ID REDHAT-RHSA-2013-0608.NASL Type nessus Reporter Tenable Modified 2017-01-05T00:00:00
Description
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
(CVE-2012-6075)
All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0608. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(65082);
script_version("$Revision: 1.8 $");
script_cvs_date("$Date: 2017/01/05 16:17:31 $");
script_cve_id("CVE-2012-6075");
script_bugtraq_id(57420);
script_xref(name:"RHSA", value:"2013:0608");
script_name(english:"RHEL 5 : kvm (RHSA-2013:0608)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kvm packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.
KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module
built for the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way QEMU-KVM emulated the e1000 network
interface card when the host was configured to accept jumbo network
frames, and a guest using the e1000 emulated driver was not. A remote
attacker could use this flaw to crash the guest or, potentially,
execute arbitrary code with root privileges in the guest.
(CVE-2012-6075)
All users of kvm are advised to upgrade to these updated packages,
which contain backported patches to correct this issue. Note that the
procedure in the Solution section must be performed before this update
will take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2012-6075.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://rhn.redhat.com/errata/RHSA-2013-0608.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kmod-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kvm-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/08");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2013:0608";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kmod-kvm-83-262.el5_9.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kmod-kvm-debug-83-262.el5_9.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kvm-83-262.el5_9.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kvm-debuginfo-83-262.el5_9.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kvm-qemu-img-83-262.el5_9.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kvm-tools-83-262.el5_9.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc");
}
}
{"hash": "a43fb91b00fc98ba27308a719a4be03b51263afd9791ab36970af46d647b1511", "naslFamily": "Red Hat Local Security Checks", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2017-10-29T13:41:18", "viewCount": 3, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "17a68951e47e6ca2e1101c6d70d728ca", "key": "cpe"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}, {"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kvm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-tools"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 3, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "history": [{"bulletin": {"hash": "87d4b1bc78ea0c9066592c6d85fae701e034bd5868d600bc15ab69081445486d", "naslFamily": "Red Hat Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:25:29", "viewCount": 0, "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}, {"hash": "0466f00ee24ce1f276700ee6884387cf", "key": "sourceData"}], "bulletinFamily": "exploit", "history": [], "id": "REDHAT-RHSA-2013-0608.NASL", "type": "nessus", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2012-6075"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/11/08 02:15:10 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n}\n", "published": "2013-03-08T00:00:00", "pluginID": "65082", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "modified": "2014-11-08T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082"}, "lastseen": "2016-09-26T17:25:29", "edition": 1, "differentElements": ["modified", "sourceData"]}, {"bulletin": {"hash": "f2121e747eeac86e47460838a4f93ff992183e40e35f1b4c1d877d2d112cdb83", "naslFamily": "Red Hat Local Security Checks", "edition": 2, "lastseen": "2017-01-06T02:15:55", "enchantments": {}, "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "REDHAT-RHSA-2013-0608.NASL", "type": "nessus", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "viewCount": 3, "title": "RHEL 5 : kvm (RHSA-2013:0608)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2012-6075"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "published": "2013-03-08T00:00:00", "pluginID": "65082", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "modified": "2017-01-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082"}, "lastseen": "2017-01-06T02:15:55", "edition": 2, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2012-6075"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "published": "2013-03-08T00:00:00", "pluginID": "65082", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "modified": "2017-01-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082"}
