Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-2565-1.NASL
HistoryAug 31, 2018 - 12:00 a.m.

SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)

2018-08-3100:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

This update for qemu fixes the following issues :

These security issues were fixed :

CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735)

CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223)

With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885).

This non-security was fixed: Fix VirtQueue error for virtio-balloon during live migration (bsc#1020928).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2565-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(112204);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/13");

  script_cve_id("CVE-2018-11806", "CVE-2018-12617", "CVE-2018-3639");

  script_name(english:"SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for qemu fixes the following issues :

These security issues were fixed :

CVE-2018-12617: qmp_guest_file_read had an integer overflow that could
have been exploited by sending a crafted QMP command (including
guest-file-read with a large count value) to the agent via the
listening socket causing DoS (bsc#1098735)

CVE-2018-11806: Prevent heap-based buffer overflow via incoming
fragmented datagrams (bsc#1096223)

With this release the mitigations for Spectre v4 are moved the the
patches from upstream (CVE-2018-3639, bsc#1092885).

This non-security was fixed: Fix VirtQueue error for virtio-balloon
during live migration (bsc#1020928).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1020928"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1098735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11806/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12617/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-3639/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182565-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bc0344f7"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2018-1801=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2018-1801=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/31");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"qemu-block-rbd-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"qemu-block-rbd-debuginfo-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"qemu-x86-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"qemu-s390-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"qemu-s390-debuginfo-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-block-curl-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-block-curl-debuginfo-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-debugsource-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-guest-agent-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-guest-agent-debuginfo-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-kvm-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-lang-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-tools-2.3.1-33.12.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"qemu-tools-debuginfo-2.3.1-33.12.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
}
VendorProductVersionCPE
novellsuse_linuxqemup-cpe:/a:novell:suse_linux:qemu
novellsuse_linuxqemu-block-curlp-cpe:/a:novell:suse_linux:qemu-block-curl
novellsuse_linuxqemu-block-curl-debuginfop-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo
novellsuse_linuxqemu-block-rbdp-cpe:/a:novell:suse_linux:qemu-block-rbd
novellsuse_linuxqemu-block-rbd-debuginfop-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo
novellsuse_linuxqemu-debugsourcep-cpe:/a:novell:suse_linux:qemu-debugsource
novellsuse_linuxqemu-guest-agentp-cpe:/a:novell:suse_linux:qemu-guest-agent
novellsuse_linuxqemu-guest-agent-debuginfop-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo
novellsuse_linuxqemu-kvmp-cpe:/a:novell:suse_linux:qemu-kvm
novellsuse_linuxqemu-langp-cpe:/a:novell:suse_linux:qemu-lang
Rows per page:
1-10 of 161

Related

openvas 35
nessus 80
suse 5
fedora 5
zdi 1
redhat 27
ubuntucve 2
debiancve 3
osv 2
veracode 2
f5 2
prion 2
redhatcve 2
zdt 2
cve 2
packetstorm 1
exploitpack 1
exploitdb 1
oraclelinux 7
ibm 3
photon 1
kaspersky 1
centos 5
amazon 3
citrix 1
mageia 1
debian 1
virtuozzo 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2973-2)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2615-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2556-1)
2021-04-19 00:00:00
nessus
nessus
SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2650-1) (Spectre)
2018-09-10 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)
2018-10-03 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:3555-1) (Spectre)
2018-10-30 00:00:00
suse
suse
Security update for qemu (moderate)
2018-11-10 00:23:53
Security update for qemu (moderate)
2018-08-17 12:15:11
Security update for qemu (moderate)
2018-09-12 12:07:50
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28
2019-05-21 01:14:13
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
zdi
zdi
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-07 00:00:00
redhat
redhat
(RHSA-2018:2822) Important: qemu-kvm-rhev security update
2018-09-27 18:00:00
(RHSA-2018:2762) Important: qemu-kvm-ma security update
2018-09-25 17:29:48
(RHSA-2018:2887) Important: qemu-kvm-rhev security update
2018-10-09 10:53:35
ubuntucve
ubuntucve
CVE-2018-11806
2018-06-13 00:00:00
CVE-2018-12617
2018-06-21 00:00:00
debiancve
debiancve
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:00
CVE-2018-3639
2018-05-22 12:29:00
osv
osv
CVE-2018-11806
2018-06-13 16:29:01
xen - security update
2018-05-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:26:12
Integer Overflow
2020-09-21 06:24:34
f5
f5
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
prion
prion
Heap overflow
2018-06-13 16:29:00
Integer overflow
2018-06-21 18:29:00
redhatcve
redhatcve
CVE-2018-12617
2020-03-17 07:33:51
CVE-2018-11806
2019-10-31 22:26:58
zdt
zdt
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
2018-06-22 00:00:00
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
cve
cve
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:00
packetstorm
packetstorm
QEMU Guest Agent 2.12.50 Denial Of Service
2018-06-22 00:00:00
exploitpack
exploitpack
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
exploitdb
exploitdb
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2018-06-27 00:00:00
kernel security and bug fix update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
ibm
ibm
Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
2018-08-17 23:06:03
Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)
2018-08-08 04:13:55
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
centos
centos
java security update
2018-05-22 18:16:51
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:32:03
amazon
amazon
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
Important: java-1.7.0-openjdk
2018-06-08 18:32:00
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
JSON
Related for SUSE_SU-2018-2565-1.NASL
openvas35nessus80suse5fedora5zdi1redhat27ubuntucve2debiancve3osv2veracode2f52prion2redhatcve2zdt2cve2packetstorm1exploitpack1exploitdb1oraclelinux7ibm3photon1kaspersky1centos5amazon3citrix1mageia1debian1virtuozzo1