{"id": "REDHAT-RHSA-2017-3369.NASL", "bulletinFamily": "scanner", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests", "published": "2017-12-04T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/104987", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2017-14167", "https://access.redhat.com/errata/RHSA-2017:3369", "https://access.redhat.com/security/cve/cve-2017-15289", "https://access.redhat.com/security/cve/cve-2017-11334"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "type": "nessus", "lastseen": "2019-11-01T03:22:11", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4.X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live storage migration were not robust to an abrupt exit of the other end of the connection; the result was that live migration could fail if the source side NBD connection failed. The NBD code has been fixed to be more robust regardless of what the other side of the connection does. (BZ#1495474)", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-02-21T01:34:10", "references": [{"idList": ["ALAS-2017-934"], "type": "amazon"}, {"idList": ["SUSE-SU-2017:2924-1", "OPENSUSE-SU-2017:2941-1", "SUSE-SU-2017:3178-1", "SUSE-SU-2017:2936-1", "SUSE-SU-2017:2416-1", "OPENSUSE-SU-2017:2938-1", "OPENSUSE-SU-2017:3193-1", "OPENSUSE-SU-2017:3194-1", "SUSE-SU-2017:3115-1", "OPENSUSE-SU-2017:2513-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310843452", "OPENVAS:1361412562310851641", "OPENVAS:1361412562310891128", "OPENVAS:1361412562310812317", "OPENVAS:1361412562310882812", "OPENVAS:1361412562310843466", "OPENVAS:1361412562310891129", "OPENVAS:1361412562310851656", "OPENVAS:1361412562310882856", "OPENVAS:1361412562310851655"], "type": "openvas"}, {"idList": ["USN-3575-2", "USN-3575-1"], "type": "ubuntu"}, {"idList": ["CESA-2018:0516", "CESA-2017:3368"], "type": "centos"}, {"idList": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "type": "cve"}, {"idList": ["ELSA-2017-3368", "ELSA-2018-0816", "ELSA-2018-0516"], "type": "oraclelinux"}, {"idList": ["RHSA-2017:3474", "RHSA-2017:3369", "RHSA-2018:0516", "RHSA-2017:3470", "RHSA-2017:3473", "RHSA-2017:3466", "RHSA-2017:3368", "RHSA-2017:3472", "RHSA-2017:3471"], "type": "redhat"}, {"idList": ["CENTOS_RHSA-2018-0516.NASL", "ORACLELINUX_ELSA-2018-0516.NASL", "REDHAT-RHSA-2017-3368.NASL", "CENTOS_RHSA-2017-3368.NASL", "ALA_ALAS-2017-934.NASL", "ORACLEVM_OVMSA-2018-0025.NASL", "ORACLELINUX_ELSA-2017-3368.NASL", "EULEROS_SA-2017-1320.NASL", "EULEROS_SA-2017-1321.NASL", "SL_20171130_QEMU_KVM_ON_SL7_X.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-1129-1:759D7", "DEBIAN:DLA-1128-1:0ED63", "DEBIAN:DSA-3991-1:00D79", "DEBIAN:DSA-3925-1:00FDE"], "type": "debian"}]}, "score": {"modified": "2019-02-21T01:34:10", "value": 7.2, "vector": "NONE"}}, "hash": "c4981a1158a050b2df6788a9764a87148cee889e7d334b52e2506003b11d7fb5", "hashmap": [{"hash": "c02f690c41ae55264ec3f81daf3573c4", "key": "cpe"}, {"hash": "ccadc1001152464b76ebd349e9962e42", "key": "sourceData"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "31421fc8a2847ed2d1c621a59f93ede4", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "9a5f5faf8e9e098acf39a1e6c85250d2", "key": "references"}, {"hash": "cdc2f8babaaca386d8b0c22d9e96336f", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9aa8f5dbf23498c7d3d998889eedb75d", "key": "description"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "a8e7eb4f5984274da19e1b6852ace4d4", "key": "pluginID"}, {"hash": "749f12854ce3ae4e1b614907bdce7f8a", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104987", "id": "REDHAT-RHSA-2017-3369.NASL", "lastseen": "2019-02-21T01:34:10", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "104987", "published": "2017-12-04T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2017-14167", "https://access.redhat.com/errata/RHSA-2017:3369", "https://access.redhat.com/security/cve/cve-2017-15289", "https://access.redhat.com/security/cve/cve-2017-11334"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:56\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "type": "nessus", "viewCount": 26}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 9, "lastseen": "2019-02-21T01:34:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4.X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live storage migration were not robust to an abrupt exit of the other end of the connection; the result was that live migration could fail if the source side NBD connection failed. The NBD code has been fixed to be more robust regardless of what the other side of the connection does. (BZ#1495474)", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "0b4021285ca571bdd4cbcfba2910f91155ba8b3a85a8e9bde206b7b10baf7e98", "hashmap": [{"hash": "c02f690c41ae55264ec3f81daf3573c4", "key": "cpe"}, {"hash": "f5efee1305f0e36f0a53904b0c6cae97", "key": "references"}, {"hash": "3b33040e1ee70c0673ab567f99a67d3f", "key": "modified"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c143aa7a07e581468672afb7328795bc", "key": "sourceData"}, {"hash": "31421fc8a2847ed2d1c621a59f93ede4", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "cdc2f8babaaca386d8b0c22d9e96336f", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9aa8f5dbf23498c7d3d998889eedb75d", "key": "description"}, {"hash": "a8e7eb4f5984274da19e1b6852ace4d4", "key": "pluginID"}, {"hash": "749f12854ce3ae4e1b614907bdce7f8a", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104987", "id": "REDHAT-RHSA-2017-3369.NASL", "lastseen": "2018-07-31T04:29:37", "modified": "2018-07-30T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "104987", "published": "2017-12-04T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2017-11334.html", "http://rhn.redhat.com/errata/RHSA-2017-3369.html", "https://www.redhat.com/security/data/cve/CVE-2017-15289.html", "https://www.redhat.com/security/data/cve/CVE-2017-14167.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/30 11:55:11\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2017-3369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-11334.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-14167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-15289.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "type": "nessus", "viewCount": 26}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-31T04:29:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4.X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live storage migration were not robust to an abrupt exit of the other end of the connection; the result was that live migration could fail if the source side NBD connection failed. The NBD code has been fixed to be more robust regardless of what the other side of the connection does. (BZ#1495474)", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "c21ef4e9a36dc201dec01a8fe7ee9a0ade3dab204999b34a35501f2e0ed81814", "hashmap": [{"hash": "c02f690c41ae55264ec3f81daf3573c4", "key": "cpe"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "f5efee1305f0e36f0a53904b0c6cae97", "key": "references"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "31421fc8a2847ed2d1c621a59f93ede4", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "cdc2f8babaaca386d8b0c22d9e96336f", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9aa8f5dbf23498c7d3d998889eedb75d", "key": "description"}, {"hash": "a8e7eb4f5984274da19e1b6852ace4d4", "key": "pluginID"}, {"hash": "20aba6315db35269dd4540a667116ff8", "key": "sourceData"}, {"hash": "749f12854ce3ae4e1b614907bdce7f8a", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104987", "id": "REDHAT-RHSA-2017-3369.NASL", "lastseen": "2018-07-30T14:28:16", "modified": "2018-07-27T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "104987", "published": "2017-12-04T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2017-11334.html", "http://rhn.redhat.com/errata/RHSA-2017-3369.html", "https://www.redhat.com/security/data/cve/CVE-2017-15289.html", "https://www.redhat.com/security/data/cve/CVE-2017-14167.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2017-3369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-11334.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-14167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-15289.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "type": "nessus", "viewCount": 26}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-30T14:28:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4.X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live storage migration were not robust to an abrupt exit of the other end of the connection; the result was that live migration could fail if the source side NBD connection failed. The NBD code has been fixed to be more robust regardless of what the other side of the connection does. (BZ#1495474)", "edition": 1, "enchantments": {"score": {"modified": "2017-12-04T23:22:20", "value": 7.2}}, "hash": "1415a36d6029ffc469f5bb8a6a85a52cb6457155b55d09336b8db6fea86346b9", "hashmap": [{"hash": "c02f690c41ae55264ec3f81daf3573c4", "key": "cpe"}, {"hash": "f5efee1305f0e36f0a53904b0c6cae97", "key": "references"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "9869c122b5723798b62ebe8048ad1a4d", "key": "sourceData"}, {"hash": "31421fc8a2847ed2d1c621a59f93ede4", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "cdc2f8babaaca386d8b0c22d9e96336f", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9aa8f5dbf23498c7d3d998889eedb75d", "key": "description"}, {"hash": "a8e7eb4f5984274da19e1b6852ace4d4", "key": "pluginID"}, {"hash": "749f12854ce3ae4e1b614907bdce7f8a", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104987", "id": "REDHAT-RHSA-2017-3369.NASL", "lastseen": "2017-12-04T23:22:20", "modified": "2017-12-04T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "104987", "published": "2017-12-04T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2017-11334.html", "http://rhn.redhat.com/errata/RHSA-2017-3369.html", "https://www.redhat.com/security/data/cve/CVE-2017-15289.html", "https://www.redhat.com/security/data/cve/CVE-2017-14167.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/12/04 14:30:55 $\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_osvdb_id(161116, 164831, 167245);\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2017-3369.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-11334.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-14167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-15289.