{"result": {"cve": [{"id": "CVE-2012-6075", "type": "cve", "title": "CVE-2012-6075", "description": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.", "published": "2013-02-12T20:55:03", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6075", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-03T17:22:08"}], "nessus": [{"id": "ORACLELINUX_ELSA-2013-0599.NASL", "type": "nessus", "title": "Oracle Linux 5 : xen (ELSA-2013-0599)", "description": "From Red Hat Security Advisory 2013:0599 :\n\nUpdated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68774", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:36:35"}, {"id": "SL_20130307_QEMU_KVM_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64", "description": "A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "published": "2013-03-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65092", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:42:53"}, {"id": "DEBIAN_DSA-2607.NASL", "type": "nessus", "title": "Debian DSA-2607-1 : qemu-kvm - buffer overflow", "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).", "published": "2013-01-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63556", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:38:05"}, {"id": "ORACLELINUX_ELSA-2013-0608.NASL", "type": "nessus", "title": "Oracle Linux 5 : kvm (ELSA-2013-0608)", "description": "From Red Hat Security Advisory 2013:0608 :\n\nUpdated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68779", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:46:00"}, {"id": "REDHAT-RHSA-2013-0610.NASL", "type": "nessus", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2013:0610)", "description": "Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "published": "2014-11-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78951", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:34:10"}, {"id": "CENTOS_RHSA-2013-0609.NASL", "type": "nessus", "title": "CentOS 6 : qemu-kvm (CESA-2013:0609)", "description": "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "published": "2013-03-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65165", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-07-03T10:05:14"}, {"id": "CENTOS_RHSA-2013-0599.NASL", "type": "nessus", "title": "CentOS 5 : xen (CESA-2013:0599)", "description": "Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "published": "2013-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65063", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-07-03T10:03:34"}, {"id": "REDHAT-RHSA-2013-0599.NASL", "type": "nessus", "title": "RHEL 5 : xen (RHSA-2013:0599)", "description": "Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "published": "2013-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65069", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:40:44"}, {"id": "REDHAT-RHSA-2013-0609.NASL", "type": "nessus", "title": "RHEL 6 : qemu-kvm (RHSA-2013:0609)", "description": "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "published": "2013-03-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65083", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:39:28"}, {"id": "FEDORA_2013-0971.NASL", "type": "nessus", "title": "Fedora 17 : qemu-1.0.1-3.fc17 (2013-0971)", "description": "- CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-01-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64256", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-29T13:39:10"}], "openvas": [{"id": "OPENVAS:892608", "type": "openvas", "title": "Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)", "description": "It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).", "published": "2013-01-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892608", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-07-24T12:51:21"}, {"id": "OPENVAS:865240", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2013-0965", "description": "Check for the Version of qemu", "published": "2013-01-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=865240", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-07-25T10:52:06"}, {"id": "OPENVAS:1361412562310123673", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0608", "description": "Oracle Linux Local Security Checks ELSA-2013-0608", "published": "2015-10-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123673", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-07-24T12:53:02"}, {"id": "OPENVAS:1361412562310892608", "type": "openvas", "title": "Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)", "description": "It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).", "published": "2013-01-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892608", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-04-06T11:20:59"}, {"id": "OPENVAS:841288", "type": "openvas", "title": "Ubuntu Update for qemu-kvm USN-1692-1", "description": "Check for the Version of qemu-kvm", "published": "2013-01-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841288", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-01-26T11:10:27"}, {"id": "OPENVAS:1361412562310123680", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0599", "description": "Oracle Linux Local Security Checks ELSA-2013-0599", "published": "2015-10-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123680", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-07-24T12:53:10"}, {"id": "OPENVAS:870953", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2013:0609-01", "description": "Check