:45:53", "edition": 17, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-10132"]}, {"type": "nessus", "idList": ["FEDORA_2019-5F105DD2B6.NASL", "FEDORA_2019-9210998AAA.NASL", "UBUNTU_USN-4021-1.NASL", "ORACLELINUX_ELSA-2019-1268.NASL", "REDHAT-RHSA-2019-1455.NASL", "REDHAT-RHSA-2019-1264.NASL", "REDHAT-RHSA-2019-1268.NASL", "CENTOS_RHSA-2019-1264.NASL", "SUSE_SU-2019-1490-1.NASL", "SL_20190523_LIBVIRT_ON_SL7_X.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1264", "ELSA-2019-2294", "ELSA-2020-0279", "ELSA-2019-4688", "ELSA-2019-4687", "ELSA-2019-4714", "ELSA-2019-1268"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310883060", "OPENVAS:1361412562310876422", "OPENVAS:1361412562310844057", "OPENVAS:1361412562310876565", "OPENVAS:1361412562310876563"]}, {"type": "redhat", "idList": ["RHSA-2019:1264", "RHSA-2019:1455", "RHSA-2019:1268"]}, {"type": "centos", "idList": ["CESA-2019:1264"]}, {"type": "ubuntu", "idList": ["USN-4021-1"]}, {"type": "fedora", "idList": ["FEDORA:761BC607A42A", "FEDORA:CF8DE6049C48", "FEDORA:B550461845B3"]}, {"type": "amazon", "idList": ["ALAS2-2019-1274"]}], "modified": "2021-01-01T04:45:53", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-01-01T04:45:53", "rev": 2}, "vulnersScore": 5.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1264 and \n# Oracle Linux Security Advisory ELSA-2019-1264 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125442);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"RHSA\", value:\"2019:1264\");\n\n script_name(english:\"Oracle Linux 7 : libvirt (ELSA-2019-1264)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1264 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008761.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.0.1.el7_6.10\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.0.1.el7_6.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "125442", "cpe": ["p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc", "p-cpe:/a:oracle:linux:libvirt-login-shell", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-daemon-lxc"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T21:41:37", "description": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-22T18:29:00", "title": "CVE-2019-10132", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10132"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/a:redhat:libvirt:4.1.0", "cpe:/o:fedoraproject:fedora:-"], "id": "CVE-2019-10132", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10132", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:libvirt:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-06-18T16:43:28", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "[5.0.0-4.el7]\n- logging: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- locking: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- admin: reject clients unless their UID matches the current UID (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}", "edition": 2, "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ELSA-2019-4687", "href": "http://linux.oracle.com/errata/ELSA-2019-4687.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "[4.5.0-10.0.1]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-10.el7_6.10]\n- virnwfilterbindingobj: Introduce and use virNWFilterBindingObjStealDef (rhbz#1702173)\n- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)\n- locking: restrict sockets to mode 0600 (CVE-2019-10132)\n- logging: restrict sockets to mode 0600 (CVE-2019-10132)", "edition": 3, "modified": "2019-05-23T00:00:00", "published": "2019-05-23T00:00:00", "id": "ELSA-2019-1264", "href": "http://linux.oracle.com/errata/ELSA-2019-1264.html", "title": "libvirt security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-06-18T06:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "[5.0.0-4.el7]\n- logging: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- locking: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- admin: reject clients unless their UID matches the current UID (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}", "edition": 2, "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ELSA-2019-4688", "href": "http://linux.oracle.com/errata/ELSA-2019-4688.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-30T19:27:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-11091", "CVE-2018-12127", "CVE-2019-10132", "CVE-2018-12130"], "description": "[4.5.0-23.2.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-23.2.el8]\n- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)\n- locking: restrict sockets to mode 0600 (CVE-2019-10132)\n- logging: restrict sockets to mode 0600 (CVE-2019-10132)\n[4.5.0-23.1.el8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- qemu: Don't cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1268", "href": "http://linux.oracle.com/errata/ELSA-2019-1268.html", "title": "virt:rhel security update", "type": "oraclelinux", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-09T12:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-11091", "CVE-2018-12130"], "description": "[5.0.0-9.el7]\n- qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten\n Have) [Orabug: 29956508]\n[5.0.0-8.el7]\n- api: disallow virDomainSaveImageGetXMLDesc on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10161}\n- domain: Define explicit flags for saved image xml (Eric Blake) [Orabug: 29955742]\n- api: disallow virDomainManagedSaveDefineXML on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10166}\n- api: disallow virConnectGetDomainCapabilities on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10167}\n- api: disallow virConnect*HypervisorCPU on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10168}\n[5.0.0-7.el7]\n- cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]\n {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n[5.0.0-6.el7]\n- qemu: Driver change adding private lock to auto-tune hugepages (Wim ten Have)\n [Orabug: 29809943]\n[5.0.0-5.el7]\n- qemu: disable setmem change requests for vNUMA targets (Wim ten Have) [Orabug: 29797366]\n- domain: Disable memballoon memory configuration support for vNUMA guests (Wim ten Have) [Orabug: 29797366]\n- qemu: Driver change to target for vNUMA setmaxmem change request (Wim ten Have) [Orabug: 29749852]\n- domain: Add domain memory config support for vNUMA guests (Wim ten Have) [Orabug: 29749852]\n- logging: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- locking: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}\n- admin: reject clients unless their UID matches the current UID (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}", "edition": 3, "modified": "2019-07-10T00:00:00", "published": "2019-07-10T00:00:00", "id": "ELSA-2019-4714", "href": "http://linux.oracle.com/errata/ELSA-2019-4714.html", "title": "libvirt security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-14T08:34:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3840", "CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.5.0-23]\n- api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161)\n- api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166)\n- api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167)\n- api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168)\n[4.5.0-22]\n- qemu: Drop cleanup label from qemuProcessInitCpuAffinity() (rhbz#1718172)\n- qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity() (rhbz#1718172)\n[4.5.0-21]\n- cpu_conf: Fix XPath for parsing TSC frequency (rhbz#1641702)\n[4.5.0-20]\n- util: alloc: add macros for implementing automatic cleanup functionality (rhbz#1703661)\n- util: bitmap: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1703661)\n- util: Introduce virBitmapUnion() (rhbz#1703661)\n- util: Introduce virNumaNodesetToCPUset() (rhbz#1703661)\n- qemu: Fix qemuProcessInitCpuAffinity() (rhbz#1703661)\n- qemu: Fix leak in qemuProcessInitCpuAffinity() (rhbz#1703661)\n[4.5.0-19]\n- virfile: added GPFS as shared fs (rhbz#1710728)\n- util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically (rhbz#1641702)\n- vircpuhost: Add support for reading MSRs (rhbz#1641702)\n- virhostcpu: Make virHostCPUGetMSR() work only on x86 (rhbz#1641702)\n- qemu: Make virQEMUCapsProbeHostCPUForEmulator more generic (rhbz#1641702)\n- qemuargv2xmltest: Use mocked virQEMUCapsProbeHostCPU (rhbz#1641702)\n- util: Add virHostCPUGetTscInfo (rhbz#1641702)\n- conf: Report TSC frequency in host CPU capabilities (rhbz#1641702)\n- cpu_x86: Fix placement of *CheckFeature functions (rhbz#1641702)\n- cpu_x86: Probe TSC frequency and scaling support (rhbz#1641702)\n- qemu: Check TSC frequency before starting QEMU (rhbz#1641702)\n- util: Propagate numad failures correctly (rhbz#1716387)\n[4.5.0-18]\n- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)\n- locking: restrict sockets to mode 0600 (CVE-2019-10132)\n- logging: restrict sockets to mode 0600 (CVE-2019-10132)\n- util: require command args to be non-NULL (rhbz#1672957)\n- qemu: use line breaks in command line args written to log (rhbz#1672957)\n[4.5.0-17]\n- cpu_map: Add support for cldemote CPU feature (rhbz#1537777)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12126, CVE-2018-12127, CVE-2019-11091, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2019-11091, CVE-2018-12130)\n[4.5.0-16]\n- Handle copying bitmaps to larger data buffers (rhbz#1703159)\n- nwfilter: fix adding std MAC and IP values to filter binding (rhbz#1691358)\n- util: suppress unimportant ovs-vsctl errors when getting interface stats (rhbz#1683175)\n[4.5.0-15]\n- qemu_hotplug: Initialize @charAlias in qemuDomainRemoveChrDevice (rhbz#1658198)\n[4.5.0-14]\n- cpu_map: Add features for Icelake CPUs (rhbz#1527659, rhbz#1526624)\n- cpu_map: Add Icelake CPU models (rhbz#1526624)\n- cpu_x86: Do not cache microcode version (rhbz#1576369)\n- qemu: Dont cache microcode version (rhbz#1576369)\n- util: Rename some functions of virresctrl (rhbz#1468650)\n- util: Refactor virResctrlGetInfo in virresctrl (rhbz#1468650)\n- util: Refactor virResctrlAllocFormat of virresctrl (rhbz#1468650)\n- util: Add MBA capability information query to resctrl (rhbz#1468650)\n- util: Add MBA check to virResctrlInfoGetCache (rhbz#1468650)\n- util: Add MBA allocation to virresctrl (rhbz#1468650)\n- util: Add MBA schemata parse and format methods (rhbz#1468650)\n- util: Add support to calculate MBA utilization (rhbz#1468650)\n- util: Introduce virResctrlAllocForeachMemory (rhbz#1468650)\n- util: Introduce virResctrlAllocSetMemoryBandwidth (rhbz#1468650)\n- conf: Rename cachetune to resctrl (rhbz#1468650)\n- conf: Factor out vcpus parsing part from virDomainCachetuneDefParse (rhbz#1468650)\n- conf: Factor out vcpus overlapping from virDomainCachetuneDefParse (rhbz#1468650)\n- conf: Factor out virDomainResctrlDef update from virDomainCachetuneDefParse (rhbz#1468650)\n- conf: Add support for memorytune XML processing for resctrl MBA (rhbz#1468650)\n- conf: Add return value check to virResctrlAllocForeachCache (rhbz#1468650)\n- conf: Add memory bandwidth allocation capability of host (rhbz#1468650)\n- conf: Fix bug in finding alloc through matching vcpus (rhbz#1468650)\n- resctrl: Do not calculate free bandwidth for MBA (rhbz#1468650)\n- resctrl: Set MBA defaults properly (rhbz#1468650)\n- resctrl: Fix testing line (rhbz#1468650)\n- virresctrl: fix MBA memory leak (rhbz#1468650)\n- test: caps: Add capabilities for QEMU 3.1.0 (rhbz#1628892)\n- util: Introduce virHostGetDRMRenderNode helper (rhbz#1628892)\n- conf: Introduce virDomainGraphics-related helpers (rhbz#1628892)\n- qemu: process: spice: Pick the first available DRM render node (rhbz#1628892)\n- qemu: command: Introduce qemuBuildGraphicsEGLHeadlessCommandLine helper (rhbz#1628892)\n- qemu: caps: Introduce QEMU_EGL_HEADLESS_RENDERNODE capability (rhbz#1628892)\n- conf: gfx: Add egl-headless as a member to virDomainGraphicsDef struct (rhbz#1628892)\n- conf: gfx: egl-headless: Introduce a new \n subelement (rhbz#1628892)\n- qemu: domain: egl-headless: Add the DRI device into the namespace (rhbz#1628892)\n- qemu: cgroup: gfx: egl-headless: Add the DRI device into the cgroup list (rhbz#1628892)\n- security: dac: gfx: egl-headless: Relabel the DRI device (rhbz#1628892)\n- qemu: command: gfx: egl-headless: Add 'rendernode' option to the cmdline (rhbz#1628892)\n- domain: conf: graphics: Fix picking DRI renderer automatically for SPICE (rhbz#1628892)\n- qemu: domain: gfx: Fix shadowing of a function argument in validation (rhbz#1628892)\n[4.5.0-13]\n- storage: Extract out mount command creation for FS Backend (rhbz#1584663)\n- storage: Move FS backend mount creation command helper (rhbz#1584663)\n- storage: Move virStorageBackendFileSystemGetPoolSource (rhbz#1584663)\n- tests: Introduce tests for storage pool xml to argv checks (rhbz#1584663)\n- tests: Add storagepool xml test for netfs-auto (rhbz#1584663)\n- storage: Rework virStorageBackendFileSystemMountCmd (rhbz#1584663)\n- storage: Add default mount options for fs/netfs storage pools (rhbz#1584663)\n- conf: Add optional NFS Source Pool \n option (rhbz#1584663)\n- storage: Add the nfsvers to the command line (rhbz#1584663)\n- virsh: Add source-protocol-ver for pool commands (rhbz#1584663)\n- RHEL: conf: storage: Fix a memory leak in virStoragePoolDefParseSource (rhbz#1584663)\n- tests: Reuse qemucapabilities data for qemucaps2xml (rhbz#1628469)\n- tests: Add more tests to qemucaps2xml (rhbz#1628469)\n- qemu: Drop QEMU_CAPS_ENABLE_KVM (rhbz#1628469)\n- qemu: Avoid probing non-native binaries all the time (rhbz#1628469)\n- qemu: Clarify QEMU_CAPS_KVM (rhbz#1628469)\n- qemu: Dont check for /dev/kvm presence (rhbz#1628469)\n- tests: Follow up on qemucaps2xmldata rename (rhbz#1628469)\n- qemu: hotplug: Dont generate alias when detaching disk (rhbz#1658198)\n- qemu: hotplug: Dont generate alias when detaching controllers (rhbz#1658198)\n- tests: add channel-unix-guestfwd (rhbz#1658198)\n- qemu: Use @tmpChr in qemuDomainDetachChrDevice to build device string (rhbz#1658198)\n- qemuL: Drop 'user-' prefix for guestfwd netdev (rhbz#1658198)\n- qemu_hotplug: Attach guestfwd using netdev_add (rhbz#1658198)\n- qemu_hotplug: Detach guestfwd using netdev_del (rhbz#1658198)\n- qemuhotplugtest: Test guestfwd attach and detach (rhbz#1658198)\n- qemu_hotplug: Dont build device string in qemuDomainDetachChrDevice (rhbz#1658198)\n- qemu_hotplug: Assume chardev alias always exists in qemuDomainDetachChrDevice (rhbz#1658198)\n- qemu: fix device name passed to error report (rhbz#1658198)\n- qemu_hotplug: Properly check for qemuMonitorDelDevice retval (rhbz#1658198)\n- qemu_hotplug: Introduce and use qemuDomainDeleteDevice (rhbz#1658198)\n- qemu: hotplug: Remove 'ret' variable in qemuDomainDetachDeviceDiskLive (rhbz#1658198)\n- qemu: hotplug: Use typecasted enum in qemuDomainDetachDeviceDiskLive (rhbz#1658198)\n- qemu: hotplug: Use switch statement for selecting disk bus function (rhbz#1658198)\n- qemu: hotplug: Merge virtio and non-virtio disk unplug code (rhbz#1658198)\n- qemu_hotplug: remove unnecessary check for valid PCI address (rhbz#1658198)\n- qemu_hotplug: rename a virDomainDeviceInfoPtr to avoid confusion (rhbz#1658198)\n- qemu_hotplug: eliminate multiple identical qemuDomainDetachHost*Device() functions (rhbz#1658198)\n- qemu_hotplug: eliminate unnecessary call to qemuDomainDetachNetDevice() (rhbz#1658198)\n- qemu_hotplug: refactor qemuDomainDetachDiskLive and qemuDomainDetachDiskDevice (rhbz#1658198)\n- qemu_hotplug: dont call DetachThisHostDevice for hostdev network devices (rhbz#1658198)\n- qemu_hotplug: merge qemuDomainDetachThisHostDevice into qemuDomainDetachHostDevice (rhbz#1658198)\n- qemu_hotplug: move qemuDomainChangeGraphicsPasswords() (rhbz#1658198)\n- qemu_hotplug: move (almost) all qemuDomainDetach*() functions together (rhbz#1658198)\n- qemu_hotplug: move (Attach|Detach)Lease functions with others of same type (rhbz#1658198)\n- qemu_hotplug: move qemuDomainDetachDeviceLive() to qemu_hotplug.c (rhbz#1658198)\n- qemu_hotplug: remove extra function in middle of DetachController call chain (rhbz#1658198)\n- qemu_hotplug: pull qemuDomainUpdateDeviceList out of qemuDomainDetachDeviceLive (rhbz#1658198)\n- test: replace calls to individual detach functions with one call to main detach (rhbz#1658198)\n- qemu_hotplug: make Detach functions called only from qemu_hotplug.c static (rhbz#1658198)\n- qemu_hotplug: rename dev to match in qemuDomainDetachDeviceLive (rhbz#1658198)\n- qemu_hotplug: separate Chr|Lease from other devices in DetachDevice switch (rhbz#1658198)\n- qemu_hotplug: standardize the names/args/calling of qemuDomainDetach*() (rhbz#1658198)\n- qemu_hotplug: rename Chr and Lease Detach functions (rhbz#1658198)\n- qemu_hotplug: new function qemuDomainRemoveAuditDevice() (rhbz#1658198)\n- qemu_hotplug: audit *all* auditable device types in qemuDomainRemoveAuditDevice (rhbz#1658198)\n- qemu_hotplug: consolidate all common detach code in qemuDomainDetachDeviceLive (rhbz#1658198)\n- qemu_hotplug: dont shutdown net device until the guest has released it (rhbz#1658198)\n- qemu_hotplug: delay sending DEVICE_REMOVED event until after *all* teardown (rhbz#1658198)\n- conf: Expose virDomainSCSIDriveAddressIsUsed (rhbz#1692296)\n- qemuhotplugtest: Dont plug a SCSI disk at unit 7 (rhbz#1692296)\n- qemu_hotplug: Check for duplicate drive addresses (rhbz#1692296)\n- qemu: Rework setting process affinity (rhbz#1695434)\n- qemu: Set up EMULATOR thread and cpuset.mems before exec()-ing qemu (rhbz#1695434)\n[4.5.0-12]\n- src: Document autostart for session demon (rhbz#1501450)\n- nwfilter: Add extra verbiage for binding create/delete (rhbz#1609454)\n- qemu: Remove duplicated qemuAgentCheckError (rhbz#1663051, CVE-2019-3840)\n- qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1663051, CVE-2019-3840)\n- virsh: Add missed fields to pool-define-as item entry (rhbz#1615680)\n- qemu: Add entry for balloon stat stat-disk-caches (rhbz#1690122)\n- qemu: Set identity for the reconnect all thread (rhbz#1631622)\n- docs: schemas: Fix missing timestamp inside backingStore (rhbz#1594266)\n- storage: Remove secretPath from _virStorageBackendQemuImgInfo (rhbz#1613737)\n- storage: Allow for inputvol to have any format for encryption (rhbz#1613737)\n- storage: Allow inputvol to be encrypted (rhbz#1613737)\n- virsh: man: Document quirks of device-detach and friends (rhbz#1688961)\n- virsh: man: Document asynchronous behaviour of detach-device-alias (rhbz#1688961)\n- access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631606)\n- qemu: Put format=raw onto cmd line for SCSI passthrough (rhbz#1632833)\n- virnwfilterbindingobj: Introduce and use virNWFilterBindingObjStealDef (rhbz#1686927)\n- logging: ensure pending I/O is drained before reading position (rhbz#1660531)\n- conf: Fix check for chardev source path (rhbz#1609720)\n- util: skip RDMA detection for non-PCI network devices (rhbz#1639258)\n- qemu: Set job statsType for external memory snapshot (rhbz#1690703)\n- virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1592737)\n- virsh: Require explicit --domain for domxml-to-native (rhbz#1633077)\n[4.5.0-11]\n- security: dac: also label listen UNIX sockets (rhbz#1633389)\n- qemu: fix up permissions for pre-created UNIX sockets (rhbz#1633389)\n- virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1632711)\n- virfile: fix cast-align error (rhbz#1632711)\n- virfiletest: Fix test name prefix for virFileInData test (rhbz#1632711)\n- virfiletst: Test virFileIsSharedFS (rhbz#1632711)\n- virFileIsSharedFSType: Detect direct mount points (rhbz#1632711)\n- virfile: Rework virFileIsSharedFixFUSE (rhbz#1632711)\n- virfile: Take symlink into account in virFileIsSharedFixFUSE (rhbz#1640465)\n- qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT (rhbz#1612943)\n- qemu: Report more appropriate running reasons (rhbz#1612943)\n- qemu: Pass running reason to RESUME event handler (rhbz#1612943)\n- qemu: Map running reason to resume event detail (rhbz#1612943)\n- qemu: Avoid duplicate resume events and state changes (rhbz#1612943)\n- qemu: Dont ignore resume events (rhbz#1612943)\n- qemu: Fix post-copy migration on the source (rhbz#1647365)\n- RHEL: cpu_map: Mark arch-facilities feature as non-migratable (rhbz#1658406)\n- virfile: Detect ceph as shared FS (rhbz#1665553)\n- util: Dont overflow in virRandomBits (rhbz#1652894)\n- virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1652894)\n- RHEL: spec: Require new enough librbd1 (rhbz#1658652)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1558558)\n- cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1558558)\n- cputest: Add data for Intel(R) Xeon(R) CPU E7540 (rhbz#1558558)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2650 (rhbz#1558558)\n- cputest: Add data for Intel(R) Core(TM) i7-8700 (rhbz#1558558)\n- cpu_x86: Separate signature parsing from x86ModelParse (rhbz#1558558)\n- cpu_x86: Add x86ModelCopySignatures helper (rhbz#1558558)\n- cpu_x86: Store CPU signature in an array (rhbz#1558558)\n- cpu_x86: Allow multiple signatures for a CPU model (rhbz#1558558)\n- cpu_map: Add hex representation of signatures (rhbz#1558558)\n- cpu_map: Add more signatures for Conroe CPU model (rhbz#1558558)\n- cpu_map: Add more signatures for Penryn CPU model (rhbz#1558558)\n- cpu_map: Add more signatures for Nehalem CPU models (rhbz#1558558)\n- cpu_map: Add more signatures for Westmere CPU model (rhbz#1558558)\n- cpu_map: Add more signatures for SandyBridge CPU models (rhbz#1558558)\n- cpu_map: Add more signatures for IvyBridge CPU models (rhbz#1558558)\n- cpu_map: Add more signatures for Haswell CPU models (rhbz#1558558)\n- cpu_map: Add more signatures for Broadwell CPU models (rhbz#1558558)\n- cpu_map: Add more signatures for Skylake-Client CPU models (rhbz#1558558)\n- cpu: Dont access invalid memory in virCPUx86Translate (rhbz#1558558)\n- cpu_x86: Log decoded CPU model and signatures (rhbz#1558558)\n- util: Modify virStorageFileGetSCSIKey return (rhbz#1657468)\n- storage: Rework virStorageBackendSCSISerial (rhbz#1657468)\n- util: Introduce virStorageFileGetNPIVKey (rhbz#1657468)\n- storage: Fetch a unique key for vHBA/NPIV LUNs (rhbz#1657468)\n- RHEL: qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656360)\n- RHEL: qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656360)\n- qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665474)\n- qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1669581)\n- qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669586)", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2294", "href": "http://linux.oracle.com/errata/ELSA-2019-2294.html", "title": "libvirt security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:26:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11135", "CVE-2018-17963", "CVE-2019-6778", "CVE-2019-15890", "CVE-2018-20815", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-14378", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-12155", "CVE-2019-6501", "CVE-2018-3639", "CVE-2019-11091", "CVE-2018-12130"], "description": "hivex\nlibguestfs\n[1:1.38.4-14.0.1]\n- Config supermin to use host yum.conf in ol8 [Orabug: 29319324]\n- Set DISTRO_ORACLE_LINUX correspeonding to ol\n[1:1.38.4-14]\n- v2v: use -T as argument of scp when copying vmx files via ssh\n resolves: rhbz#1738886\n* Fri Jun 28 2019 Danilo de Paula \n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[1:1.38.4-12]\n- v2v: update nbdkit information in documentation\n resolves: rhbz#1651115\n- v2v: use proper SELinux label for nbdkit sockets\n resolves: rhbz#1717088\nlibguestfs-winsupport\n[8.0-4]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\nlibiscsi\n[1.18.0-8]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[1.18.0-7.el8]\n- libiscsi-redhat-Remove-disable-werror-from-spec-file.patch [bz#1581025]\n- Resolves: bz#1581025\n (Remove --disable-werror from spec file)\n[-]\n- libiscsi-fix-connection-to-LUN-with-IPv6-address.patch [bz#1597942]\n- Resolves: bz#1597942\n (Qemu-kvm fails to connect to iscsi LUN by IPV6 address)\n[1.18.0-5.el8]\n- libiscsi-iser_rcv_completion-unify-error-handling.patch [bz#1634541]\n- libiscsi-iser-fix-posting-of-receive-descriptors.patch [bz#1634541]\n- libiscsi-sync-remove-unnecessary-checks.patch [bz#1634541]\n- libiscsi-do-not-warn-for-strncpy.patch [bz#1634541]\n- libiscsi-avoid-fallthrough.patch [bz#1634541]\n- libiscsi-avoid-truncation-when-logging-message-that-includes-.patch [bz#1634541]\n- Resolves: bz#1634541\n (Fix important coverity issues (libiscsi))\n[1.18.0-4.el8]\n- Fixed a build issue with the latest rdma-core\n[1.18.0-2]\n- Fix rdma deps and don't restrict archs\n- Add --disable-werror to fix gcc8 build (bz #1556044)\n- Spec file cleanups (bz #1483290)\n[1.18.