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "type": "nessus", "viewCount": 26}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-12-04T23:22:20"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "cvelist": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "description": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-10-28T21:09:32", "references": [{"idList": ["ALAS-2017-934"], "type": "amazon"}, {"idList": ["SUSE-SU-2017:2924-1", "OPENSUSE-SU-2017:2941-1", "SUSE-SU-2017:3178-1", "SUSE-SU-2017:2936-1", "SUSE-SU-2017:2416-1", "OPENSUSE-SU-2017:2938-1", "OPENSUSE-SU-2017:3193-1", "OPENSUSE-SU-2017:3194-1", "SUSE-SU-2017:3115-1", "OPENSUSE-SU-2017:2513-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310843452", "OPENVAS:1361412562310851641", "OPENVAS:1361412562310891128", "OPENVAS:1361412562310812317", "OPENVAS:1361412562310882812", "OPENVAS:1361412562310843466", "OPENVAS:1361412562310891129", "OPENVAS:1361412562310851656", "OPENVAS:1361412562310882856", "OPENVAS:1361412562310851655"], "type": "openvas"}, {"idList": ["USN-3575-2", "USN-3575-1"], "type": "ubuntu"}, {"idList": ["CESA-2018:0516", "CESA-2017:3368"], "type": "centos"}, {"idList": ["CVE-2017-11334", "CVE-2017-14167", "CVE-2017-15289"], "type": "cve"}, {"idList": ["ELSA-2017-3368", "ELSA-2018-0816", "ELSA-2018-0516"], "type": "oraclelinux"}, {"idList": ["RHSA-2017:3474", "RHSA-2017:3369", "RHSA-2018:0516", "RHSA-2017:3470", "RHSA-2017:3473", "RHSA-2017:3466", "RHSA-2017:3368", "RHSA-2017:3472", "RHSA-2017:3471"], "type": "redhat"}, {"idList": ["DEBIAN:DLA-1129-1:759D7", "DEBIAN:DLA-1128-1:0ED63", "DEBIAN:DSA-3991-1:00D79", "DEBIAN:DSA-3925-1:00FDE"], "type": "debian"}, {"idList": ["ORACLELINUX_ELSA-2018-0516.NASL", "REDHAT-RHSA-2017-3368.NASL", "CENTOS_RHSA-2017-3368.NASL", "NEWSTART_CGSL_NS-SA-2019-0005_QEMU-KVM.NASL", "ALA_ALAS-2017-934.NASL", "ORACLEVM_OVMSA-2018-0025.NASL", "ORACLELINUX_ELSA-2017-3368.NASL", "EULEROS_SA-2017-1320.NASL", "EULEROS_SA-2017-1321.NASL", "SL_20171130_QEMU_KVM_ON_SL7_X.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T21:09:32", "value": 5.9, "vector": "NONE"}}, "hash": "0317546e6280d2857d03ccb316e4e1976c0cb3131d5067b1e25ee2a23c821497", "hashmap": [{"hash": "582555b090d4dee609ea8d2108188a37", "key": "sourceData"}, {"hash": "c02f690c41ae55264ec3f81daf3573c4", "key": "cpe"}, {"hash": "242645d9d5e13438e87b93ab155d704d", "key": "reporter"}, {"hash": "31421fc8a2847ed2d1c621a59f93ede4", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "9a5f5faf8e9e098acf39a1e6c85250d2", "key": "references"}, {"hash": "cdc2f8babaaca386d8b0c22d9e96336f", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "978fd8d1e3e48375c1be83f2d170cb39", "key": "href"}, {"hash": "a8e7eb4f5984274da19e1b6852ace4d4", "key": "pluginID"}, {"hash": "d812d8509f534f2afc8f6e9d6be39dfc", "key": "description"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/104987", "id": "REDHAT-RHSA-2017-3369.NASL", "lastseen": "2019-10-28T21:09:32", "modified": "2019-10-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "104987", "published": "2017-12-04T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2017-14167", "https://access.redhat.com/errata/RHSA-2017:3369", "https://access.redhat.com/security/cve/cve-2017-15289", "https://access.redhat.com/security/cve/cve-2017-11334"], "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)", "type": "nessus", "viewCount": 26}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-10-28T21:09:32"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c02f690c41ae55264ec3f81daf3573c4"}, {"key": "cvelist", "hash": "31421fc8a2847ed2d1c621a59f93ede4"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "description", "hash": "d812d8509f534f2afc8f6e9d6be39dfc"}, {"key": "href", "hash": "978fd8d1e3e48375c1be83f2d170cb39"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "a8e7eb4f5984274da19e1b6852ace4d4"}, {"key": "published", "hash": "80582f9196482d182fd4cd47f0c2c2cf"}, {"key": "references", "hash": "9a5f5faf8e9e098acf39a1e6c85250d2"}, {"key": "reporter", "hash": "242645d9d5e13438e87b93ab155d704d"}, {"key": "sourceData", "hash": "582555b090d4dee609ea8d2108188a37"}, {"key": "title", "hash": "cdc2f8babaaca386d8b0c22d9e96336f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "879cd86251009ac36bc95b8ec3a3054033697f6a08403b907a1f0b608e6510ab", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14167", "CVE-2017-15289", "CVE-2017-11334"]}, {"type": "redhat", "idList": ["RHSA-2017:3369", "RHSA-2017:3473", "RHSA-2017:3471", "RHSA-2017:3470", "RHSA-2017:3474", "RHSA-2017:3472", "RHSA-2017:3466", "RHSA-2017:3368", "RHSA-2018:0516"]}, {"type": "amazon", "idList": ["ALAS-2017-934"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882812", "OPENVAS:1361412562310812317", "OPENVAS:1361412562310882856", "OPENVAS:1361412562310851641", "OPENVAS:1361412562310843466", "OPENVAS:1361412562310843452", "OPENVAS:1361412562310891128", "OPENVAS:1361412562310851655", "OPENVAS:1361412562310891129", "OPENVAS:1361412562310851656"]}, {"type": "nessus", "idList": ["EULEROS_SA-2017-1321.NASL", "CENTOS_RHSA-2017-3368.NASL", "NEWSTART_CGSL_NS-SA-2019-0005_QEMU-KVM.NASL", "ORACLELINUX_ELSA-2017-3368.NASL", "SL_20171130_QEMU_KVM_ON_SL7_X.NASL", "ALA_ALAS-2017-934.NASL", "REDHAT-RHSA-2017-3368.NASL", "EULEROS_SA-2017-1320.NASL", "ORACLEVM_OVMSA-2018-0025.NASL", "ORACLELINUX_ELSA-2018-0516.NASL"]}, {"type": "centos", "idList": ["CESA-2017:3368", "CESA-2018:0516"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3368", "ELSA-2018-0516", "ELSA-2018-0816"]}, {"type": "ubuntu", "idList": ["USN-3575-1", "USN-3575-2"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2941-1", "SUSE-SU-2017:2936-1", "OPENSUSE-SU-2017:3193-1", "SUSE-SU-2017:2924-1", "OPENSUSE-SU-2017:2938-1", "OPENSUSE-SU-2017:3194-1", "SUSE-SU-2017:3115-1", "SUSE-SU-2017:3178-1", "OPENSUSE-SU-2017:2513-1", "SUSE-SU-2017:3242-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1129-1:759D7", "DEBIAN:DLA-1128-1:0ED63", "DEBIAN:DSA-3925-1:00FDE", "DEBIAN:DSA-3991-1:00D79"]}], "modified": "2019-11-01T03:22:11"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-11-01T03:22:11"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104987);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3369\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat Enterprise\nVirtualization (RHEV) 4.X, Red Hat Enterprise Virtualization\nHypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access\nguests' RAM block area, is vulnerable to an OOB r/w access issue. The\ncrash can occur if a privileged user inside a guest conducts certain\nDMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas\nGarnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu\n(Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es) :\n\n* Improvements made for qemu 2.9 to the NBD code used during live\nstorage migration were not robust to an abrupt exit of the other end\nof the connection; the result was that live migration could fail if\nthe source side NBD connection failed. The NBD code has been fixed to\nbe more robust regardless of what the other side of the connection\ndoes. (BZ#1495474)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.11\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.9.0-16.el7_4.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "104987", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:16:47", "bulletinFamily": "NVD", "description": "The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.", "modified": "2018-03-16T01:29:00", "id": "CVE-2017-11334", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11334", "published": "2017-08-02T19:29:00", "title": "CVE-2017-11334", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.", "modified": "2018-09-07T10:29:00", "id": "CVE-2017-14167", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14167", "published": "2017-09-08T18:29:00", "title": "CVE-2017-14167", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:16:50", "bulletinFamily": "NVD", "description": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.", "modified": "2018-09-07T10:29:00", "id": "CVE-2017-15289", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15289", "published": "2017-10-16T18:29:00", "title": "CVE-2017-15289", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:25", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es):\n\n* Improvements made for qemu 2.9 to the NBD code used during live storage migration were not robust to an abrupt exit of the other end of the connection; the result was that live migration could fail if the source side NBD connection failed. The NBD code has been fixed to be more robust regardless of what the other side of the connection does. (BZ#1495474)", "modified": "2018-03-19T16:29:46", "published": "2017-12-01T01:14:52", "id": "RHSA-2017:3369", "href": "https://access.redhat.com/errata/RHSA-2017:3369", "type": "redhat", "title": "(RHSA-2017:3369) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es):\n\n* Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when performed after hot-unplugging a vhost network device. This update fixes the underlying code, and the VFIO device is unplugged correctly in the described circumstances. (BZ#1498141)", "modified": "2018-03-19T16:27:28", "published": "2017-12-15T02:59:05", "id": "RHSA-2017:3471", "href": "https://access.redhat.com/errata/RHSA-2017:3471", "type": "redhat", "title": "(RHSA-2017:3471) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es):\n\n* Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when performed after hot-unplugging a vhost network device. This update fixes the underlying code, and the VFIO device is unplugged correctly in the described circumstances. (BZ#1498140)", "modified": "2018-03-19T16:27:42", "published": "2017-12-15T02:59:02", "id": "RHSA-2017:3470", "href": "https://access.redhat.com/errata/RHSA-2017:3470", "type": "redhat", "title": "(RHSA-2017:3470) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:40", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es):\n\n* Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when performed after hot-unplugging a vhost network device. This update fixes the underlying code, and the VFIO device is unplugged correctly in the described