for the Version of qemu-kvm", "published": "2013-03-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870953", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-01-23T13:10:11"}, {"id": "OPENVAS:1361412562310892619", "type": "openvas", "title": "Debian Security Advisory DSA 2619-1 (xen-qemu-dm-4.0 - buffer overflow)", "description": "A buffer overflow was found in the e1000 emulation, which could be\ntriggered when processing jumbo frames.", "published": "2013-02-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892619", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-04-06T11:22:21"}, {"id": "OPENVAS:892619", "type": "openvas", "title": "Debian Security Advisory DSA 2619-1 (xen-qemu-dm-4.0 - buffer overflow)", "description": "A buffer overflow was found in the e1000 emulation, which could be\ntriggered when processing jumbo frames.", "published": "2013-02-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892619", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-07-24T12:51:44"}, {"id": "OPENVAS:881678", "type": "openvas", "title": "CentOS Update for kmod-kvm CESA-2013:0608 centos5 ", "description": "Check for the Version of kmod-kvm", "published": "2013-03-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881678", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-02-06T13:10:43"}], "centos": [{"id": "CESA-2013:0609", "type": "centos", "title": "qemu security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0609\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019632.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-guest-agent-win32\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0609.html", "published": "2013-03-09T00:45:27", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019632.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-03T18:26:47"}, {"id": "CESA-2013:0599", "type": "centos", "title": "xen security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0599\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card\nwhen the host was configured to accept jumbo network frames, and a\nfully-virtualized guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially, execute\narbitrary code with root privileges in the guest. (CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all running\nfully-virtualized guests must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019266.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0599.html", "published": "2013-03-06T19:54:46", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019266.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-03T18:26:53"}, {"id": "CESA-2013:0608", "type": "centos", "title": "kmod, kvm security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0608\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct this issue. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019270.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019272.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0608.html", "published": "2013-03-08T00:28:36", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019270.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-10-03T18:26:32"}], "redhat": [{"id": "RHSA-2013:0599", "type": "redhat", "title": "(RHSA-2013:0599) Important: xen security update", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card\nwhen the host was configured to accept jumbo network frames, and a\nfully-virtualized guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially, execute\narbitrary code with root privileges in the guest. (CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all running\nfully-virtualized guests must be restarted for this update to take effect.\n", "published": "2013-03-06T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0599", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-09-09T07:19:59"}, {"id": "RHSA-2013:0609", "type": "redhat", "title": "(RHSA-2013:0609) Important: qemu-kvm security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "published": "2013-03-07T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0609", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-06-12T21:09:05"}, {"id": "RHSA-2013:0608", "type": "redhat", "title": "(RHSA-2013:0608) Important: kvm security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct this issue. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.\n", "published": "2013-03-07T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0608", "cvelist": ["CVE-2012-6075"], "lastseen": "2017-09-09T07:19:13"}, {"id": "RHSA-2013:0610", "type": "redhat", "title": "(RHSA-2013:0610) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which correct this issue. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2013-03-07T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0610", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-06-07T05:59:02"}, {"id": "RHSA-2013:0639", "type": "redhat", "title": "(RHSA-2013:0639) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which correct this issue. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2013-03-12T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0639", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-06-09T10:34:29"}, {"id": "RHSA-2013:0636", "type": "redhat", "title": "(RHSA-2013:0636) Important: rhev-hypervisor6 security and bug fix update", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-0292 (dbus-glib issue)\n\nCVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)\n\nCVE-2013-0338 (libxml2 issue)\n\nThis update contains the builds from the following errata:\n\novirt-node: RHBA-2013:0634\n https://rhn.redhat.com/errata/RHBA-2013-0634.html\nkernel: RHSA-2013:0630\n https://rhn.redhat.com/errata/RHSA-2013-0630.html\ndbus-glib: RHSA-2013:0568\n https://rhn.redhat.com/errata/RHSA-2013-0568.html\nlibcgroup: RHBA-2013:0560\n https://rhn.redhat.com/errata/RHBA-2013-0560.html\nvdsm: RHBA-2013:0635\n https://rhn.redhat.com/errata/RHBA-2013-0635.html\nselinux-policy: RHBA-2013:0618\n https://rhn.redhat.com/errata/RHBA-2013-0618.html\nqemu-kvm-rhev: RHSA-2013:0610\n https://rhn.redhat.com/errata/RHSA-2013-0610.html\nglusterfs: RHBA-2013:0620\n https://rhn.redhat.com/errata/RHBA-2013-0620.html\ngnutls: RHSA-2013:0588\n https://rhn.redhat.com/errata/RHSA-2013-0588.html\nipmitool: RHBA-2013:0572\n https://rhn.redhat.com/errata/RHBA-2013-0572.html\nlibxml2: RHSA-2013:0581\n https://rhn.redhat.com/errata/RHSA-2013-0581.html\nopenldap: RHBA-2013:0598\n https://rhn.redhat.com/errata/RHBA-2013-0598.html\nopenssl: RHSA-2013:0587\n https://rhn.redhat.com/errata/RHSA-2013-0587.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "published": "2013-03-13T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0636", "cvelist": ["CVE-2012-4929", "CVE-2012-6075", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0292", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-1619"], "lastseen": "2018-06-07T05:58:53"}], "oraclelinux": [{"id": "ELSA-2013-0609", "type": "oraclelinux", "title": "qemu-kvm security update", "description": "[qemu-kvm-0.12.1.2-2.355.el6_4.2]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910841]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910841]\n- Resolves: bz#910841\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-6.4.z])\n[qemu-kvm-0.12.1.2-2.355.el6_4.1]\n- kvm-Revert-e1000-no-need-auto-negotiation-if-link-was-do.patch [bz#907397]\n- Resolves: bz#907397\n (Patch 'e1000: no need auto-negotiation if link was down' may break e1000 guest)", "published": "2013-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0609.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-04T11:16:26"}, {"id": "ELSA-2013-0599", "type": "oraclelinux", "title": "xen security update", "description": "[3.0.3-142.el5_9.2]\n- e1000: discard packets that are too long if !SBP and !LPE (rhbz 910843)\n- e1000: discard oversized packets based on SBP|LPE (rhbz 910843)", "published": "2013-03-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0599.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-04T11:16:21"}, {"id": "ELSA-2013-0608", "type": "oraclelinux", "title": "kvm security update", "description": "[kvm-83-262.0.1.el5_9.1]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83-262.el5_1]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910839]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910839]\n- Resolves: bz#910839\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.9.z])", "published": "2013-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0608.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-04T11:16:18"}, {"id": "ELSA-2014-0163", "type": "oraclelinux", "title": "kvm security update", "description": "[kvm-83-266.0.1.el5_10.1]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83-266_10.1.el5]\n- KVM: x86: prevent cross page vapic_addr access (CVE-2013-6368) [bz#1032219]\n- KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) [bz#1032216]\n- Resolves: bz#1032219\n (CVE-2013-6368 kvm: cross page vapic_addr access [rhel-5.10])\n- Resolves: bz#1032216\n CVE-2013-6367 kvm: division by zero in apic_get_tmcct() [rhel-5.10.z]\n[kvm-83-266.el5]\n- Updated kversion to 2.6.18-348.4.1.el5\n- kvm-fix-l1_map-buffer-overflow.patch [bz#956511]\n- Resolves: bz#956511\n (qemu-kvm segfault in tb_invalidate_phys_page_range())\n[kvm-83-265.el5]\n- kvm-kernel-kvm-accept-unaligned-MSR_KVM_SYSTEM_TIME-writes.patch [bz#924597]\n- Resolves: bz#924597\n (RHEL.5.8.32 guest hang when installing)\n[kvm-83-264.el5]\n- kvm-kernel-KVM-Fix-for-buffer-overflow-in-handling-of-MSR_KVM_S.patch [bz#917019]\n- kvm-kernel-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-kvm_write_gue.patch [bz#917023]\n- kvm-kernel-KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch [bz#917029]\n- kvm-kernel-do-not-GP-on-unaligned-MSR_KVM_SYSTEM_TIME-write.patch [bz#bz917019]\n- Resolves: bz#917019\n (CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME [rhel-5.10])\n- Resolves: bz#917023\n (CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME [rhel-5.10])\n- Resolves: bz#917029\n (CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads [rhel-5.10])\n[kvm-83-263.el5]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910840]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910840]\n- Resolves: bz#910840\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.10])", "published": "2014-02-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0163.html", "cvelist": ["CVE-2013-1797", "CVE-2013-6368", "CVE-2013-6367", "CVE-2013-1796", "CVE-2013-1798", "CVE-2012-6075"], "lastseen": "2016-09-04T11:16:21"}], "debian": [{"id": "DSA-2608", "type": "debian", "title": "qemu -- buffer overflow", "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).