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[1.18.0-1]\n- Rebased to version 1.18.0\n- Added patch to fix gcc7 warnings\n[1.15.0-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[1.15.0-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[1.15.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[1.15.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[1.15.0-1]\n- Rebased to version 1.15.0\n- Removed patch 20 as it has been upstreamed\n- Disabled patch 12 as need for revised one is in question\n- Updated patch 13 to current tree\n- New tool iscsi-perf\n[1.11.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[1.11.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.11.0-1]\n- Rebased to version 1.11.0\n- Most patches removed\n- New tool iscsi-swp + manpages\n[1.9.0-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[1.9.0-5]\n- Rebuild for new libgcrypt\n[1.9.0-4]\n- Cleaned up patches 18/19 to match upstream more closely\n[1.9.0-3]\n- Improved patch 18 to cover write side too\n[1.9.0-2]\n- Add patch 18 to fix QEMU's scsi-generic mode\n[1.9.0-1]\n- Rebase to 1.9.0\n- Cherry-pick selected patches from upstream\n[1.7.0-6]\n- Add patch 5 to silence strict aliasing warnings\n[1.7.0-5]\n- Add patch 4 to enable installing of iscsi-test binary\n[1.7.0-4]\n- Add patch 2 for FIPS mode\n- Add patch 3 to avoid segmentation fault on iscsi-tools\n[1.7.0-3]\n- Correct license for libiscsi-utils, prefer %global to %define\n- Add Requires\n- Remove percent-clean section\n[1.7.0-2]\n- Use percent-config for ld.so.conf.d file.\n[1.7.0-1]\n- Initial version (bug 914752)\nlibvirt\n[4.5.0-35.2.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-35.2.el8]\n- cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)\n- cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)\n[4.5.0-35.1.el8]\n- cpu_conf: Pass policy to CPU feature filtering callbacks (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemuxml2*test: Add tests for Icelake-Server, -pconfig (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemu: Drop disabled CPU features unknown to QEMU (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- cputest: Add data for Ice Lake Server CPU (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- cpu_map: Drop pconfig from Icelake-Server CPU model (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n[4.5.0-35]\n- vircgroupv2: fix setting cpu.max period (rhbz#1749227)\n[4.5.0-34]\n- vircgroupv2: fix abort in VIR_AUTOFREE (rhbz#1747440)\n[4.5.0-33]\n- vircgroupv2: fix parsing multiple values in single file (rhbz#1741825)\n- vircgroupv2: fix virCgroupV2GetCpuCfsQuota for 'max' value (rhbz#1741837)\n[4.5.0-32]\n- virDomainObjListAddLocked: Produce better error message than 'Duplicate key' (rhbz#1737790)\n- virdbus: Grab a ref as long as the while loop is executed (rhbz#1741900)\n[4.5.0-31]\n- virDomainObjListAddLocked: fix double free (rhbz#1728530)\n- docs: schemas: Decouple the virtio options from each other (rhbz#1729675)\n- util: command: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434)\n- util: command: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1721434)\n- util: netdevopenvswitch: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434)\n- util: virnetdevopenvswitch: Drop an unused variable @ovs_timeout (rhbz#1721434)\n- util: netdevopenvswitch: use VIR_AUTOPTR for aggregate types (rhbz#1721434)\n- util: suppress unimportant ovs-vsctl errors when getting interface stats (rhbz#1721434)\n- virNetDevOpenvswitchInterfaceStats: Optimize for speed (rhbz#1721434)\n- test: Introduce virnetdevopenvswitchtest (rhbz#1721434)\n- vircommand: Separate mass FD closing into a function (rhbz#1721434)\n- virCommand: use procfs to learn opened FDs (rhbz#1721434)\n- util: command: Ignore bitmap errors when enumerating file descriptors to close (rhbz#1721434)\n- util: Avoid possible error in virCommandMassClose (rhbz#1721434)\n- vircgroup: fix cgroups v2 controllers detection (rhbz#1689297)\n- vircgroupv2: store enabled controllers (rhbz#1689297)\n[4.5.0-30]\n- virWaitForDevices: Drop confusing part of comment (rhbz#1710575)\n- lib: Drop UDEVSETTLE (rhbz#1710575)\n- m4: Provide default value fore UDEVADM (rhbz#1710575)\n- m4: Drop needless string checks (rhbz#1710575)\n- util: vircgroup: introduce virCgroup(Get|Set)ValueRaw (rhbz#1658890)\n- util: vircgroup: move virCgroupGetValueStr out of virCgroupGetValueForBlkDev (rhbz#1658890)\n- util: vircgroupv1: add support for BFQ blkio files (rhbz#1658890)\n- util: vircgroupv2: add support for BFQ files (rhbz#1658890)\n- Handle copying bitmaps to larger data buffers (rhbz#1703160)\n[4.5.0-29]\n- cpu: allow include files for CPU definition (rhbz#1686895)\n- cpu: fix cleanup when signature parsing fails (rhbz#1686895)\n- cpu: push more parsing logic into common code (rhbz#1686895)\n- cpu: simplify failure cleanup paths (rhbz#1686895)\n- cpu_map: Add support for arch-capabilities feature (rhbz#1693433)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1686895)\n- cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1686895)\n- cputest: Add data for Intel(R) Xeon(R) CPU E7540 (rhbz#1686895)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2650 (rhbz#1686895)\n- cputest: Add data for Intel(R) Core(TM) i7-8700 (rhbz#1686895)\n- cpu_x86: Separate ancestor model parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate signature parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate vendor parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate feature list parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Make sure CPU model names are unique in cpu_map (rhbz#1686895)\n- cpu_x86: Add x86ModelCopySignatures helper (rhbz#1686895)\n- cpu_x86: Store CPU signature in an array (rhbz#1686895)\n- cpu_x86: Allow multiple signatures for a CPU model (rhbz#1686895)\n- cpu_x86: Log decoded CPU model and signatures (rhbz#1686895)\n- qemu_capabilities: Inroduce virQEMUCapsGetCPUModelX86Data (rhbz#1686895)\n- qemu_capabilities: Introduce virQEMUCapsGetCPUModelInfo (rhbz#1686895)\n- qemu_capabilities: Use virQEMUCapsGetCPUModelInfo (rhbz#1686895)\n- cpu_x86: Add virCPUx86DataGetSignature for tests (rhbz#1686895)\n- cpu_map: Add hex representation of signatures (rhbz#1686895)\n- cputest: Test CPU signatures (rhbz#1686895)\n- cpu_map: Add more signatures for Conroe CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for Penryn CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for Nehalem CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Westmere CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for SandyBridge CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for IvyBridge CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Haswell CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Broadwell CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Skylake-Client CPU models (rhbz#1686895)\n- cpu: Don't access invalid memory in virCPUx86Translate (rhbz#1686895)\n- cpu_x86: Require \n within \n in CPU map (rhbz#1697627)\n- cputest: Add data for Intel(R) Xeon(R) Platinum 8268 CPU (rhbz#1693433)\n- cpu_map: Add Cascadelake-Server CPU model (rhbz#1693433)\n- cpu_x86: Introduce virCPUx86DataItem container struct (rhbz#1697627)\n- cpu_x86: Rename virCPUx86Vendor.cpuid (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataItem variables (rhbz#1697627)\n- cpu_x86: Rename x86DataCpuidNext function (rhbz#1697627)\n- cpu_x86: Rename x86DataCpuid (rhbz#1697627)\n- cpu_x86: Rename virCPUx86CPUIDSorter (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataAddCPUIDInt (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataAddCPUID (rhbz#1697627)\n- cpu_x86: Rename virCPUx86VendorToCPUID (rhbz#1697627)\n- cpu_x86: Simplify x86DataAdd (rhbz#1697627)\n- cpu_x86: Introduce virCPUx86DataCmp (rhbz#1697627)\n- cpu_x86: Make x86cpuidSetBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidClearBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidAndBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidMatchMasked more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidMatch more general (rhbz#1697627)\n- cpu_x86: Store virCPUx86DataItem content in union (rhbz#1697627)\n- cpu_x86: Add support for storing MSR features in CPU map (rhbz#1697627)\n- cpu_x86: Move *CheckFeature functions (rhbz#1697627)\n- cputest: Add support for MSR features to cpu-parse.sh (rhbz#1697627)\n- util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically (rhbz#1697627)\n- vircpuhost: Add support for reading MSRs (rhbz#1697627)\n- virhostcpu: Make virHostCPUGetMSR() work only on x86 (rhbz#1697627)\n- cpu_x86: Fix placement of *CheckFeature functions (rhbz#1697627)\n- cpu_conf: Introduce virCPUDefFilterFeatures (rhbz#1697627)\n- qemu_command: Use consistent syntax for CPU features (rhbz#1697627)\n- tests: Add QEMU caps data for future 4.1.0 (rhbz#1697627)\n- tests: Add domain capabilities case for QEMU 4.1.0 (rhbz#1697627)\n- qemuxml2argvtest: Add test for CPU features translation (rhbz#1697627)\n- qemu: Add APIs for translating CPU features (rhbz#1697627)\n- qemu: Probe for max-x86_64-cpu type (rhbz#1697627)\n- qemu: Probe for 'unavailable-features' CPU property (rhbz#1697627)\n- qemu: Probe host CPU after capabilities (rhbz#1697627)\n- qemu_command: Use canonical names of CPU features (rhbz#1697627)\n- qemu: Translate feature names from query-cpu-model-expansion (rhbz#1697627)\n- qemu: Don't use full CPU model expansion (rhbz#1697627)\n- qemu: Make qemuMonitorGetGuestCPU usable on x86 only (rhbz#1697627)\n- cpu: Introduce virCPUDataAddFeature (rhbz#1697627)\n- qemu: Add type filter to qemuMonitorJSONParsePropsList (rhbz#1697627)\n- util: string: Introduce macro for automatic string lists (rhbz#1697627)\n- util: json: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1697627)\n- qemu: Introduce generic qemuMonitorGetGuestCPU (rhbz#1697627)\n- qemu_process: Prefer generic qemuMonitorGetGuestCPU (rhbz#1697627)\n- util: Rework virStringListAdd (rhbz#1697627)\n- conf: Introduce virCPUDefCheckFeatures (rhbz#1697627)\n- cpu_x86: Turn virCPUx86DataIteratorInit into a function (rhbz#1697627)\n- cpu_x86: Introduce virCPUx86FeatureFilter*MSR (rhbz#1697627)\n- cpu_x86: Read CPU features from IA32_ARCH_CAPABILITIES MSR (rhbz#1697627)\n- cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features (rhbz#1697627)\n- qemu: Forbid MSR features with old QEMU (rhbz#1697627)\n- qemu: Drop MSR features from host-model with old QEMU (rhbz#1697627)\n- cpu_x86: Fix memory leak - virCPUx86GetHost (rhbz#1697627)\n- qemu: Use @tmpChr in qemuDomainDetachChrDevice to build device string (rhbz#1624204)\n- qemu: Drop 'user-' prefix for guestfwd netdev (rhbz#1624204)\n- qemu_hotplug: Attach guestfwd using netdev_add (rhbz#1624204)\n- qemu_hotplug: Detach guestfwd using netdev_del (rhbz#1624204)\n- qemuhotplugtest: Test guestfwd attach and detach (rhbz#1624204)\n- daemon: Register secret driver before storage driver (rhbz#1685151)\n- bhyve: Move autostarting of domains into bhyveStateInitialize (rhbz#1685151)\n- Revert 'virStateDriver - Separate AutoStart from Initialize' (rhbz#1685151)\n- Revert 'Separate out StateAutoStart from StateInitialize' (rhbz#1685151)\n- util: moving 'type' argument to avoid issues with mount() syscall. (rhbz#1689297)\n- util: cgroup: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1689297)\n- vircgroup: Rename structs to start with underscore (rhbz#1689297)\n- vircgroup: Introduce standard set of typedefs and use them (rhbz#1689297)\n- vircgroup: Extract file link resolving into separate function (rhbz#1689297)\n- vircgroup: Remove unused function virCgroupKill() (rhbz#1689297)\n- vircgroup: Unexport unused function virCgroupAddTaskController() (rhbz#1689297)\n- vircgroup: Unexport unused function virCgroupRemoveRecursively (rhbz#1689297)\n- vircgroup: Move function used in tests into vircgrouppriv.h (rhbz#1689297)\n- vircgroup: Remove pointless bool parameter (rhbz#1689297)\n- vircgroup: Extract mount options matching into function (rhbz#1689297)\n- vircgroup: Use virCgroupMountOptsMatchController in virCgroupDetectPlacement (rhbz#1689297)\n- vircgroup: Introduce virCgroupEnableMissingControllers (rhbz#1689297)\n- vircgroup: machinename will never be NULL (rhbz#1689297)\n- vircgroup: Remove virCgroupAddTaskController (rhbz#1689297)\n- vircgroup: Introduce virCgroupGetMemoryStat (rhbz#1689297)\n- lxc: Use virCgroupGetMemoryStat (rhbz#1689297)\n- vircgroup: fix MinGW build (rhbz#1689297)\n- vircgroup: Duplicate string before modifying (rhbz#1689297)\n- vircgroup: Extract controller detection into function (rhbz#1689297)\n- vircgroup: Extract placement validation into function (rhbz#1689297)\n- vircgroup: Split virCgroupPathOfController into two functions (rhbz#1689297)\n- vircgroup: Call virCgroupRemove inside virCgroupMakeGroup (rhbz#1689297)\n- vircgroup: Simplify if conditions in virCgroupMakeGroup (rhbz#1689297)\n- vircgroup: Remove obsolete sa_assert (rhbz#1689297)\n- tests: Resolve possible overrun (rhbz#1689297)\n- vircgroup: cleanup controllers not managed by systemd on error (rhbz#1689297)\n- vircgroup: fix bug in virCgroupEnableMissingControllers (rhbz#1689297)\n- vircgroup: rename virCgroupAdd.*Task to virCgroupAdd.*Process (rhbz#1689297)\n- vircgroup: introduce virCgroupTaskFlags (rhbz#1689297)\n- vircgroup: introduce virCgroupAddThread (rhbz#1689297)\n- vircgroupmock: cleanup unused cgroup files (rhbz#1689297)\n- vircgroupmock: rewrite cgroup fopen mocking (rhbz#1689297)\n- vircgrouptest: call virCgroupDetectMounts directly (rhbz#1689297)\n- vircgrouptest: call virCgroupNewSelf instead virCgroupDetectMounts (rhbz#1689297)\n- util: introduce vircgroupbackend files (rhbz#1689297)\n- vircgroup: introduce cgroup v1 backend files (rhbz#1689297)\n- vircgroup: extract virCgroupV1Available (rhbz#1689297)\n- vircgroup: detect available backend for cgroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1ValidateMachineGroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1CopyMounts (rhbz#1689297)\n- vircgroup: extract v1 detect functions (rhbz#1689297)\n- vircgroup: extract virCgroupV1CopyPlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1ValidatePlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1StealPlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1DetectControllers (rhbz#1689297)\n- vircgroup: extract virCgroupV1HasController (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetAnyController (rhbz#1689297)\n- vircgroup: extract virCgroupV1PathOfController (rhbz#1689297)\n- vircgroup: extract virCgroupV1MakeGroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1Remove (rhbz#1689297)\n- vircgroup: extract virCgroupV1AddTask (rhbz#1689297)\n- vircgroup: extract virCgroupV1HasEmptyTasks (rhbz#1689297)\n- vircgroup: extract virCgroupV1BindMount (rhbz#1689297)\n- vircgroup: extract virCgroupV1SetOwner (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioWeight (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetBlkioIoServiced (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetBlkioIoDeviceServiced (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWeight (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadIops (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteIops (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadBps (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteBps (rhbz#1689297)\n- vircgroup: extract virCgroupV1SetMemory (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemoryStat (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemoryUsage (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)Memory*Limit (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemSwapUsage (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Allow|Deny)Device (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Allow|Deny)AllDevices (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuShares (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuCfsPeriod (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuCfsQuota (rhbz#1689297)\n- vircgroup: extract virCgroupV1SupportsCpuBW (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetCpuacct*Usage (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetCpuacctStat (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)FreezerState (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetMems (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetMemoryMigrate (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetCpus (rhbz#1689297)\n- vircgroup: rename virCgroupController into virCgroupV1Controller (rhbz#1689297)\n- vircgroup: rename controllers to legacy (rhbz#1689297)\n- vircgroup: remove VIR_CGROUP_SUPPORTED (rhbz#1689297)\n- vircgroup: include system headers only on linux (rhbz#1689297)\n- vircgroupv1: fix build on non-linux OSes (rhbz#1689297)\n- Revert 'vircgroup: cleanup controllers not managed by systemd on error' (rhbz#1689297)\n- util: introduce cgroup v2 files (rhbz#1689297)\n- vircgroup: introduce virCgroupV2Available (rhbz#1689297)\n- vircgroup: introduce virCgroupV2ValidateMachineGroup (rhbz#1689297)\n- vircgroup: introduce virCgroupV2CopyMounts (rhbz#1689297)\n- vircgroup: introduce virCgroupV2CopyPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectMounts (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2ValidatePlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2StealPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectControllers (rhbz#1689297)\n- vircgroup: introduce virCgroupV2HasController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetAnyController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2PathOfController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2MakeGroup (rhbz#1689297)\n- vircgroup: introduce virCgroupV2Remove (rhbz#1689297)\n- vircgroup: introduce virCgroupV2AddTask (rhbz#1689297)\n- vircgroup: introduce virCgroupV2HasEmptyTasks (rhbz#1689297)\n- vircgroup: introduce virCgroupV2BindMount (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SetOwner (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioWeight (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetBlkioIoServiced (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetBlkioIoDeviceServiced (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWeight (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadIops (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteIops (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadBps (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteBps (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SetMemory (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemoryStat (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemoryUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemoryHardLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemorySoftLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemSwapHardLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemSwapUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuShares (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuCfsPeriod (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuCfsQuota (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SupportsCpuBW (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetCpuacctUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetCpuacctStat (rhbz#1689297)\n- vircgroup: register cgroup v2 backend (rhbz#1689297)\n- vircgroup: add support for hybrid configuration (rhbz#1689297)\n- vircgroupmock: change cgroup prefix (rhbz#1689297)\n- vircgroupmock: add support to test cgroup v2 (rhbz#1689297)\n- vircgrouptest: introduce initFakeFS and cleanupFakeFS helpers (rhbz#1689297)\n- vircgrouptest: prepare testCgroupDetectMounts for cgroup v2 (rhbz#1689297)\n- vircgrouptest: add detect mounts test for cgroup v2 (rhbz#1689297)\n- vircgrouptest: add detect mounts test for hybrid cgroups (rhbz#1689297)\n- vircgrouptest: prepare validateCgroup for cgroupv2 (rhbz#1689297)\n- vircgrouptest: add cgroup v2 tests (rhbz#1689297)\n- vircgrouptest: add hybrid tests (rhbz#1689297)\n- virt-host-validate: rewrite cgroup detection to use util/vircgroup (rhbz#1689297)\n- virt-host-validate: require freezer for LXC (rhbz#1689297)\n- virt-host-validate: Fix build on non-Linux (rhbz#1689297)\n- tests: Use correct function name in error path (rhbz#1689297)\n- util: Fix virCgroupGetMemoryStat (rhbz#1689297)\n- tests: Augment vcgrouptest to add virCgroupGetMemoryStat (rhbz#1689297)\n- vircgroup: introduce virCgroupKillRecursiveCB (rhbz#1689297)\n- vircgroupv2: fix virCgroupV2ValidateMachineGroup (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetMems (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetCpus (rhbz#1689297)\n- util: enable cgroups v2 cpuset controller for threads (rhbz#1689297)\n- util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB (rhbz#1689297)\n- internal: introduce a family of NULLSTR macros (rhbz#1689297)\n- util: vircgroup: improve controller detection (rhbz#1689297)\n- util: vircgroupv2: use any controller to create thread directory (rhbz#1689297)\n- util: vircgroupv2: enable CPU controller only if it's available (rhbz#1689297)\n- util: vircgroupv2: separate return values of virCgroupV2EnableController (rhbz#1689297)\n- util: vircgroupv2: don't error out if enabling controller fails (rhbz#1689297)\n- util: vircgroupv2: mark only requested controllers as available (rhbz#1689297)\n- Revert 'util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB' (rhbz#1689297)\n- util: vircgroupv2: stop enabling missing controllers with systemd (rhbz#1689297)\n[4.5.0-28]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[4.5.0-27]\n- RHEL: spec: Disable gluster on i686 (rhbz#1722668)\n- rpc: virnetlibsshsession: update deprecated functions (rhbz#1722735)\n[4.5.0-26]\n- api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161)\n- api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166)\n- api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167)\n- api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168)\n[4.5.0-25]\n- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)\n- locking: restrict sockets to mode 0600 (CVE-2019-10132)\n- logging: restrict sockets to mode 0600 (CVE-2019-10132)\n- util: skip RDMA detection for non-PCI network devices (rhbz#1693299)\n- virfile: Detect ceph as shared FS (rhbz#1698133)\n- virfile: added GPFS as shared fs (rhbz#1698133)\n- util: bitmap: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1716943)\n- qemu: Rework setting process affinity (rhbz#1716943)\n- qemu: Set up EMULATOR thread and cpuset.mems before exec()-ing qemu (rhbz#1716943)\n- conf: Add definitions for 'uid' and 'fid' PCI address attributes (rhbz#1508149)\n- qemu: Introduce zPCI capability (rhbz#1508149)\n- qemu: Enable PCI multi bus for S390 guests (rhbz#1508149)\n- conf: Introduce extension flag and zPCI member for PCI address (rhbz#1508149)\n- conf: Introduce address caching for PCI extensions (rhbz#1508149)\n- qemu: Auto add pci-root for s390/s390x guests (rhbz#1508149)\n- conf: use virXMLFormatElement() in virDomainDeviceInfoFormat() (rhbz#1508149)\n- conf: Introduce parser, formatter for uid and fid (rhbz#1508149)\n- qemu: Add zPCI address definition check (rhbz#1508149)\n- conf: Allocate/release 'uid' and 'fid' in PCI address (rhbz#1508149)\n- qemu: Generate and use zPCI device in QEMU command line (rhbz#1508149)\n- qemu: Add hotpluging support for PCI devices on S390 guests (rhbz#1508149)\n- qemuDomainRemoveRNGDevice: Remove associated chardev too (rhbz#1508149)\n- qemu_hotplug: remove erroneous call to qemuDomainDetachExtensionDevice() (rhbz#1508149)\n- qemu_hotplug: remove another erroneous qemuDomainDetachExtensionDevice() call (rhbz#1508149)\n- util: Propagate numad failures correctly (rhbz#1716907)\n- util: Introduce virBitmapUnion() (rhbz#1716908)\n- util: Introduce virNumaNodesetToCPUset() (rhbz#1716908)\n- qemu: Fix qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Fix leak in qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Drop cleanup label from qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemuBuildMemoryBackendProps: Pass @priv instead of its individual members (rhbz#1624223)\n- qemu: Don't use -mem-prealloc among with .prealloc=yes (rhbz#1624223)\n- nwfilter: fix adding std MAC and IP values to filter binding (rhbz#1691356)\n- qemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error (rhbz#1658112)\n- qemu_security: Fully implement qemuSecurityDomainSetPathLabel (rhbz#1658112)\n- qemu: process: SEV: Assume libDir to be the directory to create files in (rhbz#1658112)\n- qemu: process: SEV: Relabel guest owner's SEV files created before start (rhbz#1658112)\n[4.5.0-24]\n- tests: qemuxml2argv: add CAPS_ARCH_LATEST macro (rhbz#1698855)\n- qemu: Add ccw support for vhost-vsock (rhbz#1698855)\n- qemu: Allow creating ppc64 guests with graphics and no USB mouse (rhbz#1683681)\n- conf: Expose virDomainSCSIDriveAddressIsUsed (rhbz#1692354)\n- qemuhotplugtest: Don't plug a SCSI disk at unit 7 (rhbz#1692354)\n- qemu_hotplug: Check for duplicate drive addresses (rhbz#1692354)\n- cpu_map: Add support for cldemote CPU feature (rhbz#1537731)\n- util: alloc: add macros for implementing automatic cleanup functionality (rhbz#1505998)\n- qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64 (rhbz#1505998)\n- qemu_domain: add a PPC64 memLockLimit helper (rhbz#1505998)\n- qemu_domain: NVLink2 bridge detection function for PPC64 (rhbz#1505998)\n- PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough (rhbz#1505998)\n- cpu_x86: Do not cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-23]\n- network: explicitly allow icmp/icmpv6 in libvirt zonefile (rhbz#1650320)\n[4.5.0-22]\n- util: fix memory leak in virFirewallDInterfaceSetZone() (rhbz#1650320)\n[4.5.0-21]\n- docs: Drop /dev/net/tun from the list of shared devices (rhbz#1665400)\n- qemu: conf: Remove /dev/sev from the default cgroup device acl list (rhbz#1665400)\n- qemu: cgroup: Expose /dev/sev/ only to domains that require SEV (rhbz#1665400)\n- qemu: domain: Add /dev/sev into the domain mount namespace selectively (rhbz#1665400)\n- security: dac: Relabel /dev/sev in the namespace (rhbz#1665400)\n- qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues (rhbz#1665400)\n- qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root (rhbz#1665400)\n- Revert 'RHEL: Require firewalld-filesystem for firewalld rpm macros' (rhbz#1650320)\n- Revert 'RHEL: network: regain guest network connectivity after firewalld switch to nftables' (rhbz#1650320)\n- configure: change HAVE_FIREWALLD to WITH_FIREWALLD (rhbz#1650320)\n- util: move all firewalld-specific stuff into its own files (rhbz#1650320)\n- util: new virFirewallD APIs + docs (rhbz#1650320)\n- configure: selectively install a firewalld 'libvirt' zone (rhbz#1650320)\n- network: set firewalld zone of bridges to 'libvirt' zone when appropriate (rhbz#1650320)\n- network: allow configuring firewalld zone for virtual network bridge device (rhbz#1650320)\n- util: remove test code accidentally committed to virFirewallDZoneExists (rhbz#1650320)\n- qemu: command: Don't skip 'readonly' and throttling info for empty drive (rhbz#1670337)\n[4.5.0-20]\n- RHEL: qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669424)\n[4.5.0-19]\n- qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1666605)\n- tests: qemuxml2argv: Add test case for empty CDROM with cache mode (rhbz#1553255)\n- qemu: command: Don't format image properties for empty -drive (rhbz#1553255)\n[4.5.0-18]\n- conf: correct false boot order error during domain parse (rhbz#1630393)\n- qemu: Remove duplicated qemuAgentCheckError (rhbz#1665000)\n- qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1665000)\n- qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665244)\n- util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback() (rhbz#1583131)\n- util: add a function to insert new interfaces to IPv6CheckForwarding list (rhbz#1583131)\n- util: use nlmsg_find_attr() instead of an open-coded loop (rhbz#1583131)\n- util: check accept_ra for all nexthop interfaces of multipath routes (rhbz#1583131)\n- util: make forgotten changes suggested during review of commit d40b820c (rhbz#1583131)\n[4.5.0-17]\n- virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1659048)\n- RHEL: qemu: Add ability to set sgio values for hostdev (rhbz#1582424)\n- RHEL: qemu: Add check for unpriv sgio for SCSI generic host device (rhbz#1582424)\n- qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656362)\n- qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656362)\n[4.5.0-16]\n- util: Don't overflow in virRandomBits (rhbz#1655586)\n- virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1655586)\n- spec: remove libcgroup and cgconfig (rhbz#1602407)\n- qemu: Drop duplicated code from qemuDomainDefValidateFeatures() (rhbz#1647822)\n- tests: Add capabilities data for QEMU 3.1.0 on ppc64 (rhbz#1647822)\n- qemu: Introduce QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV (rhbz#1647822)\n- conf: Parse and format nested-hv feature (rhbz#1647822)\n- qemu: Format nested-hv feature on the command line (rhbz#1647822)\n- qemu: Add check for whether KVM nesting is enabled (rhbz#1645139)\n- secret: Add check/validation for correct usage when LookupByUUID (rhbz#1656255)\n- cpu: Add support for 'stibp' x86_64 feature (rhbz#1655032)\n[4.5.0-15]\n- virfile: Take symlink into account in virFileIsSharedFixFUSE (rhbz#1634782)\n- qemu: Ignore nwfilter binding instantiation issues during reconnect (rhbz#1648544)\n- qemu: Set identity for the reconnect all thread (rhbz#1648546)\n- Revert 'access: Modify the VIR_ERR_ACCESS_DENIED to include driverName' (rhbz#1631608)\n- access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608)\n- qemu: add vfio-ap capability (rhbz#1508146)\n- qemu: vfio-ap device support (rhbz#1508146)\n- qemu: Extract MDEV VFIO PCI validation code into a separate helper (rhbz#1508146)\n- conf: Move VFIO AP validation from post parse to QEMU validation code (rhbz#1508146)\n- qemu: Fix post-copy migration on the source (rhbz#1649169)\n[4.5.0-14]\n- storage: Remove secretPath from _virStorageBackendQemuImgInfo (rhbz#1645459)\n- storage: Allow for inputvol to have any format for encryption (rhbz#1645459)\n- storage: Allow inputvol to be encrypted (rhbz#1645459)\n- access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608)\n- docs: Enhance polkit documentation to describe secondary connection (rhbz#1631608)\n- qemu: Don't ignore resume events (rhbz#1634758, rhbz#1643338)\n[4.5.0-13]\n- Revert 'spec: Temporarily drop gluster support' (rhbz#1599339)\n[4.5.0-12]\n- RHEL: Require firewalld-filesystem for firewalld rpm macros (rhbz#1639932)\n[4.5.0-11]\n- virfile: fix cast-align error (rhbz#1634782)\n- virfiletest: Fix test name prefix for virFileInData test (rhbz#1634782)\n- virfiletst: Test virFileIsSharedFS (rhbz#1634782)\n- virFileIsSharedFSType: Detect direct mount points (rhbz#1634782)\n- virfile: Rework virFileIsSharedFixFUSE (rhbz#1634782)\n- RHEL: network: regain guest network connectivity after firewalld switch to nftables (rhbz#1638864)\n[4.5.0-10]\n- conf: Fix check for chardev source path (rhbz#1609723)\n- tests: Reuse qemucapabilities data for qemucaps2xml (rhbz#1629862)\n- tests: Add more tests to qemucaps2xml (rhbz#1629862)\n- qemu: Drop QEMU_CAPS_ENABLE_KVM (rhbz#1629862)\n- qemu: Avoid probing non-native binaries all the time (rhbz#1629862)\n- qemu: Clarify QEMU_CAPS_KVM (rhbz#1629862)\n- qemu: Don't check for /dev/kvm presence (rhbz#1629862)\n- tests: Follow up on qemucaps2xmldata rename (rhbz#1629862)\n- security: dac: also label listen UNIX sockets (rhbz#1634775)\n- spec: Set correct TLS priority (rhbz#1632269)\n- spec: Build ceph and gluster support everywhere (rhbz#1599546)\n- virsh: Require explicit --domain for domxml-to-native (rhbz#1634769)\n- virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1634782)\n- qemu: fix up permissions for pre-created UNIX sockets (rhbz#1634775)\n- cpu_map: Add features for Icelake CPUs (rhbz#1527657, rhbz#1526625)\n- cpu_map: Add Icelake CPU models (rhbz#1526625)\n- qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT (rhbz#1634758)\n- qemu: Report more appropriate running reasons (rhbz#1634758)\n- qemu: Pass running reason to RESUME event handler (rhbz#1634758)\n- qemu: Map running reason to resume event detail (rhbz#1634758)\n- qemu: Avoid duplicate resume events and state changes (rhbz#1634758)\n- conf: qemu: add support for Hyper-V frequency MSRs (rhbz#1589702)\n- conf: qemu: add support for Hyper-V reenlightenment notifications (rhbz#1589702)\n- conf: qemu: add support for Hyper-V PV TLB flush (rhbz#1589702)\n[4.5.0-9]\n- RHEL: Fix virConnectGetMaxVcpus output (rhbz#1582222)\n- storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1622534)\n- access: Fix nwfilter-binding ACL access API name generation (rhbz#1622540)\n- conf: Add validation of input devices (rhbz#1591240)\n- tests: qemu: Remove disk from graphics-vnc-tls (rhbz#1598167)\n- tests: qemu: test more versions for graphics-vnc-tls (rhbz#1598167)\n- qemu: vnc: switch to tls-creds-x509 (rhbz#1598167)\n- qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624740)\n- virDomainDefCompatibleDevice: Relax alias change check (rhbz#1603133)\n- virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1603133)\n- virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623158)\n- RHEL: spec: Require python3-devel on RHEL-8 (rhbz#1518446)\n- qemu: monitor: Remove qemuMonitorJSONExtractCPUArchInfo wrapper (rhbz#1598829)\n- qemu: monitor: Use 'target' instead of 'arch' in reply of 'query-cpus-fast' (rhbz#1598829)\n[4.5.0-8]\n- tests: Add missing thread_siblings_list files (rhbz#1608479)\n- util: Rewrite virHostCPUCountThreadSiblings() (rhbz#1608479)\n- utils: Remove arbitrary limit on socket_id/core_id (rhbz#1608479)\n- tests: Add linux-high-ids test (rhbz#1608479)\n- qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618680)\n- tests: rename hugepages to hugepages-default (rhbz#1615461)\n- tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1615461)\n- tests: rename hugepages-numa into hugepages-numa-default (rhbz#1615461)\n- tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1615461)\n- tests: extract pages-discard out of hugepages-pages (rhbz#1615461)\n- tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1615461)\n- tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1615461)\n- tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1615461)\n- tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1615461)\n- tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1615461)\n- tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1615461)\n- tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1615461)\n- tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1615461)\n- tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1615461)\n- tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1615461)\n- tests: introduce hugepages-nodeset (rhbz#1615461)\n- conf: Move hugepage XML validation check out of qemu_command (rhbz#1615461)\n- conf: Move hugepages validation out of XML parser (rhbz#1615461)\n- conf: Introduce virDomainDefPostParseMemtune (rhbz#1615461)\n- tests: sev: Test launch-security with specific QEMU version (rhbz#1619150)\n- qemu: Fix probing of AMD SEV support (rhbz#1619150)\n- qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1619150)\n- conf: Parse guestfwd channel device info again (rhbz#1610072)\n[4.5.0-7]\n- qemu_migration: Avoid writing to freed memory (rhbz#1615854)\n[4.5.0-6]\n- qemu: Exempt video model 'none' from getting a PCI address on Q35\n- conf: Fix a error msg typo in virDomainVideoDefValidate\n[4.5.0-5]\n- esx storage: Fix typo lsilogic -> lsiLogic\n- networkGetDHCPLeases: Don't always report error if unable to read leases file\n- nwfilter: Resolve SEGV for NWFilter Snoop processing\n- qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs\n- qemuDomainSaveMemory: Don't enforce dynamicOwnership\n- domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl\n- examples: Add clean-traffic-gateway into nwfilters\n[4.5.0-4]\n- qemu: hotplug: don't overwrite error message in qemuDomainAttachNetDevice\n- qemu: hotplug: report error when changing rom enabled attr for net iface\n- qemu: Fix setting global_period cputune element\n- tests: qemucaps: Add test data for upcoming qemu 3.0.0\n- qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend\n- qemu: command: Move graphics iteration to its own function\n- qemu: address: Handle all the video devices within a single loop\n- conf: Introduce virDomainVideoDefClear helper\n- conf: Introduce virDomainDefPostParseVideo helper\n- qemu: validate: Enforce compile time switch type checking for videos\n- tests: Add capabilities data for QEMU 2.11 x86_64\n- tests: Update capabilities data for QEMU 3.0.0 x86_64\n- qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc\n- qemu: caps: Introduce a capability for egl-headless\n- qemu: Introduce a new graphics display type 'headless'\n- qemu: caps: Add vfio-pci.display capability\n- conf: Introduce virDomainGraphicsDefHasOpenGL helper\n- conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys\n- conf: Introduce new \n attribute 'display'\n- qemu: command: Enable formatting vfio-pci.display option onto cmdline\n- docs: Rephrase the mediated devices hostdev section a bit\n- conf: Introduce new video type 'none'\n- virt-xml-validate: Add schema for nwfilterbinding\n- tools: Fix typo generating adapter_wwpn field\n- src: Fix memory leak in virNWFilterBindingDispose\n[4.5.0-3]\n- qemu: hotplug: Do not try to add secret object for TLS if it does not exist\n- qemu: monitor: Make qemuMonitorAddObject more robust against programming errors\n- spec: Explicitly require matching libvirt-libs\n- virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash\n- qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one\n- qemuDomainValidateStorageSource: Relax PR validation\n- virStoragePRDefFormat: Suppress path formatting for migratable XML\n- qemu: Wire up PR_MANAGER_STATUS_CHANGED event\n- qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo\n- qemu: Fetch pr-helper process info on reconnect\n- qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject\n- virsh.pod: Fix a command name typo in nwfilter-binding-undefine\n- docs: schema: Add missing \n to vsock device\n- virnetdevtap: Don't crash on !ifname in virNetDevTapInterfaceStats\n- tests: fix TLS handshake failure with TLS 1.3\n[4.5.0-2]\n- qemu: Add capability for the HTM pSeries feature\n- conf: Parse and format the HTM pSeries feature\n- qemu: Format the HTM pSeries feature\n- qemu: hotplug: Don't access srcPriv when it's not allocated\n- qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE\n- src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs\n- virsh.pod: Drop --persistent for detach-device-alias\n- qemu: don't use chardev FD passing with standalone args\n- qemu: remove chardevStdioLogd param from vhostuser code path\n- qemu: consolidate parameters of qemuBuildChrChardevStr into flags\n- qemu: don't use chardev FD passing for vhostuser backend\n- qemu: fix UNIX socket chardevs operating in client mode\n- qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set\n- spec: Temporarily drop gluster support\n[4.5.0-1]\n- Rebased to libvirt-4.5.0\n[4.3.0-1]\n- Rebased to libvirt-4.3.0\n[4.1.0-2]\n- Fix systemd macro argument with line continuations (rhbz#1558648)\n[4.1.0-1]\n- Rebase to version 4.1.0\n[4.0.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[4.0.0-1]\n- Rebase to version 4.0.0\n[3.10.0-2]\n- Rebuild for xen 4.10\n[3.10.0-1]\n- Rebase to version 3.10.0\n[3.9.0-1]\n- Rebase to version 3.9.0\n[3.8.0-1]\n- Rebase to version 3.8.0\n[3.7.0-1]\n- Rebase to version 3.7.0\n[3.6.0-1]\n- Rebase to version 3.6.0\n[3.5.0-4]\n- Rebuild with binutils fix for ppc64le (#1475636)\n[3.5.0-3]\n- Disabled RBD on i386, arm, ppc64 (rhbz #1474743)\n[3.5.0-2]\n- Rebuild for xen 4.9\n[3.5.0-1]\n- Rebase to version 3.5.0\n[3.4.0-1]\n- Rebase to version 3.4.0\n[3.3.0-1]\n- Rebase to version 3.3.0\n[3.2.0-1]\n- Rebase to version 3.2.0\n[3.1.0-1]\n- Rebase to version 3.1.0\n[3.0.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[3.0.0-1]\n- Rebase to version 3.0.0\nlibvirt-dbus\nlibvirt-python\nnbdkit\nnetcf\n[0.2.8-12]\n- Resolves: rhbz#1602628\nperl-Sys-Virt\nqemu-kvm\n[2.12.0-88.0.1.el8_1_0.2]\n- Added bug30251155-remove-upstream-reference [Orabug: 30251155]\n[2.12.0-88.el8_1_0.2]\n- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771970]\n- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771970]\n- Resolves: bz#1771970\n (CVE-2019-11135 virt:rhel/qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-8.1.0.z])\n[2.12.0-88.el8_1_0.1]\n- kvm-s390-PCI-fix-IOMMU-region-init.patch [bz#1764829]\n- Resolves: bz#1764829\n (RHEL8.1 Snapshot3 - Passthrough PCI card goes into error state if used in domain (kvm) [rhel-8.1.0.z])\n[2.12.0-88.el8]\n- Revert fix for bz#1749724 - this got delayed to 8.2\n (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-8])\n[2.12.0-86.el8]\n- kvm-Do-not-run-iotests-on-brew-build.patch [bz#1742819]\n- kvm-target-ppc-spapr-Add-workaround-option-to-SPAPR_CAP_.patch [bz#1744415]\n- kvm-target-ppc-spapr-Add-SPAPR_CAP_CCF_ASSIST.patch [bz#1744415]\n- kvm-i386-x86_cpu_list_feature_names-function.patch [bz#1747185]\n- kvm-i386-unavailable-features-QOM-property.patch [bz#1747185]\n- kvm-file-posix-Handle-undetectable-alignment.patch [bz#1738839]\n- kvm-iotests-Tweak-221-sizing-for-different-hole-granular.patch [bz#1738839]\n- kvm-iotests-Filter-175-s-allocation-information.patch [bz#1738839]\n- kvm-block-posix-Always-allocate-the-first-block.patch [bz#1738839]\n- kvm-iotests-Test-allocate_first_block-with-O_DIRECT.patch [bz#1738839]\n- Resolves: bz#1738839\n (I/O error when virtio-blk disk is backed by a raw image on 4k disk)\n- Resolves: bz#1742819\n (Remove iotests from qemu-kvm builds [RHEL 8.1.0])\n- Resolves: bz#1744415\n (Backport support for count cache flush Spectre v2 mitigation [slow train])\n- Resolves: bz#1747185\n ('filtered-features' QOM property is not available)\n[2.12.0-85.el8]\n- kvm-console-Avoid-segfault-in-screendump.patch [bz#1684383]\n- kvm-usb-hub-clear-suspend-on-detach.patch [bz#1619661]\n- kvm-qemu-img-fix-regression-copying-secrets-during-conve.patch [bz#1727821]\n- Resolves: bz#1619661\n (the attach hub on one hub still exits in device manager after unhotplug)\n- Resolves: bz#1684383\n (qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer)\n- Resolves: bz#1727821\n (Failed to convert a source image to the qcow2 image encrypted by luks)\n[2.12.0-84.el8]\n- kvm-vnc-detect-and-optimize-pageflips.patch [bz#1727033]\n- kvm-block-backend-Make-blk_inc-dec_in_flight-public.patch [bz#1716349]\n- kvm-virtio-blk-Increase-in_flight-for-request-restart-BH.patch [bz#1716349]\n- kvm-block-Fix-AioContext-switch-for-drained-node.patch [bz#1716349]\n- kvm-test-bdrv-drain-AioContext-switch-in-drained-section.patch [bz#1716349]\n- kvm-block-Use-normal-drain-for-bdrv_set_aio_context.patch [bz#1716349]\n- kvm-block-Fix-AioContext-switch-for-bs-drv-NULL.patch [bz#1716347]\n- kvm-iothread-fix-crash-with-invalid-properties.patch [bz#1687541]\n- kvm-iothread-replace-init_done_cond-with-a-semaphore.patch [bz#1687541]\n- kvm-RHEL-disable-hostmem-memfd.patch [bz#1740797]\n- Resolves: bz#1687541\n (qemu aborted when start guest with a big iothreads)\n- Resolves: bz#1716347\n (Qemu Core dump when quit vm that's in status 'paused(io-error)' with data plane enabled)\n- Resolves: bz#1716349\n (qemu with iothreads enabled crashes on resume after enospc pause for disk extension)\n- Resolves: bz#1727033\n (vnc server should detect page-flips and avoid sending fullscreen updates then.)\n- Resolves: bz#1740797\n (Disable memfd in QEMU)\n[2.12.0-83.el8]\n- kvm-hw-block-pflash_cfi01-Add-missing-DeviceReset-handle.patch [bz#1707192]\n- kvm-block-file-posix-Unaligned-O_DIRECT-block-status.patch [bz#1678979]\n- kvm-iotests-Test-unaligned-raw-images-with-O_DIRECT.patch [bz#1678979]\n- kvm-nbd-client-Lower-min_block-for-block-status-unaligne.patch [bz#1678979]\n- kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch [bz#1678979]\n- kvm-nbd-client-Support-qemu-img-convert-from-unaligned-s.patch [bz#1678979]\n- kvm-block-Add-bdrv_get_request_alignment.patch [bz#1678979]\n- kvm-nbd-server-Advertise-actual-minimum-block-size.patch [bz#1678979]\n- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1727642]\n- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1727642]\n- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1727642]\n- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1727642]\n- kvm-tap-set-vhostfd-passed-from-qemu-cli-to-non-blocking.patch [bz#1732642]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734751]\n- Resolves: bz#1678979\n (qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion ret == cpu->kvm_msr_buf->nmsrs' failed.)