circumstances. (BZ#1498139)", "modified": "2018-03-19T16:26:37", "published": "2017-12-15T02:59:15", "id": "RHSA-2017:3474", "href": "https://access.redhat.com/errata/RHSA-2017:3474", "type": "redhat", "title": "(RHSA-2017:3474) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.", "modified": "2018-03-19T16:26:57", "published": "2017-12-15T02:59:10", "id": "RHSA-2017:3473", "href": "https://access.redhat.com/errata/RHSA-2017:3473", "type": "redhat", "title": "(RHSA-2017:3473) Moderate: qemu-kvm-rhev security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\nBug Fix(es):\n\n* Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when performed after hot-unplugging a vhost network device. This update fixes the underlying code, and the VFIO device is unplugged correctly in the described circumstances. (BZ#1498135)", "modified": "2017-12-15T02:59:19", "published": "2017-12-15T02:58:02", "id": "RHSA-2017:3466", "href": "https://access.redhat.com/errata/RHSA-2017:3466", "type": "redhat", "title": "(RHSA-2017:3466) Moderate: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. (CVE-2017-7539)\n\n* Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). (CVE-2017-10664)\n\n* Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. (CVE-2017-11334)\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Alex for reporting CVE-2017-11334; Thomas Garnier (Google.com) for reporting CVE-2017-14167; and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.", "modified": "2018-03-19T16:27:17", "published": "2017-12-15T02:59:08", "id": "RHSA-2017:3472", "href": "https://access.redhat.com/errata/RHSA-2017:3472", "type": "redhat", "title": "(RHSA-2017:3472) Moderate: qemu-kvm-rhev security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.", "modified": "2018-04-12T03:32:19", "published": "2017-12-01T01:14:11", "id": "RHSA-2017:3368", "href": "https://access.redhat.com/errata/RHSA-2017:3368", "type": "redhat", "title": "(RHSA-2017:3368) Moderate: qemu-kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-07T18:22:40", "published": "2018-03-13T21:31:37", "id": "RHSA-2018:0516", "href": "https://access.redhat.com/errata/RHSA-2018:0516", "type": "redhat", "title": "(RHSA-2018:0516) Moderate: qemu-kvm security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:3368\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-December/022679.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "modified": "2017-12-06T13:15:27", "published": "2017-12-06T13:15:27", "href": "http://lists.centos.org/pipermail/centos-announce/2017-December/022679.html", "id": "CESA-2017:3368", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:0516\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-March/022798.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\n", "modified": "2018-03-14T14:47:19", "published": "2018-03-14T14:47:19", "href": "http://lists.centos.org/pipermail/centos-announce/2018-March/022798.html", "id": "CESA-2018:0516", "type": "centos", "title": "qemu security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2019-05-29T19:20:41", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nQuick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. ([CVE-2017-14167 __](<https://access.redhat.com/security/cve/CVE-2017-14167>))\n\nQuick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). ([CVE-2017-15289 __](<https://access.redhat.com/security/cve/CVE-2017-15289>))\n\n \n**Affected Packages:** \n\n\nqemu-kvm\n\n \n**Issue Correction:** \nRun _yum update qemu-kvm_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n qemu-kvm-1.5.3-141.5.amzn1.src \n \n x86_64: \n qemu-kvm-common-1.5.3-141.5.amzn1.x86_64 \n qemu-kvm-tools-1.5.3-141.5.amzn1.x86_64 \n qemu-img-1.5.3-141.5.amzn1.x86_64 \n qemu-kvm-debuginfo-1.5.3-141.5.amzn1.x86_64 \n qemu-kvm-1.5.3-141.5.amzn1.x86_64 \n \n \n", "modified": "2017-12-21T22:59:00", "published": "2017-12-21T22:59:00", "id": "ALAS-2017-934", "href": "https://alas.aws.amazon.com/ALAS-2017-934.html", "title": "Medium: qemu-kvm", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:57:41", "bulletinFamily": "scanner", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has qemu-kvm packages installed that are affected by multiple\nvulnerabilities:\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could occur\n due to an integer overflow while loading a kernel image\n during a guest boot. A user or process could use this\n flaw to potentially achieve arbitrary code execution on\n a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2019-11-02T00:00:00", "id": "NEWSTART_CGSL_NS-SA-2019-0005_QEMU-KVM.NASL", "href": "https://www.tenable.com/plugins/nessus/127149", "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 5.04 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0005)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0005. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127149);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has qemu-kvm packages installed that are affected by multiple\nvulnerabilities:\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could occur\n due to an integer overflow while loading a kernel image\n during a guest boot. A user or process could use this\n flaw to potentially achieve arbitrary code execution on\n a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0005\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qemu-kvm packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"qemu-img-1.5.3-141.el7_4.4\",\n \"qemu-kvm-1.5.3-141.el7_4.4\",\n \"qemu-kvm-common-1.5.3-141.el7_4.4\",\n \"qemu-kvm-debuginfo-1.5.3-141.el7_4.4\",\n \"qemu-kvm-tools-1.5.3-141.el7_4.4\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:04:18", "bulletinFamily": "scanner", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB\n write access issue. The issue could occur while writing\n to VGA memory via mode4and5 write functions. A\n privileged user inside guest could use this flaw to\n crash the QEMU process resulting in Denial of Serivce\n (DoS). (CVE-2017-15289)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2017-1321.NASL", "href": "https://www.tenable.com/plugins/nessus/105302", "published": "2017-12-18T00:00:00", "title": "EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105302);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2017-14167\",\n \"CVE-2017-15289\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1321)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB\n write access issue. The issue could occur while writing\n to VGA memory via mode4and5 write functions. A\n privileged user inside guest could use this flaw to\n crash the QEMU process resulting in Denial of Serivce\n (DoS). (CVE-2017-15289)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1321\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7e15361\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-141.4.h2\",\n \"qemu-kvm-1.5.3-141.4.h2\",\n \"qemu-kvm-common-1.5.3-141.4.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:16:04", "bulletinFamily": "scanner", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2017-3368.NASL", "href": "https://www.tenable.com/plugins/nessus/105057", "published": "2017-12-07T00:00:00", "title": "CentOS 7 : qemu-kvm (CESA-2017:3368)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3368 and \n# CentOS Errata and Security Advisory 2017:3368 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105057);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/10/02 15:30:21\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3368\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2017:3368)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-December/022679.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af285bb8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:04:17", "bulletinFamily": "scanner", "description": "According to the versions of the qemu-kvm package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB\n write access issue. The issue could occur while writing\n to VGA memory via mode4and5 write functions. A\n privileged user inside guest could use this flaw to\n crash the QEMU process resulting in Denial of Serivce\n (DoS). (CVE-2017-15289)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2017-1320.NASL", "href": "https://www.tenable.com/plugins/nessus/105301", "published": "2017-12-18T00:00:00", "title": "EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1320)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105301);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2017-14167\",\n \"CVE-2017-15289\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1320)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could\n occur due to an integer overflow while loading a kernel\n image during a guest boot. A user or process could use\n this flaw to potentially achieve arbitrary code\n execution on a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB\n write access issue. The issue could occur while writing\n to VGA memory via mode4and5 write functions. A\n privileged user inside guest could use this flaw to\n crash the QEMU process resulting in Denial of Serivce\n (DoS). (CVE-2017-15289)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1320\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89cbb79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-141.4.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:15:14", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2017:3368 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-3368.NASL", "href": "https://www.tenable.com/plugins/nessus/104948", "published": "2017-12-01T00:00:00", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2017-3368)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3368 and \n# Oracle Linux Security Advisory ELSA-2017-3368 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104948);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3368\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2017-3368)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:3368 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-November/007362.