\n\nFor the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-3squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu packages.", "published": "2013-01-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2608", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-02T18:20:10"}, {"id": "DSA-2607", "type": "debian", "title": "qemu-kvm -- buffer overflow", "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).\n\nFor the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze10.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu-kvm packages.", "published": "2013-01-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2607", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-02T18:31:40"}, {"id": "DSA-2619", "type": "debian", "title": "xen-qemu-dm-4.0 -- buffer overflow", "description": "A buffer overflow was found in the e1000 emulation, which could be triggered when processing jumbo frames.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 4.1.3-8 of the xen source package.\n\nWe recommend that you upgrade your xen-qemu-dm-4.0 packages.", "published": "2013-02-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2619", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-09-02T18:29:00"}], "ubuntu": [{"id": "USN-1692-1", "type": "ubuntu", "title": "QEMU vulnerability", "description": "It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.", "published": "2013-01-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1692-1/", "cvelist": ["CVE-2012-6075"], "lastseen": "2018-03-29T18:19:45"}], "xen": [{"id": "XSA-41", "type": "xen", "title": "qemu (e1000 device driver): Buffer overflow when processing large packets", "description": "#### SUMMARY AND SOURCES OF INFORMATION\nAn issue in qemu has been disclosed which we believe affects some users of Xen.\nThe Qemu project has not itself issued an advisory. More information may be available in the advisories published by the distros:\n<a href=\"https://bugzilla.redhat.com/show_bug.cgi?id=889301\">https://bugzilla.redhat.com/show_bug.cgi?id=889301</a> <a href=\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051\">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051</a>\n#### CAVEAT\nFor full and accurate information please refer to those advisories. We have not conducted a full review of the information and patches provided.\nThe rest of the information in this advisory is true to the best of our knowledge at the time of writing.\n#### IMPACT\nThe vulnerability impacts any host running HVM (Fully-Emulated) guests which are configured with an e1000 NIC (using "model=e1000") in their VIF configuration. Note that the default emulated NIC is "rtl8139" which is not vulnerable.\nIn a vulnerable configuration a hostile network packet may be able to corrupt the memory of the guest, leading to a guest DoS or remote privilege escalation.\nWe do not believe that this issue enables an attack against the host.\n", "published": "2013-01-16T14:50:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://xenbits.xen.org/xsa/advisory-41.html", "cvelist": ["CVE-2012-6075"], "lastseen": "2016-04-01T21:57:13"}], "suse": [{"id": "SUSE-SU-2014:0446-1", "type": "suse", "title": "Security update for Xen (important)", "description": "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues and some bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always obtain the page_alloc_lock and mm_rwlock in the\n same order, which allows local guest administrators to\n cause a denial of service (host deadlock). (bnc#849667)\n\n *\n\n XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n\n *\n\n XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n\n *\n\n XSA-66: CVE-2013-4361: The fbld instruction emulation\n in Xen 3.3.x through 4.3.x does not use the correct\n variable for the source effective address, which allows\n local HVM guests to obtain hypervisor stack information by\n reading the values used by the instruction. (bnc#841766)\n\n *\n\n XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n\n *\n\n XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when\n using AVX or LWP capable CPUs, does not properly clear\n previous data from registers when using an XSAVE or XRSTOR\n to extend the state components of a saved or restored vCPU\n after touching other restored extended registers, which\n allows local guest OSes to obtain sensitive information by\n reading the registers. (bnc#839596)\n\n *\n\n XSA-61: CVE-2013-4329: The xenlight library (libxl)\n in Xen 4.0.x through 4.2.x, when IOMMU is disabled,\n provides access to a busmastering-capable PCI passthrough\n device before the IOMMU setup