ID OPENVAS:1361412562310106915 Type openvas Reporter This script is Copyright (C) 2017 Greenbone Networks GmbH Modified 2018-10-10T00:00:00
Description
A number of security issues have been identified within Citrix XenServer.
These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues
have the identifiers:
CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.
CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.
CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.
CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.
CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.
CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_xenserver_ctx224740.nasl 11816 2018-10-10 10:42:56Z mmartin $
#
# Citrix XenServer Multiple Security Updates (CTX224740)
#
# Authors:
# Christian Kuersteiner <christian.kuersteiner@greenbone.net>
#
# Copyright:
# Copyright (c) 2017 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:citrix:xenserver";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106915");
script_version("$Revision: 11816 $");
script_tag(name:"last_modification", value:"$Date: 2018-10-10 12:42:56 +0200 (Wed, 10 Oct 2018) $");
script_tag(name:"creation_date", value:"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915",
"CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Citrix XenServer Multiple Security Updates (CTX224740)");
script_category(ACT_GATHER_INFO);
script_copyright("This script is Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Citrix Xenserver Local Security Checks");
script_dependencies("gb_xenserver_version.nasl");
script_mandatory_keys("xenserver/product_version", "xenserver/patches");
script_tag(name:"summary", value:"A number of security issues have been identified within Citrix XenServer.
These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues
have the identifiers:
- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.
- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.
- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.
- CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.
- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.
- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.
- CVE-2017-10911 (Low): blkif responses leak backend stack data.");
script_tag(name:"vuldetect", value:"Check the installed hotfixes.");
script_tag(name:"affected", value:"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.");
script_tag(name:"solution", value:"Apply the hotfix referenced in the advisory.");
script_xref(name:"URL", value:"https://support.citrix.com/article/CTX224740");
exit(0);
}
include("citrix_version_func.inc");
include("host_details.inc");
include("misc_func.inc");
if (!version = get_app_version(cpe: CPE))
exit(0);
if (!hotfixes = get_kb_item("xenserver/patches"))
exit(0);
patches = make_array();
patches['7.2.0'] = make_list('XS72E001', 'XS72E002');
patches['7.1.0'] = make_list('XS71E011', 'XS71E012');
patches['7.0.0'] = make_list('XS70E035', 'XS70E036');
patches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');
patches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');
patches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');
report_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);
exit(99);
{"id": "OPENVAS:1361412562310106915", "bulletinFamily": "scanner", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n - CVE-2017-10911 (Low): blkif responses leak backend stack data.", "published": "2017-06-30T00:00:00", "modified": "2018-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://support.citrix.com/article/CTX224740"], "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "type": "openvas", "lastseen": "2018-10-11T12:33:38", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d0869005f56eca76d7108be8dc8c1d23c3cde1c1e7c3534b33ae148c4a05c91a", "hashmap": [{"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "c57caa13a9dffde9eebc944d367434c5", "key": "modified"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "04430eef634a647ddb2b35bc74351297", "key": "description"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "7a2353f27d3520063b7c276267163033", "key": "title"}, {"hash": "1713e064df470431171d23a85825cd70", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "68329dcee675f8a97d8a5072c623e0eb", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2017-08-31T16:25:10", "modified": "2017-08-16T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6928 2017-08-16 02:41:07Z ckuersteiner $\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6928 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-16 04:41:07 +0200 (Wed, 16 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "type": "openvas", "viewCount": 4}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2017-08-31T16:25:10"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-TBA (High): Grant table operations mishandle reference counts.\n\n- CVE-TBA (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-TBA (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-TBA (Medium): Races in the grant table unmap code.\n\n- CVE-TBA (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-TBA (Medium): NULL pointer deref in event channel poll.\n\n- CVE-TBA (Low): blkif responses leak backend stack data.", "edition": 1, "enchantments": {}, "hash": "d2a8a9ddc095a2380f2692c395875a92e84c37f00c902213454caa52094c69f5", "hashmap": [{"hash": "fae2914b08105247d1c398134e38e9a2", "key": "sourceData"}, {"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "modified"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "3c02b66cb1e0a345cbb3fd8ccf541a96", "key": "title"}, {"hash": "261346e9be6ad16185ad0882a85e8c77", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2017-07-17T10:56:23", "modified": "2017-06-30T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6496 2017-06-30 09:50:25Z ckuersteiner $\n#\n# Citrix XenServer Multiple Security Updates\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6496 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-06-30 11:50:25 +0200 (Fri, 30 Jun 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name: \"cvss_base\", value: \"7.2\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-TBA (High): Grant table operations mishandle reference counts.