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:13:43", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could occur\n due to an integer overflow while loading a kernel image\n during a guest boot. A user or process could use this\n flaw to potentially achieve arbitrary code execution on\n a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)", "modified": "2019-11-02T00:00:00", "id": "SL_20171130_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104990", "published": "2017-12-04T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104990);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable\n to an OOB r/w memory access issue. The issue could occur\n due to an integer overflow while loading a kernel image\n during a guest boot. A user or process could use this\n flaw to potentially achieve arbitrary code execution on\n a host. (CVE-2017-14167)\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1712&L=scientific-linux-errata&F=&S=&P=415\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c88c21b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7_4.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:14:05", "bulletinFamily": "scanner", "description": "Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\nQuick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator\nsupport, is vulnerable to an OOB write access issue. The issue could\noccur while writing to VGA memory via mode4and5 write functions. A\nprivileged user inside guest could use this flaw to crash the QEMU\nprocess resulting in Denial of Serivce (DoS). (CVE-2017-15289)", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2017-934.NASL", "href": "https://www.tenable.com/plugins/nessus/105419", "published": "2017-12-26T00:00:00", "title": "Amazon Linux AMI : qemu-kvm (ALAS-2017-934)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-934.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105419);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"ALAS\", value:\"2017-934\");\n\n script_name(english:\"Amazon Linux AMI : qemu-kvm (ALAS-2017-934)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\nQuick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator\nsupport, is vulnerable to an OOB write access issue. The issue could\noccur while writing to VGA memory via mode4and5 write functions. A\nprivileged user inside guest could use this flaw to crash the QEMU\nprocess resulting in Denial of Serivce (DoS). (CVE-2017-15289)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-934.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update qemu-kvm' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:22:11", "bulletinFamily": "scanner", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2017-3368.NASL", "href": "https://www.tenable.com/plugins/nessus/104951", "published": "2017-12-01T00:00:00", "title": "RHEL 7 : qemu-kvm (RHSA-2017:3368)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3368. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104951);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2017:3368\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2017:3368)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access\nissue. The issue could occur due to an integer overflow while loading\na kernel image during a guest boot. A user or process could use this\nflaw to potentially achieve arbitrary code execution on a host.\n(CVE-2017-14167)\n\n* Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA\nEmulator support, is vulnerable to an OOB write access issue. The\nissue could occur while writing to VGA memory via mode4and5 write\nfunctions. A privileged user inside guest could use this flaw to crash\nthe QEMU process resulting in Denial of Serivce (DoS).\n(CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\nCVE-2017-15289.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3368\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7_4.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:16:14", "bulletinFamily": "scanner", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Qemu: cirrus: OOB access issue in mode4and5 write functions\n(CVE-2017-15289)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2018-0516.NASL", "href": "https://www.tenable.com/plugins/nessus/108343", "published": "2018-03-15T00:00:00", "title": "CentOS 6 : qemu-kvm (CESA-2018:0516)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0516 and \n# CentOS Errata and Security Advisory 2018:0516 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108343);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/02 15:30:21\");\n\n script_cve_id(\"CVE-2017-15289\");\n script_xref(name:\"RHSA\", value:\"2018:0516\");\n\n script_name(english:\"CentOS 6 : qemu-kvm (CESA-2018:0516)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* Qemu: cirrus: OOB access issue in mode4and5 write functions\n(CVE-2017-15289)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-March/022798.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc2e32ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"qemu-guest-agent-0.12.1.2-2.503.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.503.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.503.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.503.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-tools\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:59:02", "bulletinFamily": "scanner", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by a\nvulnerability:\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2019-11-02T00:00:00", "id": "NEWSTART_CGSL_NS-SA-2019-0125_QEMU-KVM.NASL", "href": "https://www.tenable.com/plugins/nessus/127374", "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : qemu-kvm Vulnerability (NS-SA-2019-0125)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0125. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127374);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\"CVE-2017-15289\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : qemu-kvm Vulnerability (NS-SA-2019-0125)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by a\nvulnerability:\n\n - Quick emulator (QEMU), compiled with the Cirrus CLGD\n 54xx VGA Emulator support, is vulnerable to an OOB write\n access issue. The issue could occur while writing to VGA\n memory via mode4and5 write functions. A privileged user\n inside guest could use this flaw to crash the QEMU\n process resulting in Denial of Serivce (DoS).\n (CVE-2017-15289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0125\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qemu-kvm packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"qemu-guest-agent-0.12.1.2-2.503.el6_9.5\",\n \"qemu-img-0.12.1.2-2.503.el6_9.5\",\n \"qemu-kvm-0.12.1.2-2.503.el6_9.5\",\n \"qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.5\",\n \"qemu-kvm-tools-0.12.1.2-2.503.el6_9.5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "description": "Check the version of qemu-img", "modified": "2019-03-08T00:00:00", "published": "2017-12-07T00:00:00", "id": "OPENVAS:1361412562310882812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882812", "title": "CentOS Update for qemu-img CESA-2017:3368 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_3368_qemu-img_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for qemu-img CESA-2017:3368 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882812\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 07:39:28 +0100 (Thu, 07 Dec 2017)\");\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-img CESA-2017:3368 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-img\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a\nfull virtualization solution for Linux on a variety of architectures.\nThe qemu-kvm package provides the user-space component for running virtual\nmachines that use KVM.\n\nSecurity Fix(es):\n\n * Quick Emulator (QEMU), compiled with the PC System Emulator with\nmultiboot feature support, is vulnerable to an OOB r/w memory access issue.\nThe issue could occur due to an integer overflow while loading a kernel\nimage during a guest boot. A user or process could use this flaw to\npotentially achieve arbitrary code execution on a host. (CVE-2017-14167)\n\n * Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator\nsupport, is vulnerable to an OOB write access issue. The issue could occur\nwhile writing to VGA memory via mode4and5 write functions. A privileged\nuser inside guest could use this flaw to crash the QEMU process resulting\nin Denial of service (DoS). (CVE-2017-15289)\n\nRed Hat would like to thank Thomas Garnier (Google.com) for reporting\nCVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289.\");\n script_tag(name:\"affected\", value:\"qemu-img on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3368\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-December/022679.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.el7_4.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~141.el7_4.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~141.el7_4.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~141.el7_4.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-12-01T00:00:00", "id": "OPENVAS:1361412562310812317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812317", "title": "RedHat Update for qemu-kvm RHSA-2017:3368-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_3368-01_qemu-kvm.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for qemu-kvm RHSA-2017:3368-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812317\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-01 12:17:09 +0100 (Fri, 01 Dec 2017)\");\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15289\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2017:3368-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full\n virtualization solution for Linux on a variety of architectures. The qemu-kvm\n package provides the user-space component for running virtual machines that use\n KVM. Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System\n Emulator with multiboot feature support, is vulnerable to an OOB r/w memory\n access issue. The issue could occur due to an integer overflow while loading a\n kernel image during a guest boot. A user or process could use this flaw to\n potentially achieve arbitrary code execution on a host. (CVE-2017-14167) * Quick\n emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is\n vulnerable to an OOB write access issue. The issue could occur while writing to\n VGA memory via mode4and5 write functions. A privileged user inside guest could\n use this flaw to crash the QEMU process resulting in Denial of service (DoS).\n (CVE-2017-15289) Red Hat would like to thank Thomas Garnier (Google.com) for\n reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting\n CVE-2017-15289.\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3368-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-November/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.el7_4.