\n[2.12.0-71.el8]\n- kvm-s390-bios-Skip-bootmap-signature-entries.patch [bz#1683275]\n- Resolves: bz#1683275\n ([IBM 8.1 FEAT] KVM: Secure Linux Boot Toleration (qemu))\n[2.12.0-70.el8]\n- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-for-WBNOINVD.patch [bz#1561761]\n- kvm-i386-Add-new-CPU-model-Icelake-Server-Client.patch [bz#1561761]\n- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1561761]\n- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1561761]\n- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1561761]\n- kvm-i386-remove-the-new-CPUID-PCONFIG-from-Icelake-Serve.patch [bz#1561761]\n- kvm-Revert-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761]\n- Resolves: bz#1561761\n ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model)\n[2.12.0-69.el8]\n- kvm-tests-crypto-Use-the-IEC-binary-prefix-definitions.patch [bz#1680231]\n- kvm-crypto-expand-algorithm-coverage-for-cipher-benchmar.patch [bz#1680231]\n- kvm-crypto-remove-code-duplication-in-tweak-encrypt-decr.patch [bz#1680231]\n- kvm-crypto-introduce-a-xts_uint128-data-type.patch [bz#1680231]\n- kvm-crypto-convert-xts_tweak_encdec-to-use-xts_uint128-t.patch [bz#1680231]\n- kvm-crypto-convert-xts_mult_x-to-use-xts_uint128-type.patch [bz#1680231]\n- kvm-crypto-annotate-xts_tweak_encdec-as-inlineable.patch [bz#1680231]\n- kvm-crypto-refactor-XTS-cipher-mode-test-suite.patch [bz#1680231]\n- kvm-crypto-add-testing-for-unaligned-buffers-with-XTS-ci.patch [bz#1680231]\n- Resolves: bz#1680231\n (severe performance impact using luks format)\n[2.12.0-68.el8]\n- kvm-s390x-ipl-Try-to-detect-Linux-vs-non-Linux-for-initi.patch [bz#1699070]\n- kvm-loader-Check-access-size-when-calling-rom_ptr-to-avo.patch [bz#1699070]\n- kvm-hw-s390x-Use-the-IEC-binary-prefix-definitions.patch [bz#1699070]\n- kvm-s390x-storage-attributes-fix-CMMA_BLOCK_SIZE-usage.patch [bz#1699070]\n- kvm-s390x-cpumodel-fix-segmentation-fault-when-baselinin.patch [bz#1699070]\n- kvm-hw-s390x-s390-pci-bus-Convert-sysbus-init-function-t.patch [bz#1699070]\n- kvm-s390x-pci-properly-fail-if-the-zPCI-device-cannot-be.patch [bz#1699070]\n- kvm-s390x-pci-rename-hotplug-handler-callbacks.patch [bz#1699070]\n- kvm-s390-avoid-potential-null-dereference-in-s390_pcihos.patch [bz#1699070]\n- kvm-s390x-pci-Send-correct-event-on-hotplug.patch [bz#1699070]\n- kvm-s390x-pci-Set-the-iommu-region-size-mpcifc-request.patch [bz#1699070]\n- kvm-s390x-pci-Always-delete-and-free-the-release_timer.patch [bz#1699070]\n- kvm-s390x-pci-Ignore-the-unplug-call-if-we-already-have-.patch [bz#1699070]\n- kvm-s390x-pci-Use-hotplug_dev-instead-of-looking-up-the-.patch [bz#1699070]\n- kvm-s390x-pci-Move-some-hotplug-checks-to-the-pre_plug-h.patch [bz#1699070]\n- kvm-s390x-pci-Introduce-unplug-requests-and-split-unplug.patch [bz#1699070]\n- kvm-s390x-pci-Drop-release-timer-and-replace-it-with-a-f.patch [bz#1699070]\n- kvm-s390x-pci-mark-zpci-devices-as-unmigratable.patch [bz#1699070]\n- kvm-s390x-pci-Fix-primary-bus-number-for-PCI-bridges.patch [bz#1699070]\n- kvm-s390x-pci-Fix-hotplugging-of-PCI-bridges.patch [bz#1699070]\n- kvm-s390x-pci-Warn-when-adding-PCI-devices-without-the-z.patch [bz#1699070]\n- kvm-s390x-pci-Unplug-remaining-requested-devices-on-pcih.patch [bz#1699070]\n- kvm-s390x-refactor-reset-reipl-handling.patch [bz#1699070]\n- kvm-s390-ipl-fix-ipl-with-no-reboot.patch [bz#1699070]\n- Resolves: bz#1699070\n (Backport s390x-related fixes for qemu-kvm)\n[2.12.0-67.el8]\n- kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693116]\n- Resolves: bz#1693116\n (CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-8.0])\n[2.12.0-66.el8]\n- kvm-iotests-153-Fix-dead-code.patch [bz#1694148]\n- kvm-file-posix-Include-filename-in-locking-error-message.patch [bz#1694148]\n- kvm-file-posix-Skip-effectiveless-OFD-lock-operations.patch [bz#1694148]\n- kvm-file-posix-Drop-s-lock_fd.patch [bz#1694148]\n- kvm-tests-Add-unit-tests-for-image-locking.patch [bz#1694148]\n- kvm-file-posix-Fix-shared-locks-on-reopen-commit.patch [bz#1694148]\n- kvm-iotests-Test-file-posix-locking-and-reopen.patch [bz#1694148]\n- kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch [bz#1694148]\n- kvm-hostmem-file-remove-object-id-from-pmem-error-messag.patch [bz#1687596]\n- kvm-redhat-setting-target-release-to-rhel-8.1.0.patch []\n- kvm-redhat-removing-iotest-182.patch []\n- Resolves: bz#1687596\n ([Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL))\n- Resolves: bz#1694148\n (QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks)\n[2.12.0-65.el8]\n- kvm-s390x-cpumodel-mepochptff-warn-when-no-mepoch-and-re.patch [bz#1664371]\n- kvm-s390x-cpumodel-add-z14-GA2-model.patch [bz#1664371]\n- kvm-redhat-s390x-cpumodel-enable-mepoch-by-default-for-z.patch [bz#1664371]\n- kvm-intel_iommu-fix-operator-in-vtd_switch_address_space.patch [bz#1662272]\n- kvm-intel_iommu-reset-intr_enabled-when-system-reset.patch [bz#1662272]\n- kvm-pci-msi-export-msi_is_masked.patch [bz#1662272]\n- kvm-i386-kvm-ignore-masked-irqs-when-update-msi-routes.patch [bz#1662272]\n- Resolves: bz#1662272\n (Boot guest with device assignment+vIOMMU, qemu prompts 'vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0' when first rebooting guest)\n- Resolves: bz#1664371\n ([IBM 8.1 FEAT] Update hardware CPU Model z14 (kvm) - qemu part)\n[2.12.0-64.el8]\n- kvm-doc-fix-the-configuration-path.patch [bz#1645411]\n- kvm-Increase-number-of-iotests-being-run-as-a-part-of-RH.patch [bz#1664463]\n- kvm-Load-kvm-module-during-boot.patch [bz#1676907 bz#1685995]\n- kvm-qemu-kvm.spec.template-Update-pyton-path-to-system-i.patch []\n- Resolves: bz#1645411\n (the 'fsfreeze-hook' script path shown by command 'qemu-ga --help' or 'man qemu-ga' is wrong)\n- Resolves: bz#1664463\n (Modify iotest behavior to include luks and nbd and fail build if iotests fail)\n- Resolves: bz#1676907\n (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt)\n- Resolves: bz#1685995\n (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt)\n[2.12.0-63.el8]\n- kvm-scsi-generic-avoid-possible-out-of-bounds-access-to-.patch [bz#1668162]\n- Resolves: bz#1668162\n (CVE-2019-6501 qemu-kvm: QEMU: scsi-generic: possible OOB access while handling inquiry request [rhel-8])\n[2.12.0-62.el8]\n- kvm-slirp-check-data-length-while-emulating-ident-functi.patch [bz#1669069]\n- Resolves: bz#1669069\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-8.0])\n[2.12.0-61.el8]\n- kvm-qemu-ga-make-get-fsinfo-work-over-pci-bridges.patch [bz#1666952]\n- kvm-qga-fix-driver-leak-in-guest-get-fsinfo.patch [bz#1666952]\n- Resolves: bz#1666952\n (qemu-guest-agent does not parse PCI bridge links in 'build_guest_fsinfo_for_real_device' (q35))\n[2.12.0-60.el8]\n- kvm-ne2000-fix-possible-out-of-bound-access-in-ne2000_re.patch [bz#1636784]\n- kvm-rtl8139-fix-possible-out-of-bound-access.patch [bz#1636784]\n- kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636784]\n- kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636784]\n- kvm-net-drop-too-large-packet-early.patch [bz#1636784]\n- kvm-net-hub-suppress-warnings-of-no-host-network-for-qte.patch [bz#1636784]\n- kvm-virtio-net-test-accept-variable-length-argument-in-p.patch [bz#1636784]\n- kvm-virtio-net-test-remove-unused-macro.patch [bz#1636784]\n- kvm-virtio-net-test-add-large-tx-buffer-test.patch [bz#1636784]\n- kvm-s390x-Return-specification-exception-for-unimplement.patch [bz#1668261]\n- kvm-cpus-ignore-ESRCH-in-qemu_cpu_kick_thread.patch [bz#1665844]\n- Resolves: bz#1636784\n (CVE-2018-17963 qemu-kvm: Qemu: net: ignore packets with large size [rhel-8])\n- Resolves: bz#1665844\n (Guest quit with error when hotunplug cpu)\n- Resolves: bz#1668261\n ([RHEL8] Backport diag308 stable exception fix (qemu-kvm))\n[2.12.0-59.el8]\n- kvm-hw-scsi-cleanups-before-VPD-BL-emulation.patch [bz#1639957]\n- kvm-hw-scsi-centralize-SG_IO-calls-into-single-function.patch [bz#1639957]\n- kvm-hw-scsi-add-VPD-Block-Limits-emulation.patch [bz#1639957]\n- kvm-scsi-disk-Block-Device-Characteristics-emulation-fix.patch [bz#1639957]\n- kvm-scsi-generic-keep-VPD-page-list-sorted.patch [bz#1639957]\n- kvm-scsi-generic-avoid-out-of-bounds-access-to-VPD-page-.patch [bz#1639957]\n- kvm-scsi-generic-avoid-invalid-access-to-struct-when-emu.patch [bz#1639957]\n- kvm-scsi-generic-do-not-do-VPD-emulation-for-sense-other.patch [bz#1639957]\n- Resolves: bz#1639957\n ([RHEL.8] scsi host device passthrough limits IO writes - slow train)\n[2.12.0-58.el8]\n- kvm-block-Update-flags-in-bdrv_set_read_only.patch [bz#1644996]\n- kvm-block-Add-auto-read-only-option.patch [bz#1644996]\n- kvm-rbd-Close-image-in-qemu_rbd_open-error-path.patch [bz#1644996]\n- kvm-block-Require-auto-read-only-for-existing-fallbacks.patch [bz#1644996]\n- kvm-nbd-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-file-posix-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-curl-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-gluster-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-iscsi-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-block-Make-auto-read-only-on-default-for-drive.patch [bz#1644996]\n- kvm-qemu-iotests-Test-auto-read-only-with-drive-and-bloc.patch [bz#1644996]\n- kvm-block-Fix-update-of-BDRV_O_AUTO_RDONLY-in-update_fla.patch [bz#1644996]\n- kvm-qemu-img-Add-C-option-for-convert-with-copy-offloadi.patch [bz#1623082]\n- kvm-iotests-Add-test-for-qemu-img-convert-C-compatibilit.patch [bz#1623082]\n- Resolves: bz#1623082\n ([rhel.8.0]Target files for 'qemu-img convert' do not support thin_provisoning with iscsi/nfs backend)\n- Resolves: bz#1644996\n (block-commit can't be used with -blockdev)\n[2.12.0-57.el8]\n- kvm-qemu-kvm.spec.template-Update-files-for-tests-rpm-to.patch [bz#1601107]\n[2.12.0-56.el8]\n- kvm-Run-iotests-as-part-of-the-build-process.patch [bz#1661026]\n- kvm-Introduce-the-qemu-kvm-tests-rpm.patch [bz#1601107]\n- Resolves: bz#1601107\n (qemu-kvm packaging: make running qemu-iotests more robust)\n- Resolves: bz#1661026\n (Run iotests as part of build process)\n[2.12.0-55.el8]\n- kvm-block-Don-t-inactivate-children-before-parents.patch [bz#1659395]\n- kvm-iotests-Test-migration-with-blockdev.patch [bz#1659395]\n- Resolves: bz#1659395\n (src qemu core dump when do migration ( block device node-name changed after change cdrom) - Slow Train)\n[2.12.0-54.el8]\n- kvm-s390x-tcg-avoid-overflows-in-time2tod-tod2time.patch [bz#1653569]\n- kvm-s390x-kvm-pass-values-instead-of-pointers-to-kvm_s39.patch [bz#1653569]\n- kvm-s390x-tod-factor-out-TOD-into-separate-device.patch [bz#1653569]\n- kvm-s390x-tcg-drop-tod_basetime.patch [bz#1653569]\n- kvm-s390x-tcg-properly-implement-the-TOD.patch [bz#1653569]\n- kvm-s390x-tcg-SET-CLOCK-COMPARATOR-can-clear-CKC-interru.patch [bz#1653569]\n- kvm-s390x-tcg-implement-SET-CLOCK.patch [bz#1653569]\n- kvm-s390x-tcg-rearm-the-CKC-timer-during-migration.patch [bz#1653569]\n- kvm-s390x-tcg-fix-locking-problem-with-tcg_s390_tod_upda.patch [bz#1653569]\n- kvm-hw-s390x-Include-the-tod-qemu-also-for-builds-with-d.patch [bz#1653569]\n- kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1653569]\n- kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1653569]\n- kvm-migration-discard-non-migratable-RAMBlocks.patch [bz#1539285]\n- kvm-vfio-pci-do-not-set-the-PCIDevice-has_rom-attribute.patch [bz#1539285]\n- kvm-memory-exec-Expose-all-memory-block-related-flags.patch [bz#1539285]\n- kvm-memory-exec-switch-file-ram-allocation-functions-to-.patch [bz#1539285]\n- kvm-configure-add-libpmem-support.patch [bz#1539285]\n- kvm-hostmem-file-add-the-pmem-option.patch [bz#1539285]\n- kvm-mem-nvdimm-ensure-write-persistence-to-PMEM-in-label.patch [bz#1539285]\n- kvm-migration-ram-Add-check-and-info-message-to-nvdimm-p.patch [bz#1539285]\n- kvm-migration-ram-ensure-write-persistence-on-loading-al.patch [bz#1539285]\n- Resolves: bz#1539285\n ([Intel 8.0 Bug] [KVM][Crystal Ridge] Lack of data persistence guarantee of QEMU writes to host PMEM)\n- Resolves: bz#1653569\n (Stress guest and stop it, then do live migration, guest hit call trace on destination end)\n[2.12.0-53.el8]\n- kvm-ui-add-qapi-parser-for-display.patch [bz#1652871]\n- kvm-ui-switch-trivial-displays-to-qapi-parser.patch [bz#1652871]\n- kvm-qapi-Add-rendernode-display-option-for-egl-headless.patch [bz#1652871]\n- kvm-ui-Allow-specifying-rendernode-display-option-for-eg.patch [bz#1652871]\n- kvm-qapi-add-query-display-options-command.patch [bz#1652871]\n- Resolves: bz#1652871\n (QEMU doesn't expose rendernode option for egl-headless display type)\n[2.12.0-52.el8]\n- kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276]\n- Resolves: bz#1654276\n (qemu-kvm: Should depend on the architecture-appropriate guest firmware)\n[2.12.0-51.el8]\n- kvm-x86-host-phys-bits-limit-option.patch [bz#1598284]\n- kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1598284]\n- kvm-i386-do-not-migrate-MSR_SMI_COUNT-on-machine-types-2.patch [bz#1659565]\n- kvm-pc-x-migrate-smi-count-to-PC_RHEL_COMPAT.patch [bz#1659565]\n- kvm-slow-train-kvm-clear-out-KVM_ASYNC_PF_DELIVERY_AS_PF.patch [bz#1656829]\n- Resolves: bz#1598284\n ([Intel 8.0 Alpha] physical bits should < 48 when host with 5level paging &EPT5 and qemu command with '-cpu qemu64' parameters.)\n- Resolves: bz#1656829\n (8->7 migration failed: qemu-kvm: error: failed to set MSR 0x4b564d02 to 0x27fc13285)\n- Resolves: bz#1659565\n (machine type: required compat flag x-migrate-smi-count=off)\n[2.12.0-51]\n- kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276]\n- Resolves: bz#1654276\n (qemu-kvm: Should depend on the architecture-appropriate guest firmware)\n[-]\n- kvm-redhat-enable-tpmdev-passthrough.patch [bz#1654486]\n- Resolves: bz#1654486\n ([RFE] enable TPM passthrough at compile time (qemu-kvm))\n[qemu-kvm-2.12.0-48]\n- kvm-redhat-use-autopatch-instead-of-PATCHAPPLY.patch [bz#1613128]\n- kvm-redhat-Removing-some-unused-build-flags-in-the-spec-.patch [bz#1613128]\n- kvm-redhat-Fixing-rhev-ma-conflicts.patch [bz#1613126]\n- kvm-redhat-Remove-_smp_mflags-cleanup-workaround-for-s39.patch [bz#1613128]\n- kvm-redhat-Removing-dead-code-from-the-spec-file.patch [bz#1613128]\n- kvm-i386-Add-stibp-flag-name.patch [bz#1639446]\n- kvm-Add-functional-acceptance-tests-infrastructure.patch [bz#1655807]\n- kvm-scripts-qemu.py-allow-adding-to-the-list-of-extra-ar.patch [bz#1655807]\n- kvm-Acceptance-tests-add-quick-VNC-tests.patch [bz#1655807]\n- kvm-scripts-qemu.py-introduce-set_console-method.patch [bz#1655807]\n- kvm-Acceptance-tests-add-Linux-kernel-boot-and-console-c.patch [bz#1655807]\n- kvm-Bootstrap-Python-venv-for-tests.patch [bz#1655807]\n- kvm-Acceptance-tests-add-make-rule-for-running-them.patch [bz#1655807]\n- Resolves: bz#1613126\n (Check and fix qemu-kvm-rhev and qemu-kvm-ma conflicts in qemu-kvm for rhel-8)\n- Resolves: bz#1613128\n (Spec file clean up)\n- Resolves: bz#1639446\n (Cross migration from RHEL7.5 to RHEL8 shouldn't fail with cpu flag stibp [qemu-kvm])\n- Resolves: bz#1655807\n (Backport avocado-qemu tests for QEMU 2.12)\n[qemu-kvm-2.12.0-47]\n- kvm-Disable-CONFIG_IPMI-and-CONFIG_I2C-for-ppc64.patch [bz#1640044]\n- kvm-Disable-CONFIG_CAN_BUS-and-CONFIG_CAN_SJA1000.patch [bz#1640042]\n- Resolves: bz#1640042\n (Disable CONFIG_CAN_BUS and CONFIG_CAN_SJA1000 config switches)\n- Resolves: bz#1640044\n (Disable CONFIG_I2C and CONFIG_IPMI in default-configs/ppc64-softmmu.mak)\n[qemu-kvm-2.12.0-46]\n- kvm-qcow2-Give-the-refcount-cache-the-minimum-possible-s.patch [bz#1656507]\n- kvm-docs-Document-the-new-default-sizes-of-the-qcow2-cac.patch [bz#1656507]\n- kvm-qcow2-Fix-Coverity-warning-when-calculating-the-refc.patch [bz#1656507]\n- kvm-include-Add-IEC-binary-prefixes-in-qemu-units.h.patch [bz#1656507]\n- kvm-qcow2-Options-documentation-fixes.patch [bz#1656507]\n- kvm-include-Add-a-lookup-table-of-sizes.patch [bz#1656507]\n- kvm-qcow2-Make-sizes-more-humanly-readable.patch [bz#1656507]\n- kvm-qcow2-Avoid-duplication-in-setting-the-refcount-cach.patch [bz#1656507]\n- kvm-qcow2-Assign-the-L2-cache-relatively-to-the-image-si.patch [bz#1656507]\n- kvm-qcow2-Increase-the-default-upper-limit-on-the-L2-cac.patch [bz#1656507]\n- kvm-qcow2-Resize-the-cache-upon-image-resizing.patch [bz#1656507]\n- kvm-qcow2-Set-the-default-cache-clean-interval-to-10-min.patch [bz#1656507]\n- kvm-qcow2-Explicit-number-replaced-by-a-constant.patch [bz#1656507]\n- kvm-block-backend-Set-werror-rerror-defaults-in-blk_new.patch [bz#1657637]\n- kvm-qcow2-Fix-cache-clean-interval-documentation.patch [bz#1656507]\n- Resolves: bz#1656507\n ([RHEL.8] qcow2 cache is too small)\n- Resolves: bz#1657637\n (Wrong werror default for -device drive=\n)\n[qemu-kvm-2.12.0-45]\n- kvm-target-ppc-add-basic-support-for-PTCR-on-POWER9.patch [bz#1639069]\n- kvm-linux-headers-Update-for-nested-KVM-HV-downstream-on.patch [bz#1639069]\n- kvm-target-ppc-Add-one-reg-id-for-ptcr.patch [bz#1639069]\n- kvm-ppc-spapr_caps-Add-SPAPR_CAP_NESTED_KVM_HV.patch [bz#1639069]\n- kvm-Re-enable-CONFIG_HYPERV_TESTDEV.patch [bz#1651195]\n- kvm-qxl-use-guest_monitor_config-for-local-renderer.patch [bz#1610163]\n- kvm-Declare-cirrus-vga-as-deprecated.patch [bz#1651994]\n- kvm-Do-not-build-bluetooth-support.patch [bz#1654651]\n- kvm-vfio-helpers-Fix-qemu_vfio_open_pci-crash.patch [bz#1645840]\n- kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1650272]\n- kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1650272]\n- kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1650272]\n- kvm-vfio-ccw-pci-Allow-devices-to-opt-in-for-ballooning.patch [bz#1650272]\n- kvm-vfio-pci-Handle-subsystem-realpath-returning-NULL.patch [bz#1650272]\n- kvm-vfio-pci-Fix-failure-to-close-file-descriptor-on-err.patch [bz#1650272]\n- kvm-postcopy-Synchronize-usage-of-the-balloon-inhibitor.patch [bz#1650272]\n- Resolves: bz#1610163\n (guest shows border blurred screen with some resolutions when qemu boot with -device qxl-vga ,and guest on rhel7.6 has no such question)\n- Resolves: bz#1639069\n ([IBM 8.0 FEAT] POWER9 - Nested virtualization in RHEL8.0 KVM for ppc64le - qemu-kvm side)\n- Resolves: bz#1645840\n (Qemu core dump when hotplug nvme:// drive via -blockdev)\n- Resolves: bz#1650272\n (Ballooning is incompatible with vfio assigned devices, but not prevented)\n- Resolves: bz#1651195\n (Re-enable hyperv-testdev device)\n- Resolves: bz#1651994\n (Declare the 'Cirrus VGA' device emulation of QEMU as deprecated in RHEL8)\n- Resolves: bz#1654651\n (Qemu: hw: bt: keep bt/* objects from building [rhel-8.0])\n[qemu-kvm-2.12.0-44]\n- kvm-block-Make-more-block-drivers-compile-time-configura.patch [bz#1598842 bz#1598842]\n- kvm-RHEL8-Add-disable-configure-options-to-qemu-spec-fil.patch [bz#1598842]\n- Resolves: bz#1598842\n (Compile out unused block drivers)\n[qemu-kvm-2.12.0-43]\n- kvm-configure-add-test-for-libudev.patch [bz#1636185]\n- kvm-qga-linux-report-disk-serial-number.patch [bz#1636185]\n- kvm-qga-linux-return-disk-device-in-guest-get-fsinfo.patch [bz#1636185]\n- kvm-qemu-error-introduce-error-warn-_report_once.patch [bz#1625173]\n- kvm-intel-iommu-start-to-use-error_report_once.patch [bz#1625173]\n- kvm-intel-iommu-replace-more-vtd_err_-traces.patch [bz#1625173]\n- kvm-intel_iommu-introduce-vtd_reset_caches.patch [bz#1625173]\n- kvm-intel_iommu-better-handling-of-dmar-state-switch.patch [bz#1625173]\n- kvm-intel_iommu-move-ce-fetching-out-when-sync-shadow.patch [bz#1625173 bz#1629616]\n- kvm-intel_iommu-handle-invalid-ce-for-shadow-sync.patch [bz#1625173 bz#1629616]\n- kvm-block-remove-bdrv_dirty_bitmap_make_anon.patch [bz#1518989]\n- kvm-block-simplify-code-around-releasing-bitmaps.patch [bz#1518989]\n- kvm-hbitmap-Add-advance-param-to-hbitmap_iter_next.patch [bz#1518989]\n- kvm-test-hbitmap-Add-non-advancing-iter_next-tests.patch [bz#1518989]\n- kvm-block-dirty-bitmap-Add-bdrv_dirty_iter_next_area.patch [bz#1518989]\n- kvm-blockdev-backup-add-bitmap-argument.patch [bz#1518989]\n- kvm-dirty-bitmap-switch-assert-fails-to-errors-in-bdrv_m.patch [bz#1518989]\n- kvm-dirty-bitmap-rename-bdrv_undo_clear_dirty_bitmap.patch [bz#1518989]\n- kvm-dirty-bitmap-make-it-possible-to-restore-bitmap-afte.patch [bz#1518989]\n- kvm-blockdev-rename-block-dirty-bitmap-clear-transaction.patch [bz#1518989]\n- kvm-qapi-add-transaction-support-for-x-block-dirty-bitma.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-add-user_locked-status-checker.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-fix-merge-permissions.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-allow-clear-on-disabled-bitmaps.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-prohibit-enable-disable-on-locke.patch [bz#1518989]\n- kvm-block-backup-prohibit-backup-from-using-in-use-bitma.patch [bz#1518989]\n- kvm-nbd-forbid-use-of-frozen-bitmaps.patch [bz#1518989]\n- kvm-bitmap-Update-count-after-a-merge.patch [bz#1518989]\n- kvm-iotests-169-drop-deprecated-autoload-parameter.patch [bz#1518989]\n- kvm-block-qcow2-improve-error-message-in-qcow2_inactivat.patch [bz#1518989]\n- kvm-bloc-qcow2-drop-dirty_bitmaps_loaded-state-variable.patch [bz#1518989]\n- kvm-dirty-bitmaps-clean-up-bitmaps-loading-and-migration.patch [bz#1518989]\n- kvm-iotests-improve-169.patch [bz#1518989]\n- kvm-iotests-169-add-cases-for-source-vm-resuming.patch [bz#1518989]\n- kvm-pc-dimm-turn-alignment-assert-into-check.patch [bz#1630116]\n- Resolves: bz#1518989\n (RFE: QEMU Incremental live backup)\n- Resolves: bz#1625173\n ([NVMe Device Assignment] Guest could not boot up with q35+iommu)\n- Resolves: bz#1629616\n (boot guest with q35+vIOMMU+ device assignment, qemu terminal shows 'qemu-kvm: VFIO_UNMAP_DMA: -22' when return assigned network devices from vfio driver to ixgbe in guest)\n- Resolves: bz#1630116\n (pc_dimm_get_free_addr: assertion failed: (QEMU_ALIGN_UP(address_space_start, align) == address_space_start))\n- Resolves: bz#1636185\n ([RFE] Report disk device name and serial number (qemu-guest-agent on Linux))\n[2.12.0-42.el8]\n- kvm-luks-Allow-share-rw-on.patch [bz#1629701]\n- kvm-redhat-reenable-gluster-support.patch [bz#1599340]\n- kvm-redhat-bump-libusb-requirement.patch [bz#1627970]\n- Resolves: bz#1599340\n (Reenable glusterfs in qemu-kvm once BZ#1567292 gets fixed)\n- Resolves: bz#1627970\n (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_set_option)\n- Resolves: bz#1629701\n ('share-rw=on' does not work for luks format image - Fast Train)\n[2.12.0-41.el8]\n- kvm-block-rbd-pull-out-qemu_rbd_convert_options.patch [bz#1635585]\n- kvm-block-rbd-Attempt-to-parse-legacy-filenames.patch [bz#1635585]\n- kvm-block-rbd-add-deprecation-documentation-for-filename.patch [bz#1635585]\n- kvm-block-rbd-add-iotest-for-rbd-legacy-keyvalue-filenam.patch [bz#1635585]\n- Resolves: bz#1635585\n (rbd json format of 7.6 is incompatible with 7.5)\n[2.12.0-40.el8]\n- kvm-vnc-call-sasl_server_init-only-when-required.patch [bz#1609327]\n- kvm-nbd-server-fix-NBD_CMD_CACHE.patch [bz#1636142]\n- kvm-nbd-fix-NBD_FLAG_SEND_CACHE-value.patch [bz#1636142]\n- kvm-test-bdrv-drain-bdrv_drain-works-with-cross-AioConte.patch [bz#1637976]\n- kvm-block-Use-bdrv_do_drain_begin-end-in-bdrv_drain_all.patch [bz#1637976]\n- kvm-block-Remove-recursive-parameter-from-bdrv_drain_inv.patch [bz#1637976]\n- kvm-block-Don-t-manually-poll-in-bdrv_drain_all.patch [bz#1637976]\n- kvm-tests-test-bdrv-drain-bdrv_drain_all-works-in-corout.patch [bz#1637976]\n- kvm-block-Avoid-unnecessary-aio_poll-in-AIO_WAIT_WHILE.patch [bz#1637976]\n- kvm-block-Really-pause-block-jobs-on-drain.patch [bz#1637976]\n- kvm-block-Remove-bdrv_drain_recurse.patch [bz#1637976]\n- kvm-test-bdrv-drain-Add-test-for-node-deletion.patch [bz#1637976]\n- kvm-block-Drain-recursively-with-a-single-BDRV_POLL_WHIL.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-node-deletion-in-subtree-recurs.patch [bz#1637976]\n- kvm-block-Don-t-poll-in-parent-drain-callbacks.patch [bz#1637976]\n- kvm-test-bdrv-drain-Graph-change-through-parent-callback.patch [bz#1637976]\n- kvm-block-Defer-.bdrv_drain_begin-callback-to-polling-ph.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-that-bdrv_drain_invoke-doesn-t-.patch [bz#1637976]\n- kvm-block-Allow-AIO_WAIT_WHILE-with-NULL-ctx.patch [bz#1637976]\n- kvm-block-Move-bdrv_drain_all_begin-out-of-coroutine-con.patch [bz#1637976]\n- kvm-block-ignore_bds_parents-parameter-for-drain-functio.patch [bz#1637976]\n- kvm-block-Allow-graph-changes-in-bdrv_drain_all_begin-en.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-graph-changes-in-drain_all-sect.patch [bz#1637976]\n- kvm-block-Poll-after-drain-on-attaching-a-node.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-bdrv_append-to-drained-node.patch [bz#1637976]\n- kvm-block-linux-aio-acquire-AioContext-before-qemu_laio_.patch [bz#1637976]\n- kvm-util-async-use-qemu_aio_coroutine_enter-in-co_schedu.patch [bz#1637976]\n- kvm-job-Fix-nested-aio_poll-hanging-in-job_txn_apply.patch [bz#1637976]\n- kvm-job-Fix-missing-locking-due-to-mismerge.patch [bz#1637976]\n- kvm-blockjob-Wake-up-BDS-when-job-becomes-idle.patch [bz#1637976]\n- kvm-aio-wait-Increase-num_waiters-even-in-home-thread.patch [bz#1637976]\n- kvm-test-bdrv-drain-Drain-with-block-jobs-in-an-I-O-thre.patch [bz#1637976]\n- kvm-test-blockjob-Acquire-AioContext-around-job_cancel_s.patch [bz#1637976]\n- kvm-job-Use-AIO_WAIT_WHILE-in-job_finish_sync.