Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-2340-1.NASL
HistoryJan 02, 2019 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:2340-1) (Spectre)

2019-01-0200:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

This update for qemu to version 2.11.2 fixes the following issues:
Security issue fixed :

  • CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223).

  • CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082).

  • CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes :

  • bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1.

  • bsc#1094898: qemu-guest-agent service doesn’t work in version Leap 15.0.

  • bsc#1094725: virsh blockresize does not work with Xen qdisks.

  • bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2340-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(120081);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id("CVE-2018-11806", "CVE-2018-3639", "CVE-2018-7550");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:2340-1) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for qemu to version 2.11.2 fixes the following issues:
Security issue fixed :

  - CVE-2018-11806: Fix heap buffer overflow issue that can
    happen while reassembling fragmented datagrams
    (bsc#1096223).

  - CVE-2018-3639: Mitigation functionality for Speculative
    Store Bypass issue in x86 (bsc#1087082).

  - CVE-2018-7550: Fix out of bounds read and write memory
    access, potentially leading to code execution
    (bsc#1083291) Bug fixes :

  - bsc#1091695: SEV guest will not lauchh with
    qemu-system-x86_64 version 2.11.1.

  - bsc#1094898: qemu-guest-agent service doesn't work in
    version Leap 15.0.

  - bsc#1094725: `virsh blockresize` does not work with Xen
    qdisks.

  - bsc#1094913: QEMU crashes when starting a guest with
    more than 7.999TB.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083291"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1087082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094725"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11806/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-3639/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7550/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182340-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?719c7d19"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
patch SUSE-SLE-Module-Server-Applications-15-2018-1577=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2018-1577=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11806");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-kvm-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-lang-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-2.11.2-9.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
}
VendorProductVersionCPE
novellsuse_linuxqemup-cpe:/a:novell:suse_linux:qemu
novellsuse_linuxqemu-block-curlp-cpe:/a:novell:suse_linux:qemu-block-curl
novellsuse_linuxqemu-block-curl-debuginfop-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo
novellsuse_linuxqemu-block-iscsip-cpe:/a:novell:suse_linux:qemu-block-iscsi
novellsuse_linuxqemu-block-iscsi-debuginfop-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo
novellsuse_linuxqemu-block-rbdp-cpe:/a:novell:suse_linux:qemu-block-rbd
novellsuse_linuxqemu-block-rbd-debuginfop-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo
novellsuse_linuxqemu-block-sshp-cpe:/a:novell:suse_linux:qemu-block-ssh
novellsuse_linuxqemu-block-ssh-debuginfop-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo
novellsuse_linuxqemu-debuginfop-cpe:/a:novell:suse_linux:qemu-debuginfo
Rows per page:
1-10 of 221

Related

openvas 27
nessus 76
suse 5
amazon 2
oraclelinux 4
redhat 36
centos 6
fedora 5
osv 4
debiancve 3
ubuntucve 3
prion 2
cve 2
zdi 1
redhatcve 2
debian 3
veracode 2
f5 2
citrix 1
ibm 4
virtuozzo 2
mageia 1
almalinux 1
threatpost 1
slackware 1
alpinelinux 1
ubuntu 2
openvas
openvas
openSUSE: Security Advisory for qemu (openSUSE-SU-2018:2402-1)
2018-10-26 00:00:00
CentOS Update for qemu-img CESA-2018:2462 centos7
2018-08-21 00:00:00
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1313)
2020-01-23 00:00:00
nessus
nessus
openSUSE Security Update : qemu (openSUSE-2018-894) (Spectre)
2018-08-20 00:00:00
openSUSE Security Update : qemu (openSUSE-2019-620) (Spectre)
2019-03-27 00:00:00
CentOS 7 : qemu-kvm (CESA-2018:2462)
2018-08-21 00:00:00
suse
suse
Security update for qemu (moderate)
2018-08-17 12:15:11
Security update for qemu (moderate)
2018-11-10 00:23:53
Security update for libvirt (moderate)
2018-08-13 12:07:25
amazon
amazon
Important: qemu-kvm
2018-09-05 19:33:00
Important: qemu-kvm
2018-09-12 22:19:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2018-08-16 00:00:00
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
redhat
redhat
(RHSA-2018:2462) Important: qemu-kvm security and bug fix update
2018-08-16 12:48:04
(RHSA-2018:1646) Important: qemu-kvm-rhev security update
2018-05-21 23:35:23
(RHSA-2018:1644) Important: qemu-kvm-rhev security update
2018-05-21 23:35:00
centos
centos
qemu security update
2018-08-21 01:08:04
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:32:03
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
osv
osv
CVE-2018-7550
2018-03-01 17:29:00
qemu-kvm - security update
2018-04-17 00:00:00
CVE-2018-11806
2018-06-13 16:29:01
debiancve
debiancve
CVE-2018-7550
2018-03-01 17:29:00
CVE-2018-11806
2018-06-13 16:29:00
CVE-2018-3639
2018-05-22 12:29:00
ubuntucve
ubuntucve
CVE-2018-7550
2018-03-01 00:00:00
CVE-2018-11806
2018-06-13 00:00:00
CVE-2018-3639
2018-05-21 00:00:00
prion
prion
Out-of-bounds
2018-03-01 17:29:00
Heap overflow
2018-06-13 16:29:00
cve
cve
CVE-2018-7550
2018-03-01 17:29:00
CVE-2018-11806
2018-06-13 16:29:00
zdi
zdi
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-07 00:00:00
redhatcve
redhatcve
CVE-2018-7550
2020-04-01 13:59:46
CVE-2018-11806
2019-10-31 22:26:58
debian
debian
[SECURITY] [DLA 1350-1] qemu-kvm security update
2018-04-17 14:17:19
[SECURITY] [DLA 1351-1] qemu security update
2018-04-17 14:48:41
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:26:12
Memory Corruption
2019-01-15 09:23:14
f5
f5
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
ibm
ibm
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM
2018-12-19 20:55:02
Security Bulletin: IBM Resilient recommends the underlying operating system on Resilient servers be upgraded in response to the vulnerabilities known as SpectreNG (CVE-2018-3639)
2021-04-19 21:33:34
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-05-23 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-07-27 21:57:40
alpinelinux
alpinelinux
CVE-2018-3639
2018-05-22 12:29:00
ubuntu
ubuntu
Linux kernel vulnerability
2018-05-22 00:00:00
QEMU update
2018-05-21 00:00:00
JSON
Related for SUSE_SU-2018-2340-1.NASL
openvas27nessus76suse5amazon2oraclelinux4redhat36centos6fedora5osv4debiancve3ubuntucve3prion2cve2zdi1redhatcve2debian3veracode2f52citrix1ibm4virtuozzo2mageia1almalinux1threatpost1slackware1alpinelinux1ubuntu2