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~141.el7_4.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~141.el7_4.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~1.5.3~141.el7_4.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~141.el7_4.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "scanner", "description": "Check the version of qemu-guest-agent", "modified": "2019-03-08T00:00:00", "published": "2018-03-15T00:00:00", "id": "OPENVAS:1361412562310882856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882856", "title": "CentOS Update for qemu-guest-agent CESA-2018:0516 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0516_qemu-guest-agent_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for qemu-guest-agent CESA-2018:0516 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882856\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-15 08:46:58 +0100 (Thu, 15 Mar 2018)\");\n script_cve_id(\"CVE-2017-15289\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2018:0516 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-guest-agent\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a\nfull virtualization solution for Linux on a variety of architectures.\nThe qemu-kvm packages provide the user-space component for running virtual\nmachines that use KVM.\n\nSecurity Fix(es):\n\n * Qemu: cirrus: OOB access issue in mode4and5 write functions\n(CVE-2017-15289)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0516\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-March/022798.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.503.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.503.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.503.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.503.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2017-11-07T00:00:00", "id": "OPENVAS:1361412562310851641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851641", "title": "SuSE Update for qemu openSUSE-SU-2017:2941-1 (qemu)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_2941_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for qemu openSUSE-SU-2017:2941-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851641\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 11:05:48 +0100 (Tue, 07 Nov 2017)\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11334\",\n \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-14167\",\n \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\", \"CVE-2017-9524\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu openSUSE-SU-2017:2941-1 (qemu)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block are ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2941_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~31.9.2\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-03-06T00:00:00", "id": "OPENVAS:1361412562310843466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843466", "title": "Ubuntu Update for qemu USN-3575-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3575_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for qemu USN-3575-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843466\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-06 08:39:40 +0100 (Tue, 06 Mar 2018)\");\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\",\n \"CVE-2017-15118\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\",\n \"CVE-2017-15289\", \"CVE-2017-16845\", \"CVE-2017-17381\", \"CVE-2017-18043\",\n \"CVE-2018-5683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3575-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3575-1 fixed vulnerabilities in QEMU.\n The fix for CVE-2017-11334 caused a regression in Xen environments. This update\n removes the problematic fix pending further investigation. We apologize for the\n inconvenience. Original advisory details: It was discovered that QEMU\n incorrectly handled guest ram. A privileged attacker inside the guest could use\n this issue to cause QEMU to crash, resulting in a denial of service. This issue\n only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David\n Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged\n attacker inside the guest could use this issue to cause QEMU to crash, resulting\n in a denial of service. This issue was only addressed in Ubuntu 17.10.\n (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled\n multiboot. An attacker could use this issue to cause QEMU to crash, resulting in\n a denial of service, or possibly execute arbitrary code on the host. In the\n default installation, when QEMU is used with libvirt, attackers would be\n isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04\n LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU\n incorrectly handled VirtFS directory sharing. An attacker could use this issue\n to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake\n discovered that QEMU incorrectly handled memory in the NBD server. An attacker\n could use this issue to cause the NBD server to crash, resulting in a denial of\n service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake\n discovered that QEMU incorrectly handled certain options to the NBD server. An\n attacker could use this issue to cause the NBD server to crash, resulting in a\n denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\n LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled\n the VNC server. A remote attacker could possibly use this issue to consume\n memory, resulting in a denial of service. This issue was only addressed in\n Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly\n handled certain websockets. A remote attacker could possibly use this issue to\n consume memory, resulting in a denial of service. This issue only affected\n Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly\n handled the Cirrus VGA device. A privileged attacker inside the guest could use\n this issue to cause QEMU to crash, resulting in a denial of service.\n (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled\n certain PS2 values duri ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3575-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3575-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu\", ver:\"2.0.0+dfsg-2ubuntu1.40\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.5+dfsg-5ubuntu10.24\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310843452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843452", "title": "Ubuntu Update for qemu USN-3575-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3575_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for qemu USN-3575-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843452\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 08:46:41 +0100 (Wed, 21 Feb 2018)\");\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\",\n \"CVE-2017-15118\", \"CVE-2017-15119\", \"CVE-2017-15124\", \"CVE-2017-15268\",\n \"CVE-2017-15289\", \"CVE-2017-16845\", \"CVE-2017-17381\", \"CVE-2017-18043\",\n \"CVE-2018-5683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3575-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that QEMU incorrectly\n handled guest ram. A privileged attacker inside the guest could use this issue\n to cause QEMU to crash, resulting in a denial of service. This issue only\n affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan\n discovered that QEMU incorrectly handled the VGA device. A privileged attacker\n inside the guest could use this issue to cause QEMU to crash, resulting in a\n denial of service. This issue was only addressed in Ubuntu 17.10.\n (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled\n multiboot. An attacker could use this issue to cause QEMU to crash, resulting in\n a denial of service, or possibly execute arbitrary code on the host. In the\n default installation, when QEMU is used with libvirt, attackers would be\n isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04\n LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU\n incorrectly handled VirtFS directory sharing. An attacker could use this issue\n to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake\n discovered that QEMU incorrectly handled memory in the NBD server. An attacker\n could use this issue to cause the NBD server to crash, resulting in a denial of\n service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake\n discovered that QEMU incorrectly handled certain options to the NBD server. An\n attacker could use this issue to cause the NBD server to crash, resulting in a\n denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\n LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled\n the VNC server. A remote attacker could possibly use this issue to consume\n memory, resulting in a denial of service. This issue was only addressed in\n Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly\n handled certain websockets. A remote attacker could possibly use this issue to\n consume memory, resulting in a denial of service. This issue only affected\n Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly\n handled the Cirrus VGA device. A privileged attacker inside the guest could use\n this issue to cause QEMU to crash, resulting in a denial of service.\n (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled\n certain PS2 values during migration. An attacker could possibly use this issue\n to cause QEMU to crash, resulting in a denial of service, or possibly execute\n arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n (CVE-2017-1 ... Description truncated, for more information please check the\n Reference URL\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3575-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3575-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.39\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.10+dfsg-0ubuntu3.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-14167\n\nIncorrect validation of multiboot headers could result in the\nexecution of arbitrary code.