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-AIO_WAIT_WHILE-in-completion-ca.patch [bz#1637976]\n- kvm-block-Add-missing-locking-in-bdrv_co_drain_bh_cb.patch [bz#1637976]\n- kvm-block-backend-Add-.drained_poll-callback.patch [bz#1637976]\n- kvm-block-backend-Fix-potential-double-blk_delete.patch [bz#1637976]\n- kvm-block-backend-Decrease-in_flight-only-after-callback.patch [bz#1637976]\n- kvm-blockjob-Lie-better-in-child_job_drained_poll.patch [bz#1637976]\n- kvm-block-Remove-aio_poll-in-bdrv_drain_poll-variants.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-nested-poll-in-bdrv_drain_poll_.patch [bz#1637976]\n- kvm-job-Avoid-deadlocks-in-job_completed_txn_abort.patch [bz#1637976]\n- kvm-test-bdrv-drain-AIO_WAIT_WHILE-in-job-.commit-.abort.patch [bz#1637976]\n- kvm-test-bdrv-drain-Fix-outdated-comments.patch [bz#1637976]\n- kvm-block-Use-a-single-global-AioWait.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-draining-job-source-child-and-p.patch [bz#1637976]\n- kvm-qemu-img-Fix-assert-when-mapping-unaligned-raw-file.patch [bz#1639374]\n- kvm-iotests-Add-test-221-to-catch-qemu-img-map-regressio.patch [bz#1639374]\n- Resolves: bz#1609327\n (qemu-kvm[37046]: Could not find keytab file: /etc/qemu/krb5.tab: Unknown error 49408)\n- Resolves: bz#1636142\n (qemu NBD_CMD_CACHE flaws impacting non-qemu NBD clients)\n- Resolves: bz#1637976\n (Crashes and hangs with iothreads vs. block jobs)\n- Resolves: bz#1639374\n (qemu-img map 'Aborted (core dumped)' when specifying a plain file)\n[2.12.0-39.el8]\n- kvm-linux-headers-update.patch [bz#1508142]\n- kvm-s390x-cpumodel-Set-up-CPU-model-for-AP-device-suppor.patch [bz#1508142]\n- kvm-s390x-kvm-enable-AP-instruction-interpretation-for-g.patch [bz#1508142]\n- kvm-s390x-ap-base-Adjunct-Processor-AP-object-model.patch [bz#1508142]\n- kvm-s390x-vfio-ap-Introduce-VFIO-AP-device.patch [bz#1508142]\n- kvm-s390-doc-detailed-specifications-for-AP-virtualizati.patch [bz#1508142]\n- Resolves: bz#1508142\n ([IBM 8.0 FEAT] KVM: Guest-dedicated Crypto Adapters - qemu part)\n[2.12.0-38.el8]\n- kvm-Revert-hw-acpi-build-build-SRAT-memory-affinity-stru.patch [bz#1609235]\n- kvm-add-udev-kvm-check.patch [bz#1552663]\n- kvm-aio-posix-Don-t-count-ctx-notifier-as-progress-when-.patch [bz#1623085]\n- kvm-aio-Do-aio_notify_accept-only-during-blocking-aio_po.patch [bz#1623085]\n- kvm-aio-posix-fix-concurrent-access-to-poll_disable_cnt.patch [bz#1632622]\n- kvm-aio-posix-compute-timeout-before-polling.patch [bz#1632622]\n- kvm-aio-posix-do-skip-system-call-if-ctx-notifier-pollin.patch [bz#1632622]\n- kvm-intel-iommu-send-PSI-always-even-if-across-PDEs.patch [bz#1450712]\n- kvm-intel-iommu-remove-IntelIOMMUNotifierNode.patch [bz#1450712]\n- kvm-intel-iommu-add-iommu-lock.patch [bz#1450712]\n- kvm-intel-iommu-only-do-page-walk-for-MAP-notifiers.patch [bz#1450712]\n- kvm-intel-iommu-introduce-vtd_page_walk_info.patch [bz#1450712]\n- kvm-intel-iommu-pass-in-address-space-when-page-walk.patch [bz#1450712]\n- kvm-intel-iommu-trace-domain-id-during-page-walk.patch [bz#1450712]\n- kvm-util-implement-simple-iova-tree.patch [bz#1450712]\n- kvm-intel-iommu-rework-the-page-walk-logic.patch [bz#1450712]\n- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1633928]\n- Resolves: bz#1450712\n (Booting nested guest with vIOMMU, the assigned network devices can not receive packets (qemu))\n- Resolves: bz#1552663\n (81-kvm-rhel.rules is no longer part of initscripts)\n- Resolves: bz#1609235\n (Win2016 guest can't recognize pc-dimm hotplugged to node 0)\n- Resolves: bz#1623085\n (VM doesn't boot from HD)\n- Resolves: bz#1632622\n (~40% virtio_blk disk performance drop for win2012r2 guest when comparing qemu-kvm-rhev-2.12.0-9 with qemu-kvm-rhev-2.12.0-12)\n- Resolves: bz#1633928\n (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-8.0])\n[2.12.0-37.el8]\n- kvm-block-for-jobs-do-not-clear-user_paused-until-after-.patch [bz#1635583]\n- kvm-iotests-Add-failure-matching-to-common.qemu.patch [bz#1635583]\n- kvm-block-iotest-to-catch-abort-on-forced-blockjob-cance.patch [bz#1635583]\n- Resolves: bz#1635583\n (Quitting VM causes qemu core dump once the block mirror job paused for no enough target space)\n[2.12.0-36.el8]\n- kvm-check-Only-test-ivshm-when-it-is-compiled-in.patch [bz#1621817]\n- kvm-Disable-ivshmem.patch [bz#1621817]\n- kvm-mirror-Fail-gracefully-for-source-target.patch [bz#1637963]\n- kvm-commit-Add-top-node-base-node-options.patch [bz#1637970]\n- kvm-qemu-iotests-Test-commit-with-top-node-base-node.patch [bz#1637970]\n- Resolves: bz#1621817\n (Disable IVSHMEM in RHEL 8)\n- Resolves: bz#1637963\n (Segfault on 'blockdev-mirror' with same node as source and target)\n- Resolves: bz#1637970\n (allow using node-names with block-commit)\n[2.12.0-35.el8]\n- kvm-redhat-make-the-plugins-executable.patch [bz#1638304]\n- Resolves: bz#1638304\n (the driver packages lack all the library Requires)\n[2.12.0-34.el8]\n- kvm-seccomp-allow-sched_setscheduler-with-SCHED_IDLE-pol.patch [bz#1618356]\n- kvm-seccomp-use-SIGSYS-signal-instead-of-killing-the-thr.patch [bz#1618356]\n- kvm-seccomp-prefer-SCMP_ACT_KILL_PROCESS-if-available.patch [bz#1618356]\n- kvm-configure-require-libseccomp-2.2.0.patch [bz#1618356]\n- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618356]\n- kvm-memory-cleanup-side-effects-of-memory_region_init_fo.patch [bz#1600365]\n- Resolves: bz#1600365\n (QEMU core dumped when hotplug memory exceeding host hugepages and with discard-data=yes)\n- Resolves: bz#1618356\n (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-8])\n[2.12.0-33.el8]\n- kvm-migration-postcopy-Clear-have_listen_thread.patch [bz#1608765]\n- kvm-migration-cleanup-in-error-paths-in-loadvm.patch [bz#1608765]\n- kvm-jobs-change-start-callback-to-run-callback.patch [bz#1632939]\n- kvm-jobs-canonize-Error-object.patch [bz#1632939]\n- kvm-jobs-add-exit-shim.patch [bz#1632939]\n- kvm-block-commit-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-block-mirror-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-jobs-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-block-backup-make-function-variables-consistently-na.patch [bz#1632939]\n- kvm-jobs-remove-ret-argument-to-job_completed-privatize-.patch [bz#1632939]\n- kvm-jobs-remove-job_defer_to_main_loop.patch [bz#1632939]\n- kvm-block-commit-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-mirror-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-stream-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-commit-refactor-commit-to-use-job-callbacks.patch [bz#1632939]\n- kvm-block-mirror-don-t-install-backing-chain-on-abort.patch [bz#1632939]\n- kvm-block-mirror-conservative-mirror_exit-refactor.patch [bz#1632939]\n- kvm-block-stream-refactor-stream-to-use-job-callbacks.patch [bz#1632939]\n- kvm-tests-blockjob-replace-Blockjob-with-Job.patch [bz#1632939]\n- kvm-tests-test-blockjob-remove-exit-callback.patch [bz#1632939]\n- kvm-tests-test-blockjob-txn-move-.exit-to-.clean.patch [bz#1632939]\n- kvm-jobs-remove-.exit-callback.patch [bz#1632939]\n- kvm-qapi-block-commit-expose-new-job-properties.patch [bz#1632939]\n- kvm-qapi-block-mirror-expose-new-job-properties.patch [bz#1632939]\n- kvm-qapi-block-stream-expose-new-job-properties.patch [bz#1632939]\n- kvm-block-backup-qapi-documentation-fixup.patch [bz#1632939]\n- kvm-blockdev-document-transactional-shortcomings.patch [bz#1632939]\n- Resolves: bz#1608765\n (After postcopy migration, do savevm and loadvm, guest hang and call trace)\n- Resolves: bz#1632939\n (qemu blockjobs other than backup do not support job-finalize or job-dismiss)\n[2.12.0-32.el8]\n- kvm-Re-enable-disabled-Hyper-V-enlightenments.patch [bz#1625185]\n- kvm-Fix-annocheck-issues.patch [bz#1624164]\n- kvm-exec-check-that-alignment-is-a-power-of-two.patch [bz#1630746]\n- kvm-curl-Make-sslverify-off-disable-host-as-well-as-peer.patch [bz#1575925]\n- Resolves: bz#1575925\n ('SSL: no alternative certificate subject name matches target host name' error even though sslverify = off)\n- Resolves: bz#1624164\n (Review annocheck distro flag failures in qemu-kvm)\n- Resolves: bz#1625185\n (Re-enable disabled Hyper-V enlightenments)\n- Resolves: bz#1630746\n (qemu_ram_mmap: Assertion skip_bytes < pnum' failed.)\n- Resolves: bz#1591076\n (The driver of 'throttle' is not whitelisted)\n- Resolves: bz#1592817\n (Retrying on serial_xmit if the pipe is broken may compromise the Guest)\n- Resolves: bz#1594135\n (system_reset many times linux guests cause qemu process Aborted)\n- Resolves: bz#1595173\n (blockdev-create is blocking)\n- Resolves: bz#1595180\n (Can't set rerror/werror with usb-storage)\n- Resolves: bz#1595740\n (RHEL-Alt-7.6 - qemu has error during migration of larger guests)\n- Resolves: bz#1599335\n (Image creation locking is too tight and is not properly released)\n- Resolves: bz#1599515\n (qemu core-dump with aio_read via hmp (util/qemu-thread-posix.c:64: qemu_mutex_lock_impl: Assertion *pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\\' failed))\n- Resolves: bz#1707192\n (implement missing reset handler for cfi.pflash01 - slow train)\n- Resolves: bz#1727642\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu())\n- Resolves: bz#1732642\n (enable the virtio-net frontend to work with the vhost-net backend in SEV guests)\n- Resolves: bz#1734751\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-8.1.0])\n[2.12.0-82.el8]\n- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1629906]\n- kvm-i386-Update-stepping-of-Cascadelake-Server.patch [bz#1629906]\n- kvm-target-i386-Disable-MPX-support-on-named-CPU-models.patch [bz#1629906]\n- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-NEW.patch [bz#1629906]\n- kvm-i386-Disable-OSPKE-on-CPU-model-definitions-NEW.patch [bz#1629906]\n- kvm-block-ssh-Convert-from-DPRINTF-macro-to-trace-events.patch [bz#1513367]\n- kvm-block-ssh-Do-not-report-read-write-flush-errors-to-t.patch [bz#1513367]\n- kvm-qemu-iotests-Fix-paths-for-NFS.patch [bz#1513367]\n- kvm-qemu-iotests-Filter-NFS-paths.patch [bz#1513367]\n- kvm-iotests-Filter-SSH-paths.patch [bz#1513367]\n- kvm-block-ssh-Implement-.bdrv_refresh_filename.patch [bz#1513367]\n- kvm-iotests-Use-Python-byte-strings-where-appropriate.patch [bz#1513367]\n- kvm-iotests-Unify-log-outputs-between-Python-2-and-3.patch [bz#1513367]\n- kvm-ssh-switch-from-libssh2-to-libssh.patch [bz#1513367]\n- kvm-redhat-switch-from-libssh2-to-libssh.patch [bz#1513367]\n- kvm-block-gluster-limit-the-transfer-size-to-512-MiB.patch [bz#1728657]\n- kvm-s390-cpumodel-fix-description-for-the-new-vector-fac.patch [bz#1729975]\n- kvm-s390x-cpumodel-remove-esort-from-the-default-model.patch [bz#1729975]\n- kvm-s390x-cpumodel-also-change-name-of-vxbeh.patch [bz#1729975]\n- kvm-s390x-cpumodel-change-internal-name-of-vxpdeh-to-mat.patch [bz#1729975]\n- kvm-target-i386-sev-Do-not-unpin-ram-device-memory-regio.patch [bz#1728958]\n- kvm-i386-Save-EFER-for-32-bit-targets.patch [bz#1689269]\n- kvm-target-i386-rename-HF_SVMI_MASK-to-HF_GUEST_MASK.patch [bz#1689269]\n- kvm-target-i386-kvm-add-VMX-migration-blocker.patch [bz#1689269]\n- kvm-target-i386-kvm-just-return-after-migrate_add_blocke.patch [bz#1689269]\n- kvm-target-i386-kvm-Delete-VMX-migration-blocker-on-vCPU.patch [bz#1689269]\n- kvm-Introduce-kvm_arch_destroy_vcpu.patch [bz#1689269]\n- kvm-target-i386-kvm-Use-symbolic-constant-for-DB-BP-exce.patch [bz#1689269]\n- kvm-target-i386-kvm-Re-inject-DB-to-guest-with-updated-D.patch [bz#1689269]\n- kvm-target-i386-kvm-Block-migration-for-vCPUs-exposed-wi.patch [bz#1689269]\n- kvm-target-i386-kvm-do-not-initialize-padding-fields.patch [bz#1689269]\n- kvm-linux-headers-synchronize-generic-and-x86-KVM-header.patch [bz#1689269]\n- kvm-vmstate-Add-support-for-kernel-integer-types.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-support-for-save-and-restore-nes.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-support-for-KVM_CAP_EXCEPTION_PA.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-nested-migration-blocker-only-wh.patch [bz#1689269]\n- kvm-target-i386-kvm-Demand-nested-migration-kernel-capab.patch [bz#1689269]\n- kvm-target-i386-skip-KVM_GET-SET_NESTED_STATE-if-VMX-dis.patch [bz#1689269]\n- kvm-i386-kvm-Do-not-sync-nested-state-during-runtime.patch [bz#1689269]\n- Resolves: bz#1513367\n (qemu with libssh)\n- Resolves: bz#1629906\n ([Intel 8.1 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)\n- Resolves: bz#1689269\n (Nested KVM: support for migration of nested hypervisors - Slow Train)\n- Resolves: bz#1728657\n ('qemu-io write' to a raw image over libgfapi fails)\n- Resolves: bz#1728958\n (Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region)\n- Resolves: bz#1729975\n (RHEL 8.1 Pre-Beta - Fix for hardware CPU Model)\n[2.12.0-81.el8]\n- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714792]\n- kvm-virtio-gpu-pass-down-VirtIOGPU-pointer-to-a-bunch-of.patch [bz#1531543]\n- kvm-virtio-gpu-add-iommu-support.patch [bz#1531543]\n- kvm-virtio-gpu-fix-unmap-in-error-path.patch [bz#1531543]\n- Resolves: bz#1531543\n ([RFE] add iommu support to virtio-gpu)\n- Resolves: bz#1714792\n ([Intel 8.1 FEAT] MDS_NO exposure to guest)\n[2.12.0-80.el8]\n- kvm-qxl-check-release-info-object.patch [bz#1712705]\n- kvm-iotests-Make-182-do-without-device_add.patch [bz#1707598]\n- Resolves: bz#1707598\n (qemu-iotest 182 fails without device hotplugging support)\n- Resolves: bz#1712705\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-8])\n[15:2.12.0-79]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[2.12.0-78.el8]\n- kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1721983]\n- kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1721983]\n- Resolves: bz#1721983\n (qemu-kvm can't be build with new gluster version (6.0.6))\n[2.12.0-77.el8]\n- kvm-i386-Make-arch_capabilities-migratable.patch [bz#1709970]\n- kvm-spapr-Fix-ibm-max-associativity-domains-property-num.patch [bz#1710662]\n- kvm-linux-headers-Update-for-NVLink2-passthrough-downstr.patch [bz#1710662]\n- kvm-pci-Move-NVIDIA-vendor-id-to-the-rest-of-ids.patch [bz#1710662]\n- kvm-vfio-quirks-Add-common-quirk-alloc-helper.patch [bz#1710662]\n- kvm-vfio-Make-vfio_get_region_info_cap-public.patch [bz#1710662]\n- kvm-spapr-Support-NVIDIA-V100-GPU-with-NVLink2.patch [bz#1710662]\n- kvm-qemu-kvm.spec-bump-libseccomp-2.4.0.patch [bz#1719578]\n- Resolves: bz#1709970\n ([Intel 8.1 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM - qemu-kvm)\n- Resolves: bz#1710662\n ([IBM 8.1 FEAT] POWER9 - Virt: qemu: NVLink2 passthru to guest - Nvidia Volta (GPU) (kvm))\n- Resolves: bz#1719578\n (VM failed to start with error 'failed to install seccomp syscall filter in the kernel')\n[2.12.0-76.el8]\n- kvm-Introduce-new-no_guest_reset-parameter-for-usb-host-.patch [bz#1713677]\n- kvm-usb-call-reset-handler-before-updating-state.patch [bz#1713677]\n- kvm-usb-host-skip-reset-for-untouched-devices.patch [bz#1713677]\n- kvm-usb-host-avoid-libusb_set_configuration-calls.patch [bz#1713677]\n- kvm-virtio-scsi-Move-BlockBackend-back-to-the-main-AioCo.patch [bz#1673396 bz#1673401]\n- kvm-scsi-disk-Acquire-the-AioContext-in-scsi_-_realize.patch [bz#1673396 bz#1673401]\n- kvm-virtio-scsi-Forbid-devices-with-different-iothreads-.patch [bz#1673396 bz#1673401]\n- kvm-Disable-VXHS-support.patch [bz#1714933]\n- Resolves: bz#1673396\n (qemu-kvm core dumped after hotplug the deleted disk with iothread parameter)\n- Resolves: bz#1673401\n (Qemu core dump when start guest with two disks using same drive)\n- Resolves: bz#1713677\n (Detached device when trying to upgrade USB device firmware when in doing USB Passthrough via QEMU)\n- Resolves: bz#1714933\n (Disable VXHS in qemu-kvm)\n[2.12.0-75.el8]\n- kvm-s390x-cpumodel-enum-type-S390FeatGroup-now-gets-gene.patch [bz#1660912]\n- kvm-linux-headers-update-against-Linux-5.2-rc1.patch [bz#1660912]\n- kvm-s390x-cpumodel-ignore-csske-for-expansion.patch [bz#1660912]\n- kvm-s390x-cpumodel-Miscellaneous-Instruction-Extensions-.patch [bz#1660912]\n- kvm-s390x-cpumodel-msa9-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-vector-enhancements.patch [bz#1660912]\n- kvm-s390x-cpumodel-enhanced-sort-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-add-Deflate-conversion-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-add-gen15-defintions.patch [bz#1660912]\n- kvm-s390x-cpumodel-wire-up-8561-and-8562-as-gen15-machin.patch [bz#1660912]\n- kvm-spice-set-device-address-and-device-display-ID-in-QX.patch [bz#1712946]\n- kvm-hw-pci-Add-missing-include.patch [bz#1712946]\n- Resolves: bz#1660912\n ([IBM 8.1 FEAT] KVM s390x: Add hardware CPU Model - qemu part)\n- Resolves: bz#1712946\n (qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated)\n[2.12.0-74.el8]\n- kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1696436]\n- kvm-memory-Fix-the-memory-region-type-assignment-order.patch [bz#1667249]\n- kvm-target-i386-sev-Do-not-pin-the-ram-device-memory-reg.patch [bz#1667249]\n- kvm-block-Fix-invalidate_cache-error-path-for-parent-act.patch [bz#1673010]\n- kvm-target-i386-define-md-clear-bit.patch [bz#1703302 bz#1703308]\n- Resolves: bz#1667249\n (Fail to launch AMD SEV VM with assigned PCI device)\n- Resolves: bz#1673010\n (Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled)\n- Resolves: bz#1696436\n ([Intel 8.0 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm)\n- Resolves: bz#1703302\n (CVE-2018-12130 virt:rhel/qemu-kvm: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [rhel-8])\n- Resolves: bz#1703308\n (CVE-2018-12127 virt:rhel/qemu-kvm: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [rhel-8])\n[2.12.0-73.el8]\n- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-mo.patch [bz#1561761]\n- kvm-i386-Disable-OSPKE-on-CPU-model-definitions.patch [bz#1561761]\n- Resolves: bz#1561761\n ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model)\n[2.12.0-72.el8]\n- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1707706]\n- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1707706]\n- Resolves: bz#1707706\n (/builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion is_power_of_2(align)' failed)\n[2.12.0-31.el8]\n- kvm-i386-Disable-TOPOEXT-by-default-on-cpu-host.patch [bz#1619804]\n- kvm-redhat-enable-opengl-add-build-and-runtime-deps.patch [bz#1618412]\n- Resolves: bz#1618412\n (Enable opengl (for intel vgpu display))\n- Resolves: bz#1619804\n (kernel panic in init_amd_cacheinfo)\n[2.12.0-30.el8]\n- kvm-redhat-Disable-vhost-crypto.patch [bz#1625668]\n- Resolves: bz#1625668\n (Decide if we should disable 'vhost-crypto' or not)\n[2.12.0-29.el8]\n- kvm-target-i386-sev-fix-memory-leaks.patch [bz#1615717]\n- kvm-i386-Fix-arch_query_cpu_model_expansion-leak.patch [bz#1615717]\n- kvm-redhat-Update-build-configuration.patch [bz#1573156]\n- Resolves: bz#1573156\n (Update build configure for QEMU 2.12.0)\n- Resolves: bz#1615717\n (Memory leaks)\n[2.12.0-28.el8]\n- kvm-e1000e-Do-not-auto-clear-ICR-bits-which-aren-t-set-i.patch [bz#1596024]\n- kvm-e1000e-Prevent-MSI-MSI-X-storms.patch [bz#1596024]\n- kvm-Drop-build_configure.sh-and-Makefile.local-files.patch []\n- kvm-Fix-subject-line-in-.gitpublish.patch []\n- Resolves: bz#1596024\n (The network link can't be detected on guest when the guest uses e1000e model type)\n[2.12.0-27.el8]\n- kvm-Fix-libusb-1.0.22-deprecated-libusb_set_debug-with-l.patch [bz#1622656]\n- Resolves: bz#1622656\n (qemu-kvm fails to build due to libusb_set_debug being deprecated)\n[2.12.0-26.el8]\n- kvm-redhat-remove-extra-in-rhel_rhev_conflicts-macro.patch [bz#1618752]\n- Resolves: bz#1618752\n (qemu-kvm can't be installed in RHEL-8 as it Conflicts with itself.)\n[2.12.0-25.el8]\n- kvm-Migration-TLS-Fix-crash-due-to-double-cleanup.patch [bz#1594384]\n- Resolves: bz#1594384\n (2.12 migration fixes)\n[2.12.0-24.el8]\n- kvm-Add-qemu-keymap-to-qemu-kvm-common.patch [bz#1593117]\n- Resolves: bz#1593117\n (add qemu-keymap utility)\n[2.12.0-23.el8]\n- Fixing an issue with some old command in the spec file\n[2.12.0-22.el8]\n- Fix an issue with the build_configure script.\n- Resolves: bz#1425820\n (Improve QEMU packaging layout with modularization of the block layer)\n[2.12.0-20.el8]\n- kvm-migration-stop-compressing-page-in-migration-thread.patch [bz#1594384]\n- kvm-migration-stop-compression-to-allocate-and-free-memo.patch [bz#1594384]\n- kvm-migration-stop-decompression-to-allocate-and-free-me.patch [bz#1594384]\n- kvm-migration-detect-compression-and-decompression-error.patch [bz#1594384]\n- kvm-migration-introduce-control_save_page.patch [bz#1594384]\n- kvm-migration-move-some-code-to-ram_save_host_page.patch [bz#1594384]\n- kvm-migration-move-calling-control_save_page-to-the-comm.patch [bz#1594384]\n- kvm-migration-move-calling-save_zero_page-to-the-common-.patch [bz#1594384]\n- kvm-migration-introduce-save_normal_page.patch [bz#1594384]\n- kvm-migration-remove-ram_save_compressed_page.patch [bz#1594384]\n- kvm-migration-block-dirty-bitmap-fix-memory-leak-in-dirt.patch [bz#1594384]\n- kvm-migration-fix-saving-normal-page-even-if-it-s-been-c.patch [bz#1594384]\n- kvm-migration-update-index-field-when-delete-or-qsort-RD.patch [bz#1594384]\n- kvm-migration-introduce-decompress-error-check.patch [bz#1594384]\n- kvm-migration-Don-t-activate-block-devices-if-using-S.patch [bz#1594384]\n- kvm-migration-not-wait-RDMA_CM_EVENT_DISCONNECTED-event-.patch [bz#1594384]\n- kvm-migration-block-dirty-bitmap-fix-dirty_bitmap_load.patch [bz#1594384]\n- kvm-s390x-add-RHEL-7.6-machine-type-for-ccw.patch [bz#1595718]\n- kvm-s390x-cpumodel-default-enable-bpb-and-ppa15-for-z196.patch [bz#1595718]\n- kvm-linux-headers-asm-s390-kvm.h-header-sync.patch [bz#1612938]\n- kvm-s390x-kvm-add-etoken-facility.patch [bz#1612938]\n- Resolves: bz#1594384\n (2.12 migration fixes)\n- Resolves: bz#1595718\n (Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine)\n- Resolves: bz#1612938\n (Add etoken support to qemu-kvm for s390x KVM guests)\n[2.12.0-18.el8]\nMass import from RHEL 7.6 qemu-kvm-rhev, including fixes to the following BZs:\n- kvm-AArch64-Add-virt-rhel7.6-machine-type.patch [bz#1558723]\n- kvm-cpus-Fix-event-order-on-resume-of-stopped-guest.patch [bz#1566153]\n- kvm-qemu-img-Check-post-truncation-size.patch [bz#1523065]\n- kvm-vga-catch-depth-0.patch [bz#1575541]\n- kvm-Fix-x-hv-max-vps-compat-value-for-7.4-machine-type.patch [bz#1583959]\n- kvm-ccid-card-passthru-fix-regression-in-realize.patch [bz#1584984]\n- kvm-Use-4-MB-vram-for-cirrus.patch [bz#1542080]\n- kvm-spapr_pci-Remove-unhelpful-pagesize-warning.patch [bz#1505664]\n- kvm-rpm-Add-nvme-VFIO-driver-to-rw-whitelist.patch [bz#1416180]\n- kvm-qobject-Use-qobject_to-instead-of-type-cast.patch [bz#1557995]\n- kvm-qobject-Ensure-base-is-at-offset-0.patch [bz#1557995]\n- kvm-qobject-use-a-QObjectBase_-struct.patch [bz#1557995]\n- kvm-qobject-Replace-qobject_incref-QINCREF-qobject_decre.patch [bz#1557995]\n- kvm-qobject-Modify-qobject_ref-to-return-obj.patch [bz#1557995]\n- kvm-rbd-Drop-deprecated-drive-parameter-filename.patch [bz#1557995]\n- kvm-iscsi-Drop-deprecated-drive-parameter-filename.patch [bz#1557995]\n- kvm-block-Add-block-specific-QDict-header.patch [bz#1557995]\n- kvm-qobject-Move-block-specific-qdict-code-to-block-qdic.patch [bz#1557995]\n- kvm-block-Fix-blockdev-for-certain-non-string-scalars.patch [bz#1557995]\n- kvm-block-Fix-drive-for-certain-non-string-scalars.patch [bz#1557995]\n- kvm-block-Clean-up-a-misuse-of-qobject_to-in-.bdrv_co_cr.patch [bz#1557995]\n- kvm-block-Factor-out-qobject_input_visitor_new_flat_conf.patch [bz#1557995]\n- kvm-block-Make-remaining-uses-of-qobject-input-visitor-m.patch [bz#1557995]\n- kvm-block-qdict-Simplify-qdict_flatten_qdict.patch [bz#1557995]\n- kvm-block-qdict-Tweak-qdict_flatten_qdict-qdict_flatten_.patch [bz#1557995]\n- kvm-block-qdict-Clean-up-qdict_crumple-a-bit.patch [bz#1557995]\n- kvm-block-qdict-Simplify-qdict_is_list-some.patch [bz#1557995]\n- kvm-check-block-qdict-Rename-qdict_flatten-s-variables-f.patch [bz#1557995]\n- kvm-check-block-qdict-Cover-flattening-of-empty-lists-an.patch [bz#1557995]\n- kvm-block-Fix-blockdev-blockdev-add-for-empty-objects-an.patch [bz#1557995]\n- kvm-rbd-New-parameter-auth-client-required.patch [bz#1557995]\n- kvm-rbd-New-parameter-key-secret.patch [bz#1557995]\n- kvm-block-mirror-honor-ratelimit-again.patch [bz#1572856]\n- kvm-block-mirror-Make-cancel-always-cancel-pre-READY.patch [bz#1572856]\n- kvm-iotests-Add-test-for-cancelling-a-mirror-job.patch [bz#1572856]\n- kvm-iotests-Split-214-off-of-122.patch [bz#1518738]\n- kvm-block-Add-COR-filter-driver.patch [bz#1518738]\n- kvm-block-BLK_PERM_WRITE-includes-._UNCHANGED.patch [bz#1518738]\n- kvm-block-Add-BDRV_REQ_WRITE_UNCHANGED-flag.patch [bz#1518738]\n- kvm-block-Set-BDRV_REQ_WRITE_UNCHANGED-for-COR-writes.patch [bz#1518738]\n- kvm-block-quorum-Support-BDRV_REQ_WRITE_UNCHANGED.patch [bz#1518738]\n- kvm-block-Support-BDRV_REQ_WRITE_UNCHANGED-in-filters.patch [bz#1518738]\n- kvm-iotests-Clean-up-wrap-image-in-197.patch [bz#1518738]\n- kvm-iotests-Copy-197-for-COR-filter-driver.patch [bz#1518738]\n- kvm-iotests-Add-test-for-COR-across-nodes.patch [bz#1518738]\n- kvm-qemu-io-Use-purely-string-blockdev-options.patch [bz#1576598]\n- kvm-qemu-img-Use-only-string-options-in-img_open_opts.patch [bz#1576598]\n- kvm-iotests-Add-test-for-U-force-share-conflicts.patch [bz#1576598]\n- kvm-qemu-io-Drop-command-functions-return-values.patch [bz#1519617]\n- kvm-qemu-io-Let-command-functions-return-error-code.patch [bz#1519617]\n- kvm-qemu-io-Exit-with-error-when-a-command-failed.patch [bz#1519617]\n- kvm-iotests.py-Add-qemu_io_silent.patch [bz#1519617]\n- kvm-iotests-Let-216-make-use-of-qemu-io-s-exit-code.patch [bz#1519617]\n- kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch [bz#1527085]\n- kvm-iotests-Repairing-error-during-snapshot-deletion.patch [bz#1527085]\n- kvm-block-Make-bdrv_is_writable-public.patch [bz#1588039]\n- kvm-qcow2-Do-not-mark-inactive-images-corrupt.patch [bz#1588039]\n- kvm-iotests-Add-case-for-a-corrupted-inactive-image.patch [bz#1588039]\n- kvm-main-loop-drop-spin_counter.patch [bz#1168213]\n- kvm-target-ppc-Factor-out-the-parsing-in-kvmppc_get_cpu_.patch [bz#1560847]\n- kvm-target-ppc-Don-t-require-private-l1d-cache-on-POWER8.patch [bz#1560847]\n- kvm-ppc-spapr_caps-Don-t-disable-cap_cfpc-on-POWER8-by-d.patch [bz#1560847]\n- kvm-qxl-fix-local-renderer-crash.patch [bz#1567733]\n- kvm-qemu-img-Amendment-support-implies-create_opts.patch [bz#1537956]\n- kvm-block-Add-Error-parameter-to-bdrv_amend_options.patch [bz#1537956]\n- kvm-qemu-option-Pull-out-Supported-options-print.patch [bz#1537956]\n- kvm-qemu-img-Add-print_amend_option_help.patch [bz#1537956]\n- kvm-qemu-img-Recognize-no-creation-support-in-o-help.patch [bz#1537956]\n- kvm-iotests-Test-help-option-for-unsupporting-formats.patch [bz#1537956]\n- kvm-iotests-Rework-113.patch [bz#1537956]\n- kvm-qemu-img-Resolve-relative-backing-paths-in-rebase.patch [bz#1569835]\n- kvm-iotests-Add-test-for-rebasing-with-relative-paths.patch [bz#1569835]\n- kvm-qemu-img-Special-post-backing-convert-handling.patch [bz#1527898]\n- kvm-iotests-Test-post-backing-convert-target-behavior.patch [bz#1527898]\n- kvm-migration-calculate-expected_downtime-with-ram_bytes.patch [bz#1564576]\n- kvm-sheepdog-Fix-sd_co_create_opts-memory-leaks.patch [bz#1513543]\n- kvm-qemu-iotests-reduce-chance-of-races-in-185.patch [bz#1513543]\n- kvm-blockjob-do-not-cancel-timer-in-resume.patch [bz#1513543]\n- kvm-nfs-Fix-error-path-in-nfs_options_qdict_to_qapi.patch [bz#1513543]\n- kvm-nfs-Remove-processed-options-from-QDict.patch [bz#1513543]\n- kvm-blockjob-drop-block_job_pause-resume_all.patch [bz#1513543]\n- kvm-blockjob-expose-error-string-via-query.patch [bz#1513543]\n- kvm-blockjob-Fix-assertion-in-block_job_finalize.patch [bz#1513543]\n- kvm-blockjob-Wrappers-for-progress-counter-access.patch [bz#1513543]\n- kvm-blockjob-Move-RateLimit-to-BlockJob.patch [bz#1513543]\n- kvm-blockjob-Implement-block_job_set_speed-centrally.patch [bz#1513543]\n- kvm-blockjob-Introduce-block_job_ratelimit_get_delay.patch [bz#1513543]\n- kvm-blockjob-Add-block_job_driver.patch [bz#1513543]\n- kvm-blockjob-Update-block-job-pause-resume-documentation.patch [bz#1513543]\n- kvm-blockjob-Improve-BlockJobInfo.offset-len-documentati.patch [bz#1513543]\n- kvm-job-Create-Job-JobDriver-and-job_create.patch [bz#1513543]\n- kvm-job-Rename-BlockJobType-into-JobType.patch [bz#1513543]\n- kvm-job-Add-JobDriver.job_type.patch [bz#1513543]\n- kvm-job-Add-job_delete.patch [bz#1513543]\n- kvm-job-Maintain-a-list-of-all-jobs.patch [bz#1513543]\n- kvm-job-Move-state-transitions-to-Job.patch [bz#1513543]\n- kvm-job-Add-reference-counting.patch [bz#1513543]\n- kvm-job-Move-cancelled-to-Job.patch [bz#1513543]\n- kvm-job-Add-Job.aio_context.patch [bz#1513543]\n- kvm-job-Move-defer_to_main_loop-to-Job.patch [bz#1513543]\n- kvm-job-Move-coroutine-and-related-code-to-Job.patch [bz#1513543]\n- kvm-job-Add-job_sleep_ns.patch [bz#1513543]\n- kvm-job-Move-pause-resume-functions-to-Job.patch [bz#1513543]\n- kvm-job-Replace-BlockJob.completed-with-job_is_completed.patch [bz#1513543]\n- kvm-job-Move-BlockJobCreateFlags-to-Job.patch [bz#1513543]\n- kvm-blockjob-Split-block_job_event_pending.patch [bz#1513543]\n- kvm-job-Add-job_event_.patch [bz#1513543]\n- kvm-job-Move-single-job-finalisation-to-Job.patch [bz#1513543]\n- kvm-job-Convert-block_job_cancel_async-to-Job.patch [bz#1513543]\n- kvm-job-Add-job_drain.patch [bz#1513543]\n- kvm-job-Move-.complete-callback-to-Job.patch [bz#1513543]\n- kvm-job-Move-job_finish_sync-to-Job.patch [bz#1513543]\n- kvm-job-Switch-transactions-to-JobTxn.patch [bz#1513543]\n- kvm-job-Move-transactions-to-Job.patch [bz#1513543]\n- kvm-job-Move-completion-and-cancellation-to-Job.patch [bz#1513543]\n- kvm-block-Cancel-job-in-bdrv_close_all-callers.patch [bz#1513543]\n- kvm-job-Add-job_yield.patch [bz#1513543]\n- kvm-job-Add-job_dismiss.patch [bz#1513543]\n- kvm-job-Add-job_is_ready.patch [bz#1513543]\n- kvm-job-Add-job_transition_to_ready.patch [bz#1513543]\n- kvm-job-Move-progress-fields-to-Job.patch [bz#1513543]\n- kvm-job-Introduce-qapi-job.json.patch [bz#1513543]\n- kvm-job-Add-JOB_STATUS_CHANGE-QMP-event.patch [bz#1513543]\n- kvm-job-Add-lifecycle-QMP-commands.patch [bz#1513543]\n- kvm-job-Add-query-jobs-QMP-command.patch [bz#1513543]\n- kvm-blockjob-Remove-BlockJob.driver.patch [bz#1513543]\n- kvm-iotests-Move-qmp_to_opts-to-VM.patch [bz#1513543]\n- kvm-qemu-iotests-Test-job-with-block-jobs.patch [bz#1513543]\n- kvm-vdi-Fix-vdi_co_do_create-return-value.patch [bz#1513543]\n- kvm-vhdx-Fix-vhdx_co_create-return-value.patch [bz#1513543]\n- kvm-job-Add-error-message-for-failing-jobs.patch [bz#1513543]\n- kvm-block-create-Make-x-blockdev-create-a-job.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.get_qmp_events_filtered.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.qmp_log.patch [bz#1513543]\n- kvm-qemu-iotests-Add-iotests.img_info_log.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.run_job.patch [bz#1513543]\n- kvm-qemu-iotests-iotests.py-helper-for-non-file-protocol.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-206-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-207-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-210-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-211-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-212-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-213-for-blockdev-create-job.patch [bz#1513543]\n- kvm-block-create-Mark-blockdev-create-stable.patch [bz#1513543]\n- kvm-jobs-fix-stale-wording.patch [bz#1513543]\n- kvm-jobs-fix-verb-references-in-docs.patch [bz#1513543]\n- kvm-iotests-Fix-219-s-timing.patch [bz#1513543]\n- kvm-iotests-improve-pause_job.patch [bz#1513543]\n- kvm-rpm-Whitelist-copy-on-read-block-driver.patch [bz#1518738]\n- kvm-rpm-add-throttle-driver-to-rw-whitelist.patch [bz#1591076]\n- kvm-usb-host-skip-open-on-pending-postload-bh.patch [bz#1572851]\n- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574216]\n- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574216]\n- kvm-block-file-posix-Pass-FD-to-locking-helpers.patch [bz#1519144]\n- kvm-block-file-posix-File-locking-during-creation.patch [bz#1519144]\n- kvm-iotests-Add-creation-test-to-153.patch [bz#1519144]\n- kvm-vhost-user-add-Net-prefix-to-internal-state-structur.patch [bz#1526645]\n- kvm-virtio-support-setting-memory-region-based-host-noti.patch [bz#1526645]\n- kvm-vhost-user-support-receiving-file-descriptors-in-sla.patch [bz#1526645]\n- kvm-osdep-add-wait.h-compat-macros.patch [bz#1526645]\n- kvm-vhost-user-bridge-support-host-notifier.patch [bz#1526645]\n- kvm-vhost-allow-backends-to-filter-memory-sections.patch [bz#1526645]\n- kvm-vhost-user-allow-slave-to-send-fds-via-slave-channel.patch [bz#1526645]\n- kvm-vhost-user-introduce-shared-vhost-user-state.patch [bz#1526645]\n- kvm-vhost-user-support-registering-external-host-notifie.patch [bz#1526645]\n- kvm-libvhost-user-support-host-notifier.patch [bz#1526645]\n- kvm-block-Introduce-API-for-copy-offloading.patch [bz#1482537]\n- kvm-raw-Check-byte-range-uniformly.patch [bz#1482537]\n- kvm-raw-Implement-copy-offloading.patch [bz#1482537]\n- kvm-qcow2-Implement-copy-offloading.patch [bz#1482537]\n- kvm-file-posix-Implement-bdrv_co_copy_range.patch [bz#1482537]\n- kvm-iscsi-Query-and-save-device-designator-when-opening.patch [bz#1482537]\n- kvm-iscsi-Create-and-use-iscsi_co_wait_for_task.patch [bz#1482537]\n- kvm-iscsi-Implement-copy-offloading.patch [bz#1482537]\n- kvm-block-backend-Add-blk_co_copy_range.patch [bz#1482537]\n- kvm-qemu-img-Convert-with-copy-offloading.patch [bz#1482537]\n- kvm-qcow2-Fix-src_offset-in-copy-offloading.patch [bz#1482537]\n- kvm-iscsi-Don-t-blindly-use-designator-length-in-respons.patch [bz#1482537]\n- kvm-file-posix-Fix-EINTR-handling.patch [bz#1482537]\n- kvm-usb-storage-Add-rerror-werror-properties.patch [bz#1595180]\n- kvm-numa-clarify-error-message-when-node-index-is-out-of.patch [bz#1578381]\n- kvm-qemu-iotests-Update-026.out.nocache-reference-output.patch [bz#1528541]\n- kvm-qcow2-Free-allocated-clusters-on-write-error.patch [bz#1528541]\n- kvm-qemu-iotests-Test-qcow2-not-leaking-clusters-on-writ.patch [bz#1528541]\n- kvm-qemu-options-Add-missing-newline-to-accel-help-text.patch [bz#1586313]\n- kvm-xhci-fix-guest-triggerable-assert.patch [bz#1594135]\n- kvm-virtio-gpu-tweak-scanout-disable.patch [bz#1589634]\n- kvm-virtio-gpu-update-old-resource-too.patch [bz#1589634]\n- kvm-virtio-gpu-disable-scanout-when-backing-resource-is-.patch [bz#1589634]\n- kvm-block-Don-t-silently-truncate-node-names.patch [bz#1549654]\n- kvm-pr-helper-fix-socket-path-default-in-help.patch [bz#1533158]\n- kvm-pr-helper-fix-assertion-failure-on-failed-multipath-.patch [bz#1533158]\n- kvm-pr-manager-helper-avoid-SIGSEGV-when-writing-to-the-.patch [bz#1533158]\n- kvm-pr-manager-put-stubs-in-.c-file.patch [bz#1533158]\n- kvm-pr-manager-add-query-pr-managers-QMP-command.patch [bz#1533158]\n- kvm-pr-manager-helper-report-event-on-connection-disconn.patch [bz#1533158]\n- kvm-pr-helper-avoid-error-on-PR-IN-command-with-zero-req.patch [bz#1533158]\n- kvm-pr-helper-Rework-socket-path-handling.patch [bz#1533158]\n- kvm-pr-manager-helper-fix-memory-leak-on-event.patch [bz#1533158]\n- kvm-object-fix-OBJ_PROP_LINK_UNREF_ON_RELEASE-ambivalenc.patch [bz#1556678]\n- kvm-usb-hcd-xhci-test-add-a-test-for-ccid-hotplug.patch [bz#1556678]\n- kvm-Revert-usb-release-the-created-buses.patch [bz#1556678]\n- kvm-file-posix-Fix-creation-locking.patch [bz#1599335]\n- kvm-file-posix-Unlock-FD-after-creation.patch [bz#1599335]\n- kvm-ahci-trim-signatures-on-raise-lower.patch [bz#1584914]\n- kvm-ahci-fix-PxCI-register-race.patch [bz#1584914]\n- kvm-ahci-don-t-schedule-unnecessary-BH.patch [bz#1584914]\n- kvm-qcow2-Fix-qcow2_truncate-error-return-value.patch [bz#1595173]\n- kvm-block-Convert-.bdrv_truncate-callback-to-coroutine_f.patch [bz#1595173]\n- kvm-qcow2-Remove-coroutine-trampoline-for-preallocate_co.patch [bz#1595173]\n- kvm-block-Move-bdrv_truncate-implementation-to-io.c.patch [bz#1595173]\n- kvm-block-Use-tracked-request-for-truncate.patch [bz#1595173]\n- kvm-file-posix-Make-.bdrv_co_truncate-asynchronous.patch [bz#1595173]\n- kvm-block-Fix-copy-on-read-crash-with-partial-final-clus.patch [bz#1590640]\n- kvm-block-fix-QEMU-crash-with-scsi-hd-and-drive_del.patch [bz#1599515]\n- kvm-virtio-rng-process-pending-requests-on-DRIVER_OK.patch [bz#1576743]\n- kvm-file-posix-specify-expected-filetypes.patch [bz#1525829]\n- kvm-iotests-add-test-226-for-file-driver-types.patch [bz#1525829]\n- kvm-block-dirty-bitmap-add-lock-to-bdrv_enable-disable_d.patch [bz#1207657]\n- kvm-qapi-add-x-block-dirty-bitmap-enable-disable.patch [bz#1207657]\n- kvm-qmp-transaction-support-for-x-block-dirty-bitmap-ena.patch [bz#1207657]\n- kvm-qapi-add-x-block-dirty-bitmap-merge.patch [bz#1207657]\n- kvm-qapi-add-disabled-parameter-to-block-dirty-bitmap-ad.patch [bz#1207657]\n- kvm-block-dirty-bitmap-add-bdrv_enable_dirty_bitmap_lock.patch [bz#1207657]\n- kvm-dirty-bitmap-fix-double-lock-on-bitmap-enabling.patch [bz#1207657]\n- kvm-block-qcow2-bitmap-fix-free_bitmap_clusters.patch [bz#1207657]\n- kvm-qcow2-add-overlap-check-for-bitmap-directory.patch [bz#1207657]\n- kvm-blockdev-enable-non-root-nodes-for-backup-source.patch [bz#1207657]\n- kvm-iotests-add-222-to-test-basic-fleecing.patch [bz#1207657]\n- kvm-qcow2-Remove-dead-check-on-ret.patch [bz#1207657]\n- kvm-block-Move-request-tracking-to-children-in-copy-offl.patch [bz#1207657]\n- kvm-block-Fix-parameter-checking-in-bdrv_co_copy_range_i.patch [bz#1207657]\n- kvm-block-Honour-BDRV_REQ_NO_SERIALISING-in-copy-range.patch [bz#1207657]\n- kvm-backup-Use-copy-offloading.patch [bz#1207657]\n- kvm-block-backup-disable-copy-offloading-for-backup.patch [bz#1207657]\n- kvm-iotests-222-Don-t-run-with-luks.patch [bz#1207657]\n- kvm-block-io-fix-copy_range.patch [bz#1207657]\n- kvm-block-split-flags-in-copy_range.patch [bz#1207657]\n- kvm-block-add-BDRV_REQ_SERIALISING-flag.patch [bz#1207657]\n- kvm-block-backup-fix-fleecing-scheme-use-serialized-writ.patch [bz#1207657]\n- kvm-nbd-server-Reject-0-length-block-status-request.patch [bz#1207657]\n- kvm-nbd-server-fix-trace.patch [bz#1207657]\n- kvm-nbd-server-refactor-NBDExportMetaContexts.patch [bz#1207657]\n- kvm-nbd-server-add-nbd_meta_empty_or_pattern-helper.patch [bz#1207657]\n- kvm-nbd-server-implement-dirty-bitmap-export.patch [bz#1207657]\n- kvm-qapi-new-qmp-command-nbd-server-add-bitmap.patch [bz#1207657]\n- kvm-docs-interop-add-nbd.txt.patch [bz#1207657]\n- kvm-nbd-server-introduce-NBD_CMD_CACHE.patch [bz#1207657]\n- kvm-nbd-server-Silence-gcc-false-positive.patch [bz#1207657]\n- kvm-nbd-server-Fix-dirty-bitmap-logic-regression.patch [bz#1207657]\n- kvm-nbd-server-fix-nbd_co_send_block_status.patch [bz#1207657]\n- kvm-nbd-client-Add-x-dirty-bitmap-to-query-bitmap-from-s.patch [bz#1207657]\n- kvm-iotests-New-test-223-for-exporting-dirty-bitmap-over.patch [bz#1207657]\n- kvm-hw-char-serial-Only-retry-if-qemu_chr_fe_write-retur.patch [bz#1592817]\n- kvm-hw-char-serial-retry-write-if-EAGAIN.patch [bz#1592817]\n- kvm-throttle-groups-fix-hang-when-group-member-leaves.patch [bz#1535914]\n- kvm-Disable-aarch64-devices-reappeared-after-2.12-rebase.patch [bz#1586357]\n- kvm-Disable-split-irq-device.patch [bz#1586357]\n- kvm-Disable-AT24Cx-i2c-eeprom.patch [bz#1586357]\n- kvm-Disable-CAN-bus-devices.patch [bz#1586357]\n- kvm-Disable-new-superio-devices.patch [bz#1586357]\n- kvm-Disable-new-pvrdma-device.patch [bz#1586357]\n- kvm-qdev-add-HotplugHandler-post_plug-callback.patch [bz#1607891]\n- kvm-virtio-scsi-fix-hotplug-reset-vs-event-race.patch [bz#1607891]\n- kvm-e1000-Fix-tso_props-compat-for-82540em.patch [bz#1608778]\n- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586255]\n- kvm-s390x-sclp-fix-maxram-calculation.patch [bz#1595740]\n- kvm-redhat-Make-gitpublish-profile-the-default-one.patch [bz#1425820]\n- Resolves: bz#1168213\n (main-loop: WARNING: I/O thread spun for 1000 iterations while doing stream block device.)\n- Resolves: bz#1207657\n (RFE: QEMU Incremental live backup - push and pull modes)\n- Resolves: bz#1416180\n (QEMU VFIO based block driver for NVMe devices)\n- Resolves: bz#1425820\n (Improve QEMU packaging layout with modularization of the block layer)\n- Resolves: bz#1482537\n ([RFE] qemu-img copy-offloading (convert command))\n- Resolves: bz#1505664\n ('qemu-kvm: System page size 0x1000000 is not enabled in page_size_mask (0x11000). Performance may be slow' show up while using hugepage as guest's memory)\n- Resolves: bz#1513543\n ([RFE] Add block job to create format on a storage device)\n- Resolves: bz#1518738\n (Add 'copy-on-read' filter driver for use with blockdev-add)\n- Resolves: bz#1519144\n (qemu-img: image locking doesn't cover image creation)\n- Resolves: bz#1519617\n (The exit code should be non-zero when qemu-io reports an error)\n- Resolves: bz#1523065\n ('qemu-img resize' should fail to decrease the size of logical partition/lvm/iSCSI image with raw format)\n- Resolves: bz#1525829\n (can not boot up a scsi-block passthrough disk via -blockdev with error 'cannot get SG_IO version number: Operation not supported. Is this a SCSI device?')\n- Resolves: bz#1526645\n ([Intel 7.6 FEAT] vHost Data Plane Acceleration (vDPA) - vhost user client - qemu-kvm-rhev)\n- Resolves: bz#1527085\n (The copied flag should be updated during '-r leaks')\n- Resolves: bz#1527898\n ([RFE] qemu-img should leave cluster unallocated if it's read as zero throughout the backing chain)\n- Resolves: bz#1528541\n (qemu-img check reports tons of leaked clusters after re-start nfs service to resume writing data in guest)\n- Resolves: bz#1533158\n (QEMU support for libvirtd restarting qemu-pr-helper)\n- Resolves: bz#1535914\n (Disable io throttling for one member disk of a group during io will induce the other one hang with io)\n- Resolves: bz#1537956\n (RFE: qemu-img amend should list the true supported options)\n- Resolves: bz#1542080\n (Qemu core dump at cirrus_invalidate_region)\n- Resolves: bz#1549654\n (Reject node-names which would be truncated by the block layer commands)\n- Resolves: bz#1556678\n (Hot plug usb-ccid for the 2nd time with the same ID as the 1st time failed)\n- Resolves: bz#1557995\n (QAPI schema for RBD storage misses the 'password-secret' option)\n- Resolves: bz#1558723\n (Create RHEL-7.6 QEMU machine type for AArch64)\n- Resolves: bz#1560847\n ([Power8][FW b0320a_1812.861][rhel7.5rc2 3.10.0-861.el7.ppc64le][qemu-kvm-{ma,rhev}-2.10.0-21.el7_5.1.ppc64le] KVM guest does not default to ori type flush even with pseries-rhel7.5.0-sxxm)\n- Resolves: bz#1564576\n (Pegas 1.1 - Require to backport qemu-kvm patch that fixes expected_downtime calculation during migration)\n- Resolves: bz#1566153\n (IOERROR pause code lost after resuming a VM while I/O error is still present)\n- Resolves: bz#1567733\n (qemu abort when migrate during guest reboot)\n- Resolves: bz#1569835\n (qemu-img get wrong backing file path after rebasing image with relative path)\n- Resolves: bz#1572851\n (Core dumped after migration when with usb-host)\n- Resolves: bz#1572856\n ('block-job-cancel' can not cancel a 'drive-mirror' job)\n- Resolves: bz#1574216\n (CVE-2018-3639 qemu-kvm-rhev: hw: cpu: speculative store bypass [rhel-7.6])\n- Resolves: bz#1575541\n (qemu core dump while installing win10 guest)\n- Resolves: bz#1576598\n (Segfault in qemu-io and qemu-img with -U --image-opts force-share=off)\n- Resolves: bz#1576743\n (virtio-rng hangs when running on recent (2.x) QEMU versions)\n- Resolves: bz#1578381\n (Error message need update when specify numa distance with node index >=128)\n- Resolves: bz#1583959\n (Incorrect vcpu count limit for 7.4 machine types for windows guests)\n- Resolves: bz#1584914\n (SATA emulator lags and hangs)\n- Resolves: bz#1584984\n (Vm starts failed with 'passthrough' smartcard)\n- Resolves: bz#1586255\n (CVE-2018-11806 qemu-kvm-rhev: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6])\n- Resolves: bz#1586313\n (-smp option is not easily found in the output of qemu help)\n- Resolves: bz#1586357\n (Disable new devices in 2.12)\n- Resolves: bz#1588039\n (Possible assertion failure in qemu when a corrupted image is used during an incoming migration)\n- Resolves: bz#1589634\n (Migration failed when rebooting guest with multiple virtio videos)\n- Resolves: bz#1590640\n (qemu-kvm: block/io.c:1098: bdrv_co_do_copy_on_readv: Assertion mutex->initialized' failed))\n- Resolves: bz#1607891\n (Hotplug events are sometimes lost with virtio-scsi + iothread)\n- Resolves: bz#1608778\n (qemu/migration: migrate failed from RHEL.7.6 to RHEL.7.5 with e1000-82540em)\n[2.12.0-17.el8]\n- kvm-linux-headers-Update-to-include-KVM_CAP_S390_HPAGE_1.patch [bz#1610906]\n- kvm-s390x-Enable-KVM-huge-page-backing-support.patch [bz#1610906]\n- kvm-redhat-s390x-add-hpage-1-to-kvm.conf.patch [bz#1610906]\n- Resolves: bz#1610906\n ([IBM 8.0 FEAT] KVM: Huge Pages - libhugetlbfs Enablement - qemu-kvm part)\n[2.12.0-16.el8]\n- kvm-spapr-Correct-inverted-test-in-spapr_pc_dimm_node.patch [bz#1601671]\n- kvm-osdep-powerpc64-align-memory-to-allow-2MB-radix-THP-.patch [bz#1601317]\n- kvm-RHEL-8.0-Add-pseries-rhel7.6.0-sxxm-machine-type.patch [bz#1595501]\n- kvm-i386-Helpers-to-encode-cache-information-consistentl.patch [bz#1597739]\n- kvm-i386-Add-cache-information-in-X86CPUDefinition.patch [bz#1597739]\n- kvm-i386-Initialize-cache-information-for-EPYC-family-pr.patch [bz#1597739]\n- kvm-i386-Add-new-property-to-control-cache-info.patch [bz#1597739]\n- kvm-i386-Clean-up-cache-CPUID-code.patch [bz#1597739]\n- kvm-i386-Populate-AMD-Processor-Cache-Information-for-cp.patch [bz#1597739]\n- kvm-i386-Add-support-for-CPUID_8000_001E-for-AMD.patch [bz#1597739]\n- kvm-i386-Fix-up-the-Node-id-for-CPUID_8000_001E.patch [bz#1597739]\n- kvm-i386-Enable-TOPOEXT-feature-on-AMD-EPYC-CPU.patch [bz#1597739]\n- kvm-i386-Remove-generic-SMT-thread-check.patch [bz#1597739]\n- kvm-i386-Allow-TOPOEXT-to-be-enabled-on-older-kernels.patch [bz#1597739]\n- Resolves: bz#1595501\n (Create pseries-rhel7.6.0-sxxm machine type)\n- Resolves: bz#1597739\n (AMD EPYC/Zen SMT support for KVM / QEMU guest (qemu-kvm))\n- Resolves: bz#1601317\n (RHEL8.0 - qemu patch to align memory to allow 2MB THP)\n- Resolves: bz#1601671\n (After rebooting guest,all the hot plug memory will be assigned to the 1st numa node.)