is complete, which allows\n local HVM guest domains to gain privileges or cause a\n denial of service via a DMA instruction. (bnc#839618)\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-58: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to "deep page table\n traversal." (bnc#826882)\n\n *\n\n XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the\n XSA-45 patch is in place, does not properly maintain\n references on pages stored for deferred cleanup, which\n allows local PV guest kernels to cause a denial of service\n (premature page free and hypervisor crash) or possible gain\n privileges via unspecified vectors. (bnc#826882)\n\n *\n\n XSA-57: CVE-2013-2211: The libxenlight (libxl)\n toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak\n permissions for xenstore keys for paravirtualised and\n emulated serial console devices, which allows local guest\n administrators to modify the xenstore value via unspecified\n vectors. (bnc#823608)\n\n *\n\n XSA-56: CVE-2013-2072: Buffer overflow in the Python\n bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,\n 4.1.x, and 4.2.x allows local administrators with\n permissions to configure VCPU affinity to cause a denial of\n service (memory corruption and xend toolstack crash) and\n possibly gain privileges via a crafted cpumap. (bnc#819416)\n\n *\n\n XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n\n *\n\n XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x\n does not properly restrict the contents of a XRSTOR, which\n allows local PV guest users to cause a denial of service\n (unhandled exception and hypervisor crash) via unspecified\n vectors. (bnc#820919)\n\n *\n\n XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x,\n when running on AMD64 processors, only save/restore the\n FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an\n exception is pending, which allows one domain to determine\n portions of the state of floating point instructions of\n other domains, which can be leveraged to obtain sensitive\n information such as cryptographic keys, a similar\n vulnerability to CVE-2006-1056. NOTE: this is the\n documented behavior of AMD64 processors, but it is\n inconsistent with Intel processors in a security-relevant\n fashion that was not addressed by the kernels. (bnc#820917)\n\n *\n\n XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x\n incorrectly releases a grant reference when releasing a\n non-v1, non-transitive grant, which allows local guest\n administrators to cause a denial of service (host crash),\n obtain sensitive information, or possible have other\n impacts via unspecified vectors. (bnc#816156)\n\n *\n\n XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d\n for a bus mastering capable PCI device, does not properly\n check the source when accessing a bridge device's interrupt\n remapping table entries for MSI interrupts, which allows\n local guest domains to cause a denial of service (interrupt\n injection) via unspecified vectors. (bnc#816163)\n\n *\n\n XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n\n *\n\n XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not\n properly restrict access to IRQs, which allows local stub\n domain clients to gain access to IRQs and cause a denial of\n service via vectors related to "passed-through IRQs or PCI\n devices." (bnc#813675)\n\n *\n\n XSA-45: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to "deep page table\n traversal." (bnc#816159)\n\n *\n\n XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n\n *\n\n XSA-41: CVE-2012-6075: Buffer overflow in the\n e1000_receive function in the e1000 device driver\n (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the\n SBP and LPE flags are disabled, allows remote attackers to\n cause a denial of service (guest OS crash) and possibly\n execute arbitrary guest code via a large packet.\n (bnc#797523)\n\n *\n\n XSA-37: CVE-2013-0154: The get_page_type function in\n xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,\n allows local PV or HVM guest administrators to cause a\n denial of service (assertion failure and hypervisor crash)\n via unspecified vectors related to a hypercall. (bnc#797031)\n\n *\n\n XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen\n 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi\n for PCI passthrough, uses the same interrupt remapping\n table for the host and all guests, which allows guests to\n cause a denial of service by injecting an interrupt into\n other guests. (bnc#800275)\n\n *\n\n XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0,\n when using Intel VT-d for PCI passthrough, does not\n properly configure VT-d when supporting a device that is\n behind a legacy PCI Bridge, which allows local guests to\n cause a denial of service to other guests by injecting an\n interrupt. (bnc#794316)\n\n *\n\n XSA-31: CVE-2012-5515: The (1)\n XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,\n and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier\n allow local guest administrators to cause a denial of\n service (long loop and hang) via a crafted extent_order\n value. (bnc#789950)\n\n *\n\n XSA-30: CVE-2012-5514: The\n guest_physmap_mark_populate_on_demand function in Xen 4.2\n and earlier does not properly unlock the subject GFNs when\n checking if they are in use, which allows local guest HVM\n administrators to cause a denial of service (hang) via\n unspecified vectors. (bnc#789948)\n\n *\n\n XSA-29: CVE-2012-5513: The XENMEM_exchange handler in\n Xen 4.2 and earlier does not properly check the memory\n address, which allows local PV guest OS administrators to\n cause a denial of service (crash) or possibly gain\n privileges via unspecified vectors that overwrite memory in\n the hypervisor reserved range. (bnc#789951)\n\n *\n\n XSA-27: CVE-2012-6333: Multiple HVM control\n operations in Xen 3.4 through 4.2 allow local HVM guest OS\n administrators to cause a denial of service (physical CPU\n consumption) via a large input. (bnc#789944)\n\n *\n\n XSA-27: CVE-2012-5511: Stack-based buffer overflow in\n the dirty video RAM tracking functionality in Xen 3.4\n through 4.1 allows local HVM guest OS administrators to\n cause a denial of service (crash) via a large bitmap image.\n (bnc#789944)\n\n *\n\n XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the\n grant table version, does not properly remove the status\n page from the tracking list when freeing the page, which\n allows local guest OS administrators to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#789945)\n\n *\n\n XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n\n *\n\n XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when\n running 32-bit x86 PV guests on 64-bit hypervisors, allows\n local guest OS administrators to cause a denial of service\n (infinite loop and hang or crash) via invalid arguments to\n GNTTABOP_get_status_frames, aka "Grant table hypercall\n infinite loop DoS vulnerability." (bnc#786520)\n\n *\n\n XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying\n hypercall in Xen 4.0, 4.1, and 4.2 does not properly check\n the pagetable state when running on shadow pagetables,\n which allows a local HVM guest OS to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#786519)\n\n *\n\n XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and\n possibly earlier versions, does not properly synchronize\n the p2m and m2p tables when the set_p2m_entry function\n fails, which allows local HVM guest OS administrators to\n cause a denial of service (memory consumption and assertion\n failure), aka "Memory mapping failure DoS vulnerability."\n (bnc#786517)\n\n *\n\n XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and\n possibly earlier versions, allows local guest OS\n administrators to cause a denial of service (Xen infinite\n loop and physical CPU consumption) by setting a VCPU with\n an "inappropriate deadline." (bnc#786516)\n\n *\n\n XSA-19: CVE-2012-4411: The graphical console in Xen\n 4.0, 4.1 and 4.2 allows local OS guest administrators to\n obtain sensitive host resource information via the qemu\n monitor. NOTE: this might be a duplicate of CVE-2007-0998.\n (bnc#779212)\n\n *\n\n XSA-15: CVE-2012-3497: (1)\n TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)\n TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS\n and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in\n Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a\n denial of service (NULL pointer dereference or memory\n corruption and host crash) or possibly have other\n unspecified impacts via a NULL client id. (bnc#777890)\n\n Also the following non-security bugs have been fixed:\n\n * xen hot plug attach/detach fails modified\n blktap-pv-cdrom.patch. (bnc#805094)\n * guest "disappears" after live migration Updated\n block-dmmd script. (bnc#777628)\n\n Security Issues references:\n\n * CVE-2006-1056\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056</a>\n >\n * CVE-2007-0998\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998</a>\n >\n * CVE-2012-3497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497</a>\n >\n * CVE-2012-4411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411</a>\n >\n * CVE-2012-4535\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535</a>\n >\n * CVE-2012-4537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537</a>\n >\n * CVE-2012-4538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538</a>\n >\n * CVE-2012-4539\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539</a>\n >\n * CVE-2012-4544\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544</a>\n >\n * CVE-2012-5510\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510</a>\n >\n * CVE-2012-5511\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511</a>\n >\n * CVE-2012-5513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513</a>\n >\n * CVE-2012-5514\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514</a>\n >\n * CVE-2012-5515\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515</a>\n >\n * CVE-2012-5634\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634</a>\n >\n * CVE-2012-6075\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075</a>\n >\n * CVE-2012-6333\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333</a>\n >\n * CVE-2013-0153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153</a>\n >\n * CVE-2013-0154\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154</a>\n >\n * CVE-2013-1432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432</a>\n >\n * CVE-2013-1442\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442</a>\n >\n * CVE-2013-1917\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917</a>\n >\n * CVE-2013-1918\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918</a>\n >\n * CVE-2013-1919\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919</a>\n >\n * CVE-2013-1920\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920</a>\n >\n * CVE-2013-1952\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952</a>\n >\n * CVE-2013-1964\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964</a>\n >\n * CVE-2013-2072\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072</a>\n >\n * CVE-2013-2076\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076</a>\n >\n * CVE-2013-2077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077</a>\n >\n * CVE-2013-2194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194</a>\n >\n * CVE-2013-2195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195</a>\n >\n * CVE-2013-2196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196</a>\n >\n * CVE-2013-2211\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211</a>\n >\n * CVE-2013-2212\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212</a>\n >\n * CVE-2013-4329\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329</a>\n >\n * CVE-2013-4355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355</a>\n >\n * CVE-2013-4361\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361</a>\n >\n * CVE-2013-4368\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368</a>\n >\n * CVE-2013-4494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494</a>\n >\n * CVE-2013-4553\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553</a>\n >\n * CVE-2013-4554\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554</a>\n >\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n >\n * CVE-2014-1891\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891</a>\n >\n * CVE-2014-1892\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892</a>\n >\n * CVE-2014-1893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893</a>\n >\n * CVE-2014-1894\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894</a>\n >\n", "published": "2014-03-25T23:04:15", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", "cvelist": ["CVE-2006-1056", "CVE-2013-1920", "CVE-2013-2196", "CVE-2012-5511", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-1919", "CVE-2012-5514", "CVE-2014-1891", "CVE-2013-4368", "CVE-2012-4535", "CVE-2013-4329", "CVE-2012-4411", "CVE-2013-1917", "CVE-2012-4539", "CVE-2014-1894", "CVE-2007-0998", "CVE-2013-4554", "CVE-2013-1952", "CVE-2013-0153", "CVE-2012-5513", "CVE-2013-2072", "CVE-2014-1892", "CVE-2012-5510", "CVE-2012-3497", "CVE-2013-1432", "CVE-2013-4361", "CVE-2012-6333", "CVE-2013-2077", "CVE-2012-4537", "CVE-2012-4538", "CVE-2013-2194", "CVE-2013-1918", "CVE-2013-0154", "CVE-2013-4553", "CVE-2014-1893", "CVE-2012-4544", "CVE-2013-1964", "CVE-2013-6885", "CVE-2013-1442", "CVE-2013-2195", "CVE-2012-6075", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-2076", "CVE-2013-4494", "CVE-2013-4355"], "lastseen": "2016-09-04T11:57:19"}], "gentoo": [{"id": "GLSA-201309-24", "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nGuest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. \n\n### Workaround\n\nThe CVEs listed below do not currently have fixes, but only apply to Xen setups which have \u201ctmem\u201d specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 \n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.2.2-r1\"\n \n\nAll Xen-tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-tools-4.2.2-r3\"\n \n\nAll Xen-pvgrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-pvgrub-4.2.2-r1\"", "published": "2013-09-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201309-24", "cvelist": ["CVE-2012-2497", "CVE-2013-1920", "CVE-2013-0152", "CVE-2012-6034", "CVE-2011-3262", "CVE-2013-2196", "CVE-2012-5511", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-1919", "CVE-2012-5514", "CVE-2012-3433", "CVE-2012-3494", "CVE-2013-2078", "CVE-2012-4535", "CVE-2012-4411", "CVE-2013-1917", "CVE-2012-0217", "CVE-2012-4539", "CVE-2012-3495", "CVE-2012-3498", "CVE-2013-1952", "CVE-2013-0153", "CVE-2012-6030", "CVE-2012-0218", "CVE-2012-5513", "CVE-2012-3515", "CVE-2011-2901", "CVE-2012-5510", "CVE-2012-3497", "CVE-2013-1432", "CVE-2012-6035", "CVE-2012-6031", "CVE-2012-6033", "CVE-2012-6333", "CVE-2013-2077", "CVE-2012-4537", "CVE-2012-4538", "CVE-2013-2194", "CVE-2013-1918", "CVE-2012-5525", "CVE-2012-2934", "CVE-2013-0154", "CVE-2012-3496", "CVE-2013-1922", "CVE-2012-6032", "CVE-2012-4536", "CVE-2012-6036", "CVE-2013-1964", "CVE-2012-3432", "CVE-2013-2195", "CVE-2012-6075", "CVE-2013-2211", "CVE-2013-0215", "CVE-2012-5512", "CVE-2013-0151", "CVE-2013-2076"], "lastseen": "2016-09-06T19:46:41"}]}}