\n\nCVE-2017-15038\n\nWhen using 9pfs qemu-kvm is vulnerable to an information\ndisclosure issue. It could occur while accessing extended attributes\nof a file due to a race condition. This could be used to disclose\nheap memory contents of the host.", "modified": "2019-03-18T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891129", "title": "Debian LTS Advisory ([SECURITY] [DLA 1129-1] qemu security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1129.nasl 14281 2019-03-18 14:53:48Z cfischer $\n#\n# Auto-generated from advisory DLA 1129-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891129\");\n script_version(\"$Revision: 14281 $\");\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15038\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1129-1] qemu security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:53:48 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u24.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-14167\n\nIncorrect validation of multiboot headers could result in the\nexecution of arbitrary code.\n\nCVE-2017-15038\n\nWhen using 9pfs qemu-kvm is vulnerable to an information\ndisclosure issue. It could occur while accessing extended attributes\nof a file due to a race condition. This could be used to disclose\nheap memory contents of the host.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:32", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests\nbased on the Quick Emulator(Qemu).\n\nCVE-2017-14167\n\nIncorrect validation of multiboot headers could result in the\nexecution of arbitrary code.\n\nCVE-2017-15038\n\nWhen using 9pfs qemu-kvm is vulnerable to an information\ndisclosure issue. It could occur while accessing extended attributes\nof a file due to a race condition. This could be used to disclose\nheap memory contents of the host.", "modified": "2019-03-18T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891128", "title": "Debian LTS Advisory ([SECURITY] [DLA 1128-1] qemu-kvm security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1128.nasl 14281 2019-03-18 14:53:48Z cfischer $\n#\n# Auto-generated from advisory DLA 1128-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891128\");\n script_version(\"$Revision: 14281 $\");\n script_cve_id(\"CVE-2017-14167\", \"CVE-2017-15038\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1128-1] qemu-kvm security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:53:48 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00008.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u24.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests\nbased on the Quick Emulator(Qemu).\n\nCVE-2017-14167\n\nIncorrect validation of multiboot headers could result in the\nexecution of arbitrary code.\n\nCVE-2017-15038\n\nWhen using 9pfs qemu-kvm is vulnerable to an information\ndisclosure issue. It could occur while accessing extended attributes\nof a file due to a race condition. This could be used to disclose\nheap memory contents of the host.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u24\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2017-12-04T00:00:00", "id": "OPENVAS:1361412562310851655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851655", "title": "SuSE Update for xen openSUSE-SU-2017:3194-1 (xen)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_3194_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for xen openSUSE-SU-2017:3194-1 (xen)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851655\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:48:14 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-15289\", \"CVE-2017-15597\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for xen openSUSE-SU-2017:3194-1 (xen)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for xen to version 4.7.4 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3194_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.4_02~11.21.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2017-12-04T00:00:00", "id": "OPENVAS:1361412562310851656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851656", "title": "SuSE Update for xen openSUSE-SU-2017:3193-1 (xen)", "type": "openvas", "sourceData": "\n###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_3193_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for xen openSUSE-SU-2017:3193-1 (xen)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851656\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:47:47 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-15289\", \"CVE-2017-15597\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for xen openSUSE-SU-2017:3193-1 (xen)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for xen to version 4.9.1 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3193_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.1_02~13.2\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "unix", "description": "[1.5.3-141.el7_4.4]\n- kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501120]\n- Resolves: bz#1501120\n (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.4.z])\n[1.5.3-141.el7_4.3]\n- kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1501294]\n- kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1501294]\n- kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1501294]\n- kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1501294]\n- kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1501294]\n- kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1501294]\n- kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1501294]\n- kvm-vga-drop-line_offset-variable.patch [bz#1501294]\n- kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501294]\n- kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501294]\n- kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501294]\n- Resolves: bz#1501294\n (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.4.z])", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ELSA-2017-3368", "href": "http://linux.oracle.com/errata/ELSA-2017-3368.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:49", "bulletinFamily": "unix", "description": "[0.12.1.2-2.503.el6_9.5]\n- kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501296]\n- Resolves: bz#1501296\n (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.9.z])", "modified": "2018-03-13T00:00:00", "published": "2018-03-13T00:00:00", "id": "ELSA-2018-0516", "href": "http://linux.oracle.com/errata/ELSA-2018-0516.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "unix", "description": "[1.5.3-156.el7]\n- kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405]\n- kvm-fix-full-frame-updates-for-VNC-clients.patch [bz#1527405]\n- kvm-vnc-update-fix.patch [bz#1527405]\n- kvm-vnc-return-directly-if-no-vnc-client-connected.patch [bz#1527405]\n- kvm-buffer-add-buffer_move_empty.patch [bz#1527405]\n- kvm-buffer-add-buffer_move.patch [bz#1527405]\n- kvm-vnc-kill-jobs-queue-buffer.patch [bz#1527405]\n- kvm-vnc-jobs-move-buffer-reset-use-new-buffer-move.patch [bz#1527405]\n- kvm-vnc-zap-dead-code.patch [bz#1527405]\n- kvm-vnc-add-vnc_width-vnc_height-helpers.patch [bz#1527405]\n- kvm-vnc-factor-out-vnc_update_server_surface.patch [bz#1527405]\n- kvm-vnc-use-vnc_-width-height-in-vnc_set_area_dirty.patch [bz#1527405]\n- kvm-vnc-only-alloc-server-surface-with-clients-connected.patch [bz#1527405]\n- kvm-ui-fix-refresh-of-VNC-server-surface.patch [bz#1527405]\n- kvm-ui-move-disconnecting-check-to-start-of-vnc_update_c.patch [bz#1527405]\n- kvm-ui-remove-redundant-indentation-in-vnc_client_update.patch [bz#1527405]\n- kvm-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch [bz#1527405]\n- kvm-ui-track-how-much-decoded-data-we-consumed-when-doin.patch [bz#1527405]\n- kvm-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch [bz#1527405]\n- kvm-ui-correctly-reset-framebuffer-update-state-after-pr.patch [bz#1527405]\n- kvm-ui-refactor-code-for-determining-if-an-update-should.patch [bz#1527405]\n- kvm-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch [bz#1527405]\n- kvm-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch [bz#1527405]\n- kvm-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch [bz#1527405]\n- kvm-ui-avoid-sign-extension-using-client-width-height.patch [bz#1527405]\n- kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch [bz#1527405]\n- kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch [bz#1518711]\n- Resolves: bz#1518711\n (CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5])\n- Resolves: bz#1527405\n (CVE-2017-15124 qemu-kvm: Qemu: memory exhaustion through framebuffer update request message in VNC server [rhel-7.5])\n[1.5.3-155.el7]\n- kvm-qdev-Fix-assert-in-PCI-address-property-when-used-by.patch [bz#1538866]\n- kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch [bz#1534691]\n- kvm-savevm-Improve-error-message-for-blocked-migration.patch [bz#1536883]\n- kvm-savevm-fail-if-migration-blockers-are-present.patch [bz#1536883]\n- Resolves: bz#1534691\n (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-7.5])\n- Resolves: bz#1536883\n ([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6)\n- Resolves: bz#1538866\n (qemu will coredump after executing info qtree)\n[1.5.3-154.el7]\n- kvm-virtio-net-validate-backend-queue-numbers-against-bu.patch [bz#1460872]\n- kvm-dump-guest-memory.py-fix-python-2-support.patch [bz#1411490]\n- kvm-qxl-add-migration-blocker-to-avoid-pre-save-assert.patch [bz#1536883]\n- Resolves: bz#1411490\n ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))\n- Resolves: bz#1460872\n (Aborted(core dumped) when booting guest with '-netdev tap....vhost=on,queues=32')\n- Resolves: bz#1536883\n ([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6)\n[1.5.3-153.el7]\n- kvm-i386-update-ssdt-misc.hex.generated.patch [bz#1411490]\n- kvm-main-loop-Acquire-main_context-lock-around-os_host_m.patch [bz#1435432 bz#1473536]\n- Resolves: bz#1411490\n ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))\n- Resolves: bz#1435432\n (Emulated ISA serial port hangs randomly when sending lots of data from guest -> host)\n- Resolves: bz#1473536\n (Hangs in serial console under qemu)\n[1.5.3-152.el7]\n- kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch [CVE-2017-5715]\n- kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [CVE-2017-5715]\n- kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch [CVE-2017-5715]\n[1.5.3-151.el7]\n- kvm-fw_cfg-remove-support-for-guest-side-data-writes.patch [bz#1411490]\n- kvm-fw_cfg-prevent-selector-key-conflict.patch [bz#1411490]\n- kvm-fw_cfg-prohibit-insertion-of-duplicate-fw_cfg-file-n.patch [bz#1411490]\n- kvm-fw_cfg-factor-out-initialization-of-FW_CFG_ID-rev.