\n[2.12.0-15.el8]\n- kvm-spapr-Add-ibm-max-associativity-domains-property.patch [bz#1599593]\n- kvm-Revert-spapr-Don-t-allow-memory-hotplug-to-memory-le.patch [bz#1599593]\n- kvm-simpletrace-Convert-name-from-mapping-record-to-str.patch [bz#1594969]\n- kvm-tests-fix-TLS-handshake-failure-with-TLS-1.3.patch [bz#1602403]\n- Resolves: bz#1594969\n (simpletrace.py fails when running with Python 3)\n- Resolves: bz#1599593\n (User can't hotplug memory to less memory numa node on rhel8)\n- Resolves: bz#1602403\n (test-crypto-tlssession unit test fails with assertions)\n[2.12.0-14.el8]\n- kvm-vfio-pci-Default-display-option-to-off.patch [bz#1590511]\n- kvm-python-futurize-f-libfuturize.fixes.fix_print_with_i.patch [bz#1571533]\n- kvm-python-futurize-f-lib2to3.fixes.fix_except.patch [bz#1571533]\n- kvm-Revert-Defining-a-shebang-for-python-scripts.patch [bz#1571533]\n- kvm-spec-Fix-ambiguous-python-interpreter-name.patch [bz#1571533]\n- kvm-qemu-ga-blacklisting-guest-exec-and-guest-exec-statu.patch [bz#1518132]\n- kvm-redhat-rewrap-build_configure.sh-cmdline-for-the-rh-.patch\n- kvm-redhat-remove-the-VTD-LIVE_BLOCK_OPS-and-RHV-options.patch\n- kvm-redhat-fix-the-rh-env-prep-target-s-dependency-on-th.patch\n- kvm-redhat-remove-dead-code-related-to-s390-not-s390x.patch\n- kvm-redhat-sync-compiler-flags-from-the-spec-file-to-rh-.patch\n- kvm-redhat-sync-guest-agent-enablement-and-tcmalloc-usag.patch\n- kvm-redhat-fix-up-Python-3-dependency-for-building-QEMU.patch\n- kvm-redhat-fix-up-Python-dependency-for-SRPM-generation.patch\n- kvm-redhat-disable-glusterfs-dependency-support-temporar.patch\n- Resolves: bz#1518132\n (Ensure file access RPCs are disabled by default)\n- Resolves: bz#1571533\n (Convert qemu-kvm python scripts to python3)\n- Resolves: bz#1590511\n (Fails to start guest with Intel vGPU device)\n[2.12.0-13.el8]\n- Resolves: bz#1508137\n ([IBM 8.0 FEAT] KVM: Interactive Bootloader (qemu))\n- Resolves: bz#1513558\n (Remove RHEL6 machine types)\n- Resolves: bz#1568600\n (pc-i440fx-rhel7.6.0 and pc-q35-rhel7.6.0 machine types (x86))\n- Resolves: bz#1570029\n ([IBM 8.0 FEAT] KVM: 3270 Connectivity - qemu part)\n- Resolves: bz#1578855\n (Enable Native Ceph support on non x86_64 CPUs)\n- Resolves: bz#1585651\n (RHEL 7.6 new pseries machine type (ppc64le))\n- Resolves: bz#1592337\n ([IBM 8.0 FEAT] KVM: CPU Model z14 ZR1 (qemu-kvm))\n[2.12.0-11.el8.1]\n- Resolves: bz#1576468\n (Enable vhost_user in qemu-kvm 2.12)\n[2.12.0-11.el8]\n- Resolves: bz#1574406\n ([RHEL 8][qemu-kvm] Failed to find romfile 'efi-virtio.rom')\n- Resolves: bz#1569675\n (Backwards compatibility of pc-*-rhel7.5.0 and older machine-types)\n- Resolves: bz#1576045\n (Fix build issue by using python3)\n- Resolves: bz#1571145\n (qemu-kvm segfaults on RHEL 8 when run guestfsd under TCG)\n[2.12.0-10.el]\n- Fixing some issues with packaging.\n- Rebasing to 2.12.0-rc4\n[2.11.0-7.el8]\n- Bumping epoch for RHEL8 and dropping self-obsoleting\n[2.11.0-6.el8]\n- Rebuilding\n[2.11.0-5.el8]\n- Prepare building on RHEL-8.0\nsgabios", "edition": 2, "modified": "2020-02-17T00:00:00", "published": "2020-02-17T00:00:00", "id": "ELSA-2020-0279", "href": "http://linux.oracle.com/errata/ELSA-2020-0279.html", "title": "virt:ol security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-06-05T01:41:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-30T00:00:00", "id": "OPENVAS:1361412562310883060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883060", "type": "openvas", "title": "CentOS Update for libvirt CESA-2019:1264 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883060\");\n script_version(\"2019-06-04T07:02:10+0000\");\n script_cve_id(\"CVE-2019-10132\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 07:02:10 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-30 02:00:34 +0000 (Thu, 30 May 2019)\");\n script_name(\"CentOS Update for libvirt CESA-2019:1264 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1264\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023319.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the CESA-2019:1264 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems.\n\nSecurity Fix(es):\n\n * libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * libvirt terminates and core-dumps with SIGABRT as a result of a invalid\npointer error trying to free memory in virNWFilterBindingDefFree()\n(BZ#1702173)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-admin\", rpm:\"libvirt-admin~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-bash-completion\", rpm:\"libvirt-bash-completion~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon\", rpm:\"libvirt-daemon~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-network\", rpm:\"libvirt-daemon-config-network~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-nwfilter\", rpm:\"libvirt-daemon-config-nwfilter~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-interface\", rpm:\"libvirt-daemon-driver-interface~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-lxc\", rpm:\"libvirt-daemon-driver-lxc~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-network\", rpm:\"libvirt-daemon-driver-network~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nodedev\", rpm:\"libvirt-daemon-driver-nodedev~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nwfilter\", rpm:\"libvirt-daemon-driver-nwfilter~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-qemu\", rpm:\"libvirt-daemon-driver-qemu~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-secret\", rpm:\"libvirt-daemon-driver-secret~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage\", rpm:\"libvirt-daemon-driver-storage~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-core\", rpm:\"libvirt-daemon-driver-storage-core~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-disk\", rpm:\"libvirt-daemon-driver-storage-disk~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-gluster\", rpm:\"libvirt-daemon-driver-storage-gluster~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-iscsi\", rpm:\"libvirt-daemon-driver-storage-iscsi~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-logical\", rpm:\"libvirt-daemon-driver-storage-logical~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-mpath\", rpm:\"libvirt-daemon-driver-storage-mpath~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-rbd\", rpm:\"libvirt-daemon-driver-storage-rbd~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage-scsi\", rpm:\"libvirt-daemon-driver-storage-scsi~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-kvm\", rpm:\"libvirt-daemon-kvm~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-lxc\", rpm:\"libvirt-daemon-lxc~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-docs\", rpm:\"libvirt-docs~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-libs\", rpm:\"libvirt-libs~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-lock-sanlock\", rpm:\"libvirt-lock-sanlock~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-login-shell\", rpm:\"libvirt-login-shell~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-nss\", rpm:\"libvirt-nss~4.5.0~10.el7_6.10\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-06-21T12:43:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3886", "CVE-2019-10132"], "description": "The remote host is missing an update for the ", "modified": "2019-06-20T00:00:00", "published": "2019-06-20T00:00:00", "id": "OPENVAS:1361412562310844057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844057", "type": "openvas", "title": "Ubuntu Update for libvirt USN-4021-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844057\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-10132\", \"CVE-2019-3886\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-20 02:00:33 +0000 (Thu, 20 Jun 2019)\");\n script_name(\"Ubuntu Update for libvirt USN-4021-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04)\");\n\n script_xref(name:\"USN\", value:\"4021-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-June/004965.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the USN-4021-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Daniel P. Berrang\u00e9 discovered that libvirt incorrectly handled socket\npermissions. A local attacker could possibly use this issue to access\nlibvirt. (CVE-2019-10132)\n\nIt was discovered that libvirt incorrectly performed certain permission\nchecks. A remote attacker could possibly use this issue to access the\nguest agent and cause a denial of service. This issue only affected Ubuntu\n19.04. (CVE-2019-3886)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Ubuntu 19.04, Ubuntu 18.10.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"4.6.0-2ubuntu3.7\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"4.6.0-2ubuntu3.7\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"4.6.0-2ubuntu3.7\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"5.0.0-1ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"5.0.0-1ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libvirt0\", ver:\"5.0.0-1ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-06-05T01:40:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-05-31T00:00:00", "published": "2019-05-26T00:00:00", "id": "OPENVAS:1361412562310876422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876422", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-5f105dd2b6", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876422\");\n script_version(\"2019-05-31T13:18:49+0000\");\n script_cve_id(\"CVE-2019-10132\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-31 13:18:49 +0000 (Fri, 31 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-26 02:12:27 +0000 (Sun, 26 May 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-5f105dd2b6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-5f105dd2b6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-5f105dd2b6 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~5.1.0~6.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T14:37:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3886", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-08-15T00:00:00", "published": "2019-07-09T00:00:00", "id": "OPENVAS:1361412562310876563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876563", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-b2dfb13daf", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876563\");\n script_version(\"2019-08-15T09:18:49+0000\");\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\", \"CVE-2019-3886\", \"CVE-2019-10132\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-15 09:18:49 +0000 (Thu, 15 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-09 02:14:46 +0000 (Tue, 09 Jul 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-b2dfb13daf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b2dfb13daf\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-b2dfb13daf advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~5.1.0~9.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-15T14:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3840", "CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3886", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-08-15T00:00:00", "published": "2019-07-11T00:00:00", "id": "OPENVAS:1361412562310876565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876565", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-9210998aaa", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876565\");\n script_version(\"2019-08-15T09:18:49+0000\");\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\", \"CVE-2019-3886\", \"CVE-2019-10132\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-3840\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-15 09:18:49 +0000 (Thu, 15 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-11 02:15:42 +0000 (Thu, 11 Jul 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-9210998aaa\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-9210998aaa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-9210998aaa advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~4.7.0~5.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T02:23:41", "description": "Fix systemd socket permissions (CVE-2019-10132) The\nvirtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket &\nvirtlogd.socket units must be restarted, if currently running. This\ncan be done with a host reboot or systemctl commands.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-28T00:00:00", "title": "Fedora 30 : libvirt (2019-5f105dd2b6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:libvirt"], "id": "FEDORA_2019-5F105DD2B6.NASL", "href": "https://www.tenable.com/plugins/nessus/125426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5f105dd2b6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125426);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"FEDORA\", value:\"2019-5f105dd2b6\");\n\n script_name(english:\"Fedora 30 : libvirt (2019-5f105dd2b6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix systemd socket permissions (CVE-2019-10132) The\nvirtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket &\nvirtlogd.socket units must be restarted, if currently running. This\ncan be done with a host reboot or systemctl commands.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5f105dd2b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"libvirt-5.1.0-6.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:17:37", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-24T00:00:00", "title": "RHEL 7 : libvirt (RHSA-2019:1264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell", "p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel"], "id": "REDHAT-RHSA-2019-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/125381", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1264. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125381);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"RHSA\", value:\"2019:1264\");\n\n script_name(english:\"RHEL 7 : libvirt (RHSA-2019:1264)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10132\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1264\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-admin-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-client-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-debuginfo-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-devel-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-docs-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-libs-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.10\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-nss-4.5.0-10.el7_6.10\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:45:59", "description": "From Red Hat Security Advisory 2019:1268 :\n\nAn update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Oracle Linux 8 : virt:rhel (ELSA-2019-1268)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt"], "id": "ORACLELINUX_ELSA-2019-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/127586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1268 and \n# Oracle Linux Security Advisory ELSA-2019-1268 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127586);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"RHSA\", value:\"2019:1268\");\n\n script_name(english:\"Oracle Linux 8 : virt:rhel (ELSA-2019-1268)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1268 :\n\nAn update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008977.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected virt:rhel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:29:56", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-30T00:00:00", "title": "CentOS 7 : libvirt (CESA-2019:1264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvirt-docs", "p-cpe:/a:centos:centos:libvirt-libs", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk", "p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc", "p-cpe:/a:centos:centos:libvirt-client", "p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libvirt-daemon-driver-interface", "p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu", "p-cpe:/a:centos:centos:libvirt-lock-sanlock", "p-cpe:/a:centos:centos:libvirt-bash-completion", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage", "p-cpe:/a:centos:centos:libvirt-daemon-lxc", "p-cpe:/a:centos:centos:libvirt-daemon-driver-secret", "p-cpe:/a:centos:centos:libvirt-daemon-kvm", "p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:centos:centos:libvirt-daemon", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:centos:centos:libvirt-nss", "p-cpe:/a:centos:centos:libvirt-daemon-config-network", "p-cpe:/a:centos:centos:libvirt-admin", "p-cpe:/a:centos:centos:libvirt-login-shell", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:centos:centos:libvirt-daemon-driver-network", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev", "p-cpe:/a:centos:centos:libvirt-devel"], "id": "CENTOS_RHSA-2019-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/125552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1264 and \n# CentOS Errata and Security Advisory 2019:1264 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125552);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"RHSA\", value:\"2019:1264\");\n\n script_name(english:\"CentOS 7 : libvirt (CESA-2019:1264)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a\ninvalid pointer error trying to free memory in\nvirNWFilterBindingDefFree() (BZ# 1702173)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-May/023319.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54ce8db4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10132\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.el7_6.10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-05-23T03:49:49", "description": "An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-24T00:00:00", "title": "RHEL 8 : virt:rhel (RHSA-2019:1268)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2019-05-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:netcf-debugsource", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:hivex-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:netcf", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:supermin-debugsource", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:SLOF", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource"], "id": "REDHAT-RHSA-2019-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/125384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1268. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125384);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2019-10132\");\n script_xref(name:\"RHSA\", value:\"2019:1268\");\n\n script_name(english:\"RHEL 8 : virt:rhel (RHSA-2019:1268)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10132\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10132\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:rhel': [\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.2.module+el8.0.0+3213+f56c86d8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-bash-completion-1.4.2-4.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'seabios-1.11.1-3.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'seabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'seavgabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'sgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-2.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'SLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-debugsource / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:49:55", "description": "Security Fix(es) :\n\n - libvirt: wrong permissions in systemd admin-sock due to\n missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n - libvirt terminates and core-dumps with SIGABRT as a\n result of a invalid pointer error trying to free memory\n in virNWFilterBindingDefFree()", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-28T00:00:00", "title": "Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190523)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10132"], "modified": "2019-05-28T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libvirt-admin", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-client", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface", "p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:fermilab:scientific_linux:libvirt-devel", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell", "p-cpe:/a:fermilab:scientific_linux:libvirt", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:fermilab:scientific_linux:libvirt-libs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libvirt-bash-completion", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:fermilab:scientific_linux:libvirt-nss", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-docs"], "id": "SL_20190523_LIBVIRT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125448", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125448);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-10132\");\n\n script_name(english:\"Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190523)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - libvirt: wrong permissions in systemd admin-sock due to\n missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n - libvirt terminates and core-dumps with SIGABRT as a\n result of a invalid pointer error trying to free memory\n in virNWFilterBindingDefFree()\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=5626\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed7cca71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-debuginfo-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.10\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.el7_6.10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:51:32", "description": "Daniel P. Berrange discovered that libvirt incorrectly handled socket\npermissions. A local attacker could possibly use this issue to access\nlibvirt. (CVE-2019-10132)\n\nIt was discovered that libvirt incorrectly performed certain\npermission checks. A remote attacker could possibly use this issue to\naccess the guest agent and cause a denial of service. This issue only\naffected Ubuntu 19.04. (CVE-2019-3886).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-20T00:00:00", "title": "Ubuntu 18.10 / 19.04 : libvirt vulnerabilities (USN-4021-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3886", "CVE-2019-10132"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvirt-clients", "cpe:/o:canonical:ubuntu_linux:18.10", "p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:libvirt0"], "id": "UBUNTU_USN-4021-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126066", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4021-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126066);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-10132\", \"CVE-2019-3886\");\n script_xref(name:\"USN\", value:\"4021-1\");\n\n script_name(english:\"Ubuntu 18.10 / 19.04 : libvirt vulnerabilities (USN-4021-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel P. Berrange discovered that libvirt incorrectly handled socket\npermissions. A local attacker could possibly use this issue to access\nlibvirt. (CVE-2019-10132)\n\nIt was discovered that libvirt incorrectly performed certain\npermission checks. A remote attacker could possibly use this issue to\naccess the guest agent and cause a denial of service. This issue only\naffected Ubuntu 19.04. (CVE-2019-3886).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4021-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvirt-clients, libvirt-daemon and / or libvirt0\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libvirt-clients\", pkgver:\"4.6.0-2ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libvirt-daemon\", pkgver:\"4.6.0-2ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libvirt0\", pkgver:\"4.6.0-2ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libvirt-clients\", pkgver:\"5.0.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libvirt-daemon\", pkgver:\"5.0.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libvirt0\", pkgver:\"5.0.0-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt-clients / libvirt-daemon / libvirt0\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:59:43", "description": "The updated Advanced Virtualization module is now available for Red\nHat Enterprise Linux 8.0 Advanced Virtualization.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Advanced Virtualization module provides the user-space component\nfor running virtual machines that use KVM in environments managed by\nRed Hat products.