Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-1559-1.NASL
HistoryJun 17, 2016 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)

2016-06-1700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

spice was updated to fix four security issues.

These security issues were fixed :

  • CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386).

  • CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385).

  • CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787).

  • CVE-2015-5261: Host memory access from guest using crafted images (bsc#948976).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1559-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91659);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-5260", "CVE-2015-5261", "CVE-2016-0749", "CVE-2016-2150");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"spice was updated to fix four security issues.

These security issues were fixed :

  - CVE-2016-2150: Guest escape using crafted primary
    surface parameters (bsc#982386).

  - CVE-2016-0749: Heap-based buffer overflow in smartcard
    interaction (bsc#982385).

  - CVE-2015-5260: Insufficient validation of surface_id
    parameter could have caused a crash (bsc#944787).

  - CVE-2015-5261: Host memory access from guest using
    crafted images (bsc#948976).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=944787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=948976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982385"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982386"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5260/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-5261/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-0749/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-2150/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20161559-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?267309d6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-925=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-925=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-925=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libspice-server1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libspice-server1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:spice-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libspice-server1-0.12.5-4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libspice-server1-debuginfo-0.12.5-4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"spice-debugsource-0.12.5-4.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libspice-server1-0.12.5-4.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libspice-server1-debuginfo-0.12.5-4.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"spice-debugsource-0.12.5-4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice");
}
VendorProductVersionCPE
novellsuse_linuxlibspice-server1p-cpe:/a:novell:suse_linux:libspice-server1
novellsuse_linuxlibspice-server1-debuginfop-cpe:/a:novell:suse_linux:libspice-server1-debuginfo
novellsuse_linuxspice-debugsourcep-cpe:/a:novell:suse_linux:spice-debugsource
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

openvas 31
nessus 33
gentoo 1
securityvulns 2
oraclelinux 4
centos 4
debian 5
mageia 2
veracode 4
cvelist 4
redhat 4
prion 4
debiancve 4
ibm 2
ubuntu 2
ubuntucve 4
cve 4
osv 2
fedora 12
archlinux 1
redhatcve 2
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1559-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0394)
2015-10-15 00:00:00
Debian Security Advisory DSA 3371-1 (spice - security update)
2015-10-09 00:00:00
nessus
nessus
GLSA-201606-05 : spice: Multiple vulnerabilities
2016-06-17 00:00:00
openSUSE Security Update : spice (openSUSE-2016-824)
2016-07-05 00:00:00
openSUSE Security Update : spice (openSUSE-2016-823)
2016-07-05 00:00:00
gentoo
gentoo
spice: Multiple vulnerabilities
2016-06-16 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3371-1] spice security update
2015-10-11 00:00:00
spice memory corruption
2015-10-11 00:00:00
oraclelinux
oraclelinux
spice security update
2015-10-12 00:00:00
spice-server security update
2015-10-12 00:00:00
spice security update
2016-06-06 00:00:00
centos
centos
spice security update
2015-10-13 00:01:21
spice security update
2015-10-12 23:26:07
spice security update
2016-06-07 15:09:48
debian
debian
[SECURITY] [DSA 3371-1] spice security update
2015-10-09 18:22:33
[SECURITY] [DSA 3371-1] spice security update
2015-10-09 18:22:55
[SECURITY] [DSA 3596-1] spice security update
2016-06-06 17:05:06
mageia
mageia
Updated spice packages fix security vulnerabilities
2015-10-09 21:47:39
Updated spice packages fix security vulnerabilities
2016-07-08 23:41:17
veracode
veracode
Arbitrary Code Execution
2019-05-16 01:27:03
Denial Of Service (DoS)
2019-01-15 09:07:56
Authorization Bypass
2019-05-02 05:34:32
cvelist
cvelist
CVE-2016-2150
2016-06-09 16:00:00
CVE-2015-5261
2016-06-07 14:00:00
CVE-2015-5260
2016-06-07 14:00:00
redhat
redhat
(RHSA-2015:1890) Important: spice security update
2015-10-12 00:00:00
(RHSA-2015:1889) Important: spice-server security update
2015-10-12 00:00:00
(RHSA-2016:1205) Important: spice security update
2016-06-06 15:21:54
prion
prion
Design/Logic Flaw
2016-06-09 16:59:00
Heap overflow
2016-06-07 14:06:00
Heap overflow
2016-06-07 14:06:00
debiancve
debiancve
CVE-2016-2150
2016-06-09 16:59:00
CVE-2015-5261
2016-06-07 14:06:00
CVE-2015-5260
2016-06-07 14:06:00
ibm
ibm
Security Bulletin: Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260)
2018-06-17 22:32:49
Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )
2020-07-19 00:49:12
ubuntu
ubuntu
Spice vulnerabilities
2015-10-07 00:00:00
Spice vulnerabilities
2016-06-21 00:00:00
ubuntucve
ubuntucve
CVE-2016-2150
2016-06-09 00:00:00
CVE-2015-5261
2015-10-06 00:00:00
CVE-2015-5260
2015-09-08 00:00:00
cve
cve
CVE-2016-2150
2016-06-09 16:59:00
CVE-2015-5261
2016-06-07 14:06:00
CVE-2015-5260
2016-06-07 14:06:00
osv
osv
spice - security update
2016-06-06 00:00:00
spice - security update
2016-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: spice-0.12.8-1.fc24
2016-07-20 00:26:03
[SECURITY] Fedora 23 Update: spice-0.12.8-1.fc23
2016-08-18 23:20:58
[SECURITY] Fedora 23 Update: mingw-spice-protocol-0.12.10-1.fc23
2015-10-11 16:08:04
archlinux
archlinux
spice: multiple issues
2015-10-19 00:00:00
redhatcve
redhatcve
CVE-2016-2150
2016-06-06 15:18:35
CVE-2016-0749
2016-06-06 16:18:43
JSON
Related for SUSE_SU-2016-1559-1.NASL
openvas31nessus33gentoo1securityvulns2oraclelinux4centos4debian5mageia2veracode4cvelist4redhat4prion4debiancve4ibm2ubuntu2ubuntucve4cve4osv2fedora12archlinux1redhatcve2