-n.patch [bz#1411490]\n- kvm-Implement-fw_cfg-DMA-interface.patch [bz#1411490]\n- kvm-fw_cfg-avoid-calculating-invalid-current-entry-point.patch [bz#1411490]\n- kvm-fw-cfg-support-writeable-blobs.patch [bz#1411490]\n- kvm-Enable-fw_cfg-DMA-interface-for-x86.patch [bz#1411490]\n- kvm-fw_cfg-unbreak-migration-compatibility.patch [bz#1411490]\n- kvm-i386-expose-fw_cfg-QEMU0002-in-SSDT.patch [bz#1411490]\n- kvm-fw_cfg-add-write-callback.patch [bz#1411490]\n- kvm-hw-misc-add-vmcoreinfo-device.patch [bz#1411490]\n- kvm-vmcoreinfo-put-it-in-the-misc-device-category.patch [bz#1411490]\n- kvm-fw_cfg-enable-DMA-if-device-vmcoreinfo.patch [bz#1411490]\n- kvm-build-sys-restrict-vmcoreinfo-to-fw_cfg-dma-capable-.patch [bz#1411490]\n- kvm-dump-Make-DumpState-and-endian-conversion-routines-a.patch [bz#1411490]\n- kvm-dump.c-Fix-memory-leak-issue-in-cleanup-processing-f.patch [bz#1411490]\n- kvm-dump-Propagate-errors-into-qmp_dump_guest_memory.patch [bz#1411490]\n- kvm-dump-Turn-some-functions-to-void-to-make-code-cleane.patch [bz#1411490]\n- kvm-dump-Fix-dump-guest-memory-termination-and-use-after.patch [bz#1411490]\n- kvm-dump-allow-target-to-set-the-page-size.patch [bz#1411490]\n- kvm-dump-allow-target-to-set-the-physical-base.patch [bz#1411490]\n- kvm-dump-guest-memory-cleanup-removing-dump_-error-clean.patch [bz#1411490]\n- kvm-dump-guest-memory-using-static-DumpState-add-DumpSta.patch [bz#1411490]\n- kvm-dump-guest-memory-add-dump_in_progress-helper-functi.patch [bz#1411490]\n- kvm-dump-guest-memory-introduce-dump_process-helper-func.patch [bz#1411490]\n- kvm-dump-guest-memory-disable-dump-when-in-INMIGRATE-sta.patch [bz#1411490]\n- kvm-DumpState-adding-total_size-and-written_size-fields.patch [bz#1411490]\n- kvm-dump-do-not-dump-non-existent-guest-memory.patch [bz#1411490]\n- kvm-dump-add-guest-ELF-note.patch [bz#1411490]\n- kvm-dump-update-phys_base-header-field-based-on-VMCOREIN.patch [bz#1411490]\n- kvm-kdump-set-vmcoreinfo-location.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-Move-constants-to-the-t.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-Make-methods-functions.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-Improve-python-3-compat.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-Cleanup-functions.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-Introduce-multi-arch-su.patch [bz#1411490]\n- kvm-Fix-typo-in-variable-name-found-and-fixed-by-codespe.patch [bz#1411490]\n- kvm-scripts-dump-guest-memory.py-add-vmcoreinfo.patch [bz#1411490]\n- kvm-dump-guest-memory.py-fix-No-symbol-vmcoreinfo_find.patch [bz#1411490]\n- kvm-dump-guest-memory.py-fix-You-can-t-do-that-without-a.patch [bz#1411490]\n- Resolves: bz#1411490\n ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))\n[1.5.3-150.el7]\n- kvm-Build-only-x86_64-packages.patch [bz#1520793]\n- Resolves: bz#1520793\n (Do not build non-x86_64 subpackages)\n[1.5.3-149.el7]\n- kvm-block-linux-aio-fix-memory-and-fd-leak.patch [bz#1491434]\n- kvm-linux-aio-Fix-laio-resource-leak.patch [bz#1491434]\n- kvm-slirp-cleanup-leftovers-from-misc.h.patch [bz#1508745]\n- kvm-Avoid-embedding-struct-mbuf-in-other-structures.patch [bz#1508745]\n- kvm-slirp-Fix-access-to-freed-memory.patch [bz#1508745]\n- kvm-slirp-fix-clearing-ifq_so-from-pending-packets.patch [bz#1508745]\n- kvm-qcow2-Prevent-backing-file-names-longer-than-1023.patch [bz#1459714]\n- kvm-qemu-img-Use-strerror-for-generic-resize-error.patch [bz#1459725]\n- kvm-qcow2-Avoid-making-the-L1-table-too-big.patch [bz#1459725]\n- Resolves: bz#1459714\n (Throw error if qemu-img rebasing backing file is too long or provide way to fix a 'too long' backing file.)\n- Resolves: bz#1459725\n (Prevent qemu-img resize from causing 'Active L1 table too large')\n- Resolves: bz#1491434\n (KVM leaks file descriptors when attaching and detaching virtio-scsi block devices)\n- Resolves: bz#1508745\n (CVE-2017-13711 qemu-kvm: Qemu: Slirp: use-after-free when sending response [rhel-7.5])\n[1.5.3-148.el7]\n- kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501121]\n- kvm-qemu-option-reject-empty-number-value.patch [bz#1417864]\n- Resolves: bz#1417864\n (Qemu-kvm starts with unspecified port)\n- Resolves: bz#1501121\n (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5])\n[1.5.3-147.el7]\n- kvm-vga-drop-line_offset-variable.patch [bz#1501295]\n- kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501295]\n- kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501295]\n- kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501295]\n- kvm-i6300esb-Fix-signed-integer-overflow.patch [bz#1470244]\n- kvm-i6300esb-fix-timer-overflow.patch [bz#1470244]\n- kvm-i6300esb-remove-muldiv64.patch [bz#1470244]\n- Resolves: bz#1470244\n (reboot leads to shutoff of qemu-kvm-vm if i6300esb-watchdog set to poweroff)\n- Resolves: bz#1501295\n (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.5])\n[1.5.3-146.el7]\n- kvm-vfio-pass-device-to-vfio_mmap_bar-and-use-it-to-set-.patch [bz#1494181]\n- kvm-hw-vfio-pci-Rename-VFIODevice-into-VFIOPCIDevice.patch [bz#1494181]\n- kvm-hw-vfio-pci-generalize-mask-unmask-to-any-IRQ-index.patch [bz#1494181]\n- kvm-hw-vfio-pci-introduce-minimalist-VFIODevice-with-fd.patch [bz#1494181]\n- kvm-hw-vfio-pci-add-type-name-and-group-fields-in-VFIODe.patch [bz#1494181]\n- kvm-hw-vfio-pci-handle-reset-at-VFIODevice.patch [bz#1494181]\n- kvm-hw-vfio-pci-Introduce-VFIORegion.patch [bz#1494181]\n- kvm-hw-vfio-pci-use-name-field-in-format-strings.patch [bz#1494181]\n- kvm-vfio-Add-sysfsdev-property-for-pci-platform.patch [bz#1494181]\n- kvm-vfio-remove-bootindex-property-from-qdev-to-qom.patch [bz#1494181]\n- kvm-vfio-pci-Handle-host-oversight.patch [bz#1494181]\n- kvm-vfio-pci-Fix-incorrect-error-message.patch [bz#1494181]\n- kvm-vfio-Wrap-VFIO_DEVICE_GET_REGION_INFO.patch [bz#1494181]\n- kvm-vfio-Generalize-region-support.patch [bz#1494181]\n- kvm-vfio-Enable-sparse-mmap-capability.patch [bz#1494181]\n- kvm-vfio-Handle-zero-length-sparse-mmap-ranges.patch [bz#1494181]\n- kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1486642]\n- kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1486642]\n- kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1486642]\n- kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1486642]\n- kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1486642]\n- kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1486642]\n- kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1486642]\n- kvm-target-i386-Add-Intel-SHA_NI-instruction-support.patch [bz#1450396]\n- kvm-target-i386-cpu-Add-new-EPYC-CPU-model.patch [bz#1450396]\n- kvm-target-i386-Enable-clflushopt-clwb-pcommit-instructi.patch [bz#1501510]\n- kvm-i386-add-Skylake-Server-cpu-model.patch [bz#1501510]\n- Resolves: bz#1450396\n (Add support for AMD EPYC processors)\n- Resolves: bz#1486642\n (CVE-2017-13672 qemu-kvm: Qemu: vga: OOB read access during display update [rhel-7.5])\n- Resolves: bz#1494181\n (Backport vGPU support to qemu-kvm)\n- Resolves: bz#1501510\n (Add Skylake-Server CPU model (qemu-kvm))\n[1.5.3-145.el7]\n- kvm-qemu-char-add-Czech-characters-to-VNC-keysyms.patch [bz#1476641]\n- kvm-qemu-char-add-missing-characters-used-in-keymaps.patch [bz#1476641]\n- kvm-qemu-char-add-cyrillic-characters-numerosign-to-VNC-.patch [bz#1476641]\n- kvm-block-ssh-Use-QemuOpts-for-runtime-options.patch [bz#1461672]\n- Resolves: bz#1461672\n (qemu-img core dumped when create external snapshot through ssh protocol without specifying image size)\n- Resolves: bz#1476641\n (ui/vnc_keysym.h is very out of date and does not correctly support many Eastern European keyboards)\n[1.5.3-144.el7]\n- kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1466463]\n- Resolves: bz#1466463\n (CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.5])\n[1.5.3-143.el7]\n- kvm-block-Limit-multiwrite-merge-downstream-only.patch [bz#1492559]\n- Resolves: bz#1492559\n (virtio-blk mutiwrite merge causes too big IO)\n[1.5.3-142.el7]\n- kvm-vnc-allow-to-connect-with-add_client-when-vnc-none.patch [bz#1435352]\n- kvm-virtio-net-dynamic-network-offloads-configuration.patch [bz#1480428]\n- kvm-Workaround-rhel6-ctrl_guest_offloads-machine-type-mi.patch [bz#1480428]\n- kvm-target-i386-Add-PKU-and-and-OSPKE-support.patch [bz#1387648]\n- Resolves: bz#1387648\n ([Intel 7.5 FEAT] Memory Protection Keys for qemu-kvm)\n- Resolves: bz#1435352\n (qemu started with '-vnc none,...' doesn't support any VNC authentication)\n- Resolves: bz#1480428\n (KVM: windows guest migration from EL6 to EL7 fails.)", "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-0816", "href": "http://linux.oracle.com/errata/ELSA-2018-0816.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:22:14", "bulletinFamily": "unix", "description": "It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334)\n\nDavid Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672)\n\nThomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167)\n\nTuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038)\n\nEric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118)\n\nEric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119)\n\nDaniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124)\n\nCarl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268)\n\nGuoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289)\n\nCyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845)\n\nIt was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381)\n\nEric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043)\n\nJiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683)", "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "id": "USN-3575-1", "href": "https://usn.ubuntu.com/3575-1/", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T19:20:58", "bulletinFamily": "unix", "description": "USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334)\n\nDavid Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672)\n\nThomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167)\n\nTuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038)\n\nEric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118)\n\nEric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119)\n\nDaniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124)\n\nCarl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268)\n\nGuoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289)\n\nCyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845)\n\nIt