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-13T00:00:00", "title": "RHEL 8 : Virtualization Manager (RHSA-2019:1455) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-06-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:netcf-debugsource", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:hivex-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "cpe:/a:redhat:advanced_virtualization:8::el8", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:netcf", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:supermin-debugsource", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:SLOF", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/a:redhat:advanced_virtualization:8", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource"], "id": "REDHAT-RHSA-2019-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/125872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1455. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125872);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-10132\", \"CVE-2019-11091\");\n script_xref(name:\"RHSA\", value:\"2019:1455\");\n\n script_name(english:\"RHEL 8 : Virtualization Manager (RHSA-2019:1455) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The updated Advanced Virtualization module is now available for Red\nHat Enterprise Linux 8.0 Advanced Virtualization.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Advanced Virtualization module provides the user-space component\nfor running virtual machines that use KVM in environments managed by\nRed Hat products.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* libvirt: wrong permissions in systemd admin-sock due to missing\nSocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/mds\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10132\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:advanced_virtualization:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:advanced_virtualization:8::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:8.0.0');\nif ('8.0.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:8.0.0': [\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-admin-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-admin-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-admin-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-bash-completion-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-bash-completion-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-bash-completion-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-client-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-client-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-client-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-direct-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-direct-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-direct-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.3.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-debugsource-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-debugsource-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-debugsource-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-devel-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-devel-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-devel-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-docs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-docs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-docs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-libs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-libs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-libs-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-nss-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-nss-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-nss-5.0.0-7.1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-python-debugsource-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'lua-guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-bash-completion-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Virt-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-5.0.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libvirt-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libvirt-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-libvirt-5.0.0-3.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'qemu-guest-agent-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-3.1.0-20.module+el8.0.0+3273+6bc1ee54.1', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ruby-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'seabios-1.12.0-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'seabios-bin-1.12.0-1.module+el8.0.0+3273+6bc1ee54', 'release':'8'},\n {'reference':'seavgabios-bin-1.12.0-1.module+el8.0.0+3273+6bc1ee54', 'release':'8'},\n {'reference':'sgabios-0.20170427git-2.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-2.module+el8.0.0+3273+6bc1ee54', 'release':'8', 'epoch':'1'},\n {'reference':'SLOF-20180702-3.git9b7ab2f.module+el8.0.0+3273+6bc1ee54', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8'},\n {'reference':'virt-dib-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-v2v-1.40.2-1.module+el8.0.0+3273+6bc1ee54', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:8.0.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-debugsource / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:18:41", "description": "This update for libvirt fixes the following issues :\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThese updates contain the libvirt adjustments, that pass through the\nnew 'md-clear' CPU flag (bsc#1135273).\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nSecurity issues fixed: CVE-2019-10132: Reject clients unless their UID\nmatches the server UID (bsc#1134348)\n\nNon security issues fixed: delay global firewall setup if no networks\nare running (bsc#1133229)\n\nadd systemd-container dependency to qemu and lxc drivers (bsc#1136109)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-14T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1490-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-06-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-devel", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-libs", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-nss"], "id": "SUSE_SU-2019-1490-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1490-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125922);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-10132\", \"CVE-2019-11091\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1490-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvirt fixes the following issues :\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThese updates contain the libvirt adjustments, that pass through the\nnew 'md-clear' CPU flag (bsc#1135273).\n\nFor more information on this set of vulnerabilities, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nSecurity issues fixed: CVE-2019-10132: Reject clients unless their UID\nmatches the server UID (bsc#1134348)\n\nNon security issues fixed: delay global firewall setup if no networks\nare running (bsc#1133229)\n\nadd systemd-container dependency to qemu and lxc drivers (bsc#1136109)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191490-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92e25d75\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1490=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1490=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1490=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-admin-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-admin-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-client-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-client-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-config-network-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-config-nwfilter-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-network-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-network-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-core-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-disk-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-iscsi-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-logical-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-mpath-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-scsi-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-hooks-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-lxc-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-daemon-qemu-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-debugsource-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-devel-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-libs-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-libs-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-lock-sanlock-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-lock-sanlock-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-nss-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirt-nss-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wireshark-plugin-libvirt-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wireshark-plugin-libvirt-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvirt-debugsource-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvirt-libs-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvirt-libs-debuginfo-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wireshark-plugin-libvirt-5.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wireshark-plugin-libvirt-debuginfo-5.1.0-8.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:26:08", "description": " - CVE-2019-10161: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (bz #1722463, bz\n #1720115)\n\n - CVE-2019-10166: virDomainManagedSaveDefineXML API\n exposed to readonly clients (bz #1722462, bz #1720114)\n\n - CVE-2019-10167: arbitrary command execution via\n virConnectGetDomainCapabilities API (bz #1722464, bz\n #1720117)\n\n - CVE-2019-10168: arbitrary command execution via\n virConnectBaselineHypervisorCPU and\n virConnectCompareHypervisorCPU APIs (bz #1722466, bz\n #1720118)\n\n - CVE-2019-3886: virsh domhostname command discloses guest\n hostname in readonly mode [fedora-rawhide\n\n - Failed to attache NEW rbd device to guest (bz #1672620)\n\n - PCI hostdev interface segfault (bz #1692053)\n\n----\n\nFix systemd socket permissions (CVE-2019-10132) The\nvirtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket &\nvirtlogd.socket units must be restarted, if currently running. This\ncan be done with a host reboot or systemctl commands.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "title": "Fedora 29 : libvirt (2019-9210998aaa)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3886", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:libvirt"], "id": "FEDORA_2019-9210998AAA.NASL", "href": "https://www.tenable.com/plugins/nessus/126531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-9210998aaa.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126531);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-10132\", \"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\", \"CVE-2019-3886\");\n script_xref(name:\"FEDORA\", value:\"2019-9210998aaa\");\n\n script_name(english:\"Fedora 29 : libvirt (2019-9210998aaa)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2019-10161: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (bz #1722463, bz\n #1720115)\n\n - CVE-2019-10166: virDomainManagedSaveDefineXML API\n exposed to readonly clients (bz #1722462, bz #1720114)\n\n - CVE-2019-10167: arbitrary command execution via\n virConnectGetDomainCapabilities API (bz #1722464, bz\n #1720117)\n\n - CVE-2019-10168: arbitrary command execution via\n virConnectBaselineHypervisorCPU and\n virConnectCompareHypervisorCPU APIs (bz #1722466, bz\n #1720118)\n\n - CVE-2019-3886: virsh domhostname command discloses guest\n hostname in readonly mode [fedora-rawhide\n\n - Failed to attache NEW rbd device to guest (bz #1672620)\n\n - PCI hostdev interface segfault (bz #1692053)\n\n----\n\nFix systemd socket permissions (CVE-2019-10132) The\nvirtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket &\nvirtlogd.socket units must be restarted, if currently running. This\ncan be done with a host reboot or systemctl commands.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10161\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"libvirt-4.7.0-5.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-11-10T10:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-23T19:56:11", "published": "2019-05-23T19:28:06", "id": "RHSA-2019:1268", "href": "https://access.redhat.com/errata/RHSA-2019:1268", "type": "redhat", "title": "(RHSA-2019:1268) Important: virt:rhel security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a invalid pointer error trying to free memory in virNWFilterBindingDefFree() (BZ#1702173)", "modified": "2019-05-23T19:10:36", "published": "2019-05-23T18:40:07", "id": "RHSA-2019:1264", "href": "https://access.redhat.com/errata/RHSA-2019:1264", "type": "redhat", "title": "(RHSA-2019:1264) Important: libvirt security and bug fix update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T10:20:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-10132", "CVE-2019-11091"], "description": "The Advanced Virtualization module provides the user-space component\nfor running virtual machines that use KVM in environments managed by Red\nHat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-11T17:31:31", "published": "2019-06-11T17:19:11", "id": "RHSA-2019:1455", "href": "https://access.redhat.com/errata/RHSA-2019:1455", "type": "redhat", "title": "(RHSA-2019:1455) Important: Advanced Virtualization security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:33:28", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10132"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1264\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* libvirt terminates and core-dumps with SIGABRT as a result of a invalid pointer error trying to free memory in virNWFilterBindingDefFree() (BZ#1702173)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035357.html\n\n**Affected packages:**\nlibvirt\nlibvirt-admin\nlibvirt-bash-completion\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-driver-storage-core\nlibvirt-daemon-driver-storage-disk\nlibvirt-daemon-driver-storage-gluster\nlibvirt-daemon-driver-storage-iscsi\nlibvirt-daemon-driver-storage-logical\nlibvirt-daemon-driver-storage-mpath\nlibvirt-daemon-driver-storage-rbd\nlibvirt-daemon-driver-storage-scsi\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-libs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-05-29T19:55:31", "published": "2019-05-29T19:55:31", "id": "CESA-2019:1264", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035357.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T01:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3886", "CVE-2019-10132"], "description": "Daniel P. Berrang\u00e9 discovered that libvirt incorrectly handled socket \npermissions. A local attacker could possibly use this issue to access \nlibvirt. (CVE-2019-10132)\n\nIt was discovered that libvirt incorrectly performed certain permission \nchecks. A remote attacker could possibly use this issue to access the \nguest agent and cause a denial of service. This issue only affected Ubuntu \n19.04. (CVE-2019-3886)", "edition": 2, "modified": "2019-06-19T00:00:00", "published": "2019-06-19T00:00:00", "id": "USN-4021-1", "href": "https://ubuntu.com/security/notices/USN-4021-1", "title": "libvirt vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-10132", "CVE-2019-11091"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2019-05-25T01:06:37", "published": "2019-05-25T01:06:37", "id": "FEDORA:CF8DE6049C48", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: libvirt-5.1.0-6.fc30", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-10132", "CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168", "CVE-2019-11091", "CVE-2019-3886"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2019-07-09T00:56:34", "published": "2019-07-09T00:56:34", "id": "FEDORA:761BC607A42A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: libvirt-5.1.0-9.fc30", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-10132", "CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168", "CVE-2019-11091", "CVE-2019-3840", "CVE-2019-3886"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2019-07-09T02:25:07", "published": "2019-07-09T02:25:07", "id": "FEDORA:B550461845B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: libvirt-4.7.0-5.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-10132", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10161", "CVE-2019-11091", "CVE-2018-12130"], "description": "**Issue Overview:**\n\nUncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. ([CVE-2019-11091 __](<https://access.redhat.com/security/cve/CVE-2019-11091>))\n\nModern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the &#x27;processor store buffer&#x27;. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU&#x27;s processor store buffer. ([CVE-2018-12126 __](<https://access.redhat.com/security/cve/CVE-2018-12126>))\n\nThe virConnectGetDomainCapabilities() libvirt API accepts an &quot;emulatorbin&quot; argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain&#x27;s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. ([CVE-2019-10167 __](<https://access.redhat.com/security/cve/CVE-2019-10167>))\n\nIt was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. ([CVE-2019-10166 __](<https://access.redhat.com/security/cve/CVE-2019-10166>))\n\nA vulnerability was found in libvirt &gt;= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.([CVE-2019-10132 __](<https://access.redhat.com/security/cve/CVE-2019-10132>))\n\nThe virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs accept an &quot;emulator&quot; argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain&#x27;s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. ([CVE-2019-10168 __](<https://access.redhat.com/security/cve/CVE-2019-10168>))\n\nIt was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. ([CVE-2019-10161 __](<https://access.redhat.com/security/cve/CVE-2019-10161>))\n\nMicroprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the &#x27;load port&#x27; table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. ([CVE-2018-12127 __](<https://access.redhat.com/security/cve/CVE-2018-12127>))\n\nA flaw was found in the implementation of the &quot;fill buffer&quot;, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. ([CVE-2018-12130 __](<https://access.redhat.com/security/cve/CVE-2018-12130>))\n\n \n**Affected Packages:** \n\n\nlibvirt\n\n \n**Issue Correction:** \nRun _yum update libvirt_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n libvirt-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-docs-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-config-network-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-config-nwfilter-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-network-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-nwfilter-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-nodedev-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-interface-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-secret-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-core-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-logical-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-disk-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-scsi-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-iscsi-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-mpath-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-storage-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-driver-lxc-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-daemon-lxc-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-client-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-libs-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-admin-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-bash-completion-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-login-shell-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-devel-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-nss-4.5.0-10.amzn2.12.1.aarch64 \n libvirt-debuginfo-4.5.0-10.amzn2.12.1.aarch64 \n \n i686: \n libvirt-4.5.0-10.amzn2.12.1.i686 \n libvirt-docs-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-config-network-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-config-nwfilter-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-network-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-nwfilter-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-nodedev-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-interface-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-secret-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-core-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-logical-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-disk-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-scsi-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-iscsi-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-mpath-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-storage-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-driver-lxc-4.5.0-10.amzn2.12.1.i686 \n libvirt-daemon-lxc-4.5.0-10.amzn2.12.1.i686 \n libvirt-client-4.5.0-10.amzn2.12.1.i686 \n libvirt-libs-4.5.0-10.amzn2.12.1.i686 \n libvirt-admin-4.5.0-10.amzn2.12.1.i686 \n libvirt-bash-completion-4.5.0-10.amzn2.12.1.i686 \n libvirt-login-shell-4.5.0-10.amzn2.12.1.i686 \n libvirt-devel-4.5.0-10.amzn2.12.1.i686 \n libvirt-nss-4.5.0-10.amzn2.12.1.i686 \n libvirt-debuginfo-4.5.0-10.amzn2.12.1.i686 \n \n src: \n libvirt-4.5.0-10.amzn2.12.1.src \n \n x86_64: \n libvirt-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-docs-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-config-network-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-config-nwfilter-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-network-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-nwfilter-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-nodedev-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-interface-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-secret-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-core-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-logical-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-disk-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-scsi-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-iscsi-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-mpath-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-gluster-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-rbd-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-storage-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-qemu-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-driver-lxc-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-kvm-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-daemon-lxc-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-client-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-libs-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-admin-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-bash-completion-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-login-shell-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-devel-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-lock-sanlock-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-nss-4.5.0-10.amzn2.12.1.x86_64 \n libvirt-debuginfo-4.5.0-10.amzn2.12.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-08-23T03:34:00", "published": "2019-08-23T03:34:00", "id": "ALAS2-2019-1274", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1274.html", "title": "Important: libvirt", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}