was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381)\n\nEric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043)\n\nJiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683)", "modified": "2018-03-05T00:00:00", "published": "2018-03-05T00:00:00", "id": "USN-3575-2", "href": "https://usn.ubuntu.com/3575-2/", "title": "QEMU regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2017-11-07T08:32:55", "bulletinFamily": "unix", "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-11-07T06:12:01", "published": "2017-11-07T06:12:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00008.html", "id": "OPENSUSE-SU-2017:2941-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T00:32:53", "bulletinFamily": "unix", "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n", "modified": "2017-11-06T21:07:59", "published": "2017-11-06T21:07:59", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00006.html", "id": "SUSE-SU-2017:2936-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-29T23:02:23", "bulletinFamily": "unix", "description": "This update for xen to version 4.9.1 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n", "modified": "2017-11-29T19:37:56", "published": "2017-11-29T19:37:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00043.html", "id": "SUSE-SU-2017:3115-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-02T21:02:30", "bulletinFamily": "unix", "description": "This update for xen to version 4.7.4 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-12-02T18:11:39", "published": "2017-12-02T18:11:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00004.html", "id": "OPENSUSE-SU-2017:3194-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-02T21:02:30", "bulletinFamily": "unix", "description": "This update for xen to version 4.9.1 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "modified": "2017-12-02T18:10:43", "published": "2017-12-02T18:10:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00003.html", "id": "OPENSUSE-SU-2017:3193-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-01T21:01:44", "bulletinFamily": "unix", "description": "This update for xen to version 4.7.4 (bsc#1027519) fixes several issues.\n\n This new feature was added:\n\n - Support migration of HVM domains larger than 1 TB\n\n These security issues were fixed:\n\n - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)\n code allowed for DoS (XSA-246)\n - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged\n guests to retain a writable mapping of freed memory leading to\n information leaks, privilege escalation or DoS (XSA-247).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063123)\n - CVE-2017-15597: A grant copy operation being done on a grant of a dying\n domain allowed a malicious guest administrator to corrupt hypervisor\n memory, allowing for DoS or potentially privilege escalation and\n information leaks (bsc#1061075).\n\n This non-security issue was fixed:\n\n - bsc#1055047: Fixed --initrd-inject option in virt-install\n\n", "modified": "2017-12-01T18:11:44", "published": "2017-12-01T18:11:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00001.html", "id": "SUSE-SU-2017:3178-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T08:32:56", "bulletinFamily": "unix", "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in Leap 15.0.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "modified": "2017-11-07T06:09:17", "published": "2017-11-07T06:09:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00007.html", "id": "OPENSUSE-SU-2017:2938-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-03T02:32:22", "bulletinFamily": "unix", "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in SLE 15 (fate#324200).\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n", "modified": "2017-11-03T00:08:15", "published": "2017-11-03T00:08:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00003.html", "id": "SUSE-SU-2017:2924-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-18T01:41:34", "bulletinFamily": "unix", "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)\n * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb\n redirection support (bsc#1047674)\n * CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)\n * CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)\n\n Following non-security issues were fixed:\n\n - Postrequire acl for setfacl\n - Prerequire shadow for groupadd\n - The recent security fix for CVE-2017-11334 adversely affects Xen.\n Include two additional patches to make sure Xen is going to be OK.\n - Pre-add group kvm for qemu-tools (bsc#1011144)\n - Fixed a few more inaccuracies in the support docs.\n - Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12\n SP3. Apply a few additional clarifications in the support docs.\n (bsc#1050268)\n - Adjust to libvdeplug-devel package naming changes.\n - Fix migration with xhci (bsc#1048296)\n - Increase VNC delay to fix missing keyboard input events (bsc#1031692)\n - Remove build dependency package iasl used for seabios\n\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "modified": "2017-09-18T00:08:38", "published": "2017-09-18T00:08:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00068.html", "id": "OPENSUSE-SU-2017:2513-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-12T00:04:50", "bulletinFamily": "unix", "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)\n * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb\n redirection support (bsc#1047674)\n * CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)\n * CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)\n\n Following non-security issues were fixed:\n\n - Postrequire acl for setfacl\n - Prerequire shadow for groupadd\n - The recent security fix for CVE-2017-11334 adversely affects Xen.\n Include two additional patches to make sure Xen is going to be OK.\n - Pre-add group kvm for qemu-tools (bsc#1011144)\n - Fixed a few more inaccuracies in the support docs.\n - Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12\n SP3. Apply a few additional clarifications in the support docs.\n (bsc#1050268)\n - Adjust to libvdeplug-devel package naming changes.\n - Fix migration with xhci (bsc#1048296)\n - Increase VNC delay to fix missing keyboard input events (bsc#1031692)\n - Remove build dependency package iasl used for seabios\n\n", "modified": "2017-09-11T21:07:22", "published": "2017-09-11T21:07:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00024.html", "id": "SUSE-SU-2017:2416-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:22", "bulletinFamily": "unix", "description": "Package : qemu-kvm\nVersion : 1.1.2+dfsg-6+deb7u24\nCVE ID : CVE-2017-14167 CVE-2017-15038\n\nMultiple vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests\nbased on the Quick Emulator(Qemu).\n\nCVE-2017-14167\n\n Incorrect validation of multiboot headers could result in the\n execution of arbitrary code.\n\nCVE-2017-15038\n\n When using 9pfs qemu-kvm is vulnerable to an information\n disclosure issue. It could occur while accessing extended attributes\n of a file due to a race condition. This could be used to disclose\n heap memory contents of the host.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.1.2+dfsg-6+deb7u24.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-10-08T16:46:05", "published": "2017-10-08T16:46:05", "id": "DEBIAN:DLA-1128-1:0ED63", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00008.html", "title": "[SECURITY] [DLA 1128-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "description": "Package : qemu\nVersion : 1.1.2+dfsg-6+deb7u24\nCVE ID : CVE-2017-14167 CVE-2017-15038\n\n\nMultiple vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-14167\n\n Incorrect validation of multiboot headers could result in the\n execution of arbitrary code.\n\nCVE-2017-15038\n\n When using 9pfs qemu-kvm is vulnerable to an information\n disclosure issue. It could occur while accessing extended attributes\n of a file due to a race condition. This could be used to disclose\n heap memory contents of the host.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.1.2+dfsg-6+deb7u24.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-10-08T20:21:00", "published": "2017-10-08T20:21:00", "id": "DEBIAN:DLA-1129-1:759D7", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00009.html", "title": "[SECURITY] [DLA 1129-1] qemu security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T14:20:55", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3925-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 04, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2017-9524 CVE-2017-10806 CVE-2017-11334\n CVE-2017-11443\nDebian Bug : 865755 869171 869173 867751 869945\n\nMultiple vulnerabilities were found in qemu, a fast processor emulator:\n\nCVE-2017-9524\n\n Denial of service in qemu-nbd server\n\nCVE-2017-10806\n\n Buffer overflow in USB redirector\n\nCVE-2017-11334\n\n Out-of-band memory access in DMA operations\n\nCVE-2017-11443\n\n Out-of-band memory access in SLIRP/DHCP\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u2.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-08-04T20:25:11", "published": "2017-08-04T20:25:11", "id": "DEBIAN:DSA-3925-1:00FDE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00187.html", "title": "[SECURITY] [DSA 3925-1] qemu security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T14:21:45", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3991-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 03, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2017-9375 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 \n CVE-2017-14167\n\nMultiple vulnerabilities were found in in qemu, a fast processor emulator:\n\nCVE-2017-9375\n\n Denial of service via memory leak in USB XHCI emulation.\n \nCVE-2017-12809\n\n Denial of service in the CDROM device drive emulation.\n\nCVE-2017-13672\n\n Denial of service in VGA display emulation.\n\nCVE-2017-13711\n\n Denial of service in SLIRP networking support.\n\nCVE-2017-14167\n\n Incorrect validation of multiboot headers could result in the\n execution of arbitrary code.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u3.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-10-03T21:33:55", "published": "2017-10-03T21:33:55", "id": "DEBIAN:DSA-3991-1:00D79", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00253.html", "title": "[SECURITY] [DSA 3991-1] qemu security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}