\n\n- CVE-TBA (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-TBA (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-TBA (Medium): Races in the grant table unmap code.\n\n- CVE-TBA (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-TBA (Medium): NULL pointer deref in event channel poll.\n\n- CVE-TBA (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss", "description", "cvelist", "modified", "sourceData"], "edition": 1, "lastseen": "2017-07-17T10:56:23"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.", "edition": 2, "enchantments": {}, "hash": "486c0c86ea79dda67165fbeefdcbfedd7d41dc3124dae65f7090ab3e41a63683", "hashmap": [{"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "04430eef634a647ddb2b35bc74351297", "key": "description"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "1713e064df470431171d23a85825cd70", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "d90ecd12208932dc4463b12d54eeedba", "key": "sourceData"}, {"hash": "3c02b66cb1e0a345cbb3fd8ccf541a96", "key": "title"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2017-07-25T10:57:24", "modified": "2017-07-10T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6621 2017-07-10 04:58:09Z ckuersteiner $\n#\n# Citrix XenServer Multiple Security Updates\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6621 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-10 06:58:09 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name: \"cvss_base\", value: \"7.2\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-25T10:57:24"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "166ee07d086bc099a0e8a132b042500cbe0bf7f3a0c867b0db775df30a91dc82", "hashmap": [{"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "c57caa13a9dffde9eebc944d367434c5", "key": "modified"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "04430eef634a647ddb2b35bc74351297", "key": "description"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "7a2353f27d3520063b7c276267163033", "key": "title"}, {"hash": "1713e064df470431171d23a85825cd70", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "68329dcee675f8a97d8a5072c623e0eb", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2018-08-30T19:18:48", "modified": "2017-08-16T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6928 2017-08-16 02:41:07Z ckuersteiner $\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6928 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-16 04:41:07 +0200 (Wed, 16 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "type": "openvas", "viewCount": 4}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:18:48"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d0869005f56eca76d7108be8dc8c1d23c3cde1c1e7c3534b33ae148c4a05c91a", "hashmap": [{"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "c57caa13a9dffde9eebc944d367434c5", "key": "modified"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "04430eef634a647ddb2b35bc74351297", "key": "description"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "7a2353f27d3520063b7c276267163033", "key": "title"}, {"hash": "1713e064df470431171d23a85825cd70", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "68329dcee675f8a97d8a5072c623e0eb", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2018-09-01T23:40:57", "modified": "2017-08-16T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6928 2017-08-16 02:41:07Z ckuersteiner $\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6928 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-16 04:41:07 +0200 (Wed, 16 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "type": "openvas", "viewCount": 4}, "differentElements": ["description", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:40:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.", "edition": 3, "enchantments": {}, "hash": "590f92c12fe6366c8ebc39c0285d843bfa8fde7a148fa2b9b972f22c48b573ff", "hashmap": [{"hash": "34d8a75328683be1e03ea1de79387567", "key": "reporter"}, {"hash": "5b3ffa96845d67695f3a9a84aa63ae0f", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "9564b1250a06eb1a494ab04295d2334a", "key": "published"}, {"hash": "04430eef634a647ddb2b35bc74351297", "key": "description"}, {"hash": "7f646885f704c38b2553fc75fd077810", "key": "pluginID"}, {"hash": "1713e064df470431171d23a85825cd70", "key": "cvelist"}, {"hash": "1927b2d6151040a71e96f135b55a4f04", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "e4b78bd7f7dceb58d50c714a97e99127", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8139d8c20e2b0595960a5d5c7a642855", "key": "href"}, {"hash": "f606ba9a77cd9c446457fc11e8033089", "key": "modified"}, {"hash": "3c02b66cb1e0a345cbb3fd8ccf541a96", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "id": "OPENVAS:1361412562310106915", "lastseen": "2017-08-03T10:57:36", "modified": "2017-07-19T00:00:00", "naslFamily": "Citrix Xenserver Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310106915", "published": "2017-06-30T00:00:00", "references": ["https://support.citrix.com/article/CTX224740"], "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 6757 2017-07-19 05:57:31Z cfischer $\n#\n# Citrix XenServer Multiple Security Updates\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 6757 $\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-19 07:57:31 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\",\"xenserver/patches\");\n\n script_tag(name: \"summary\", value: \"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n- CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n- CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n- CVE-2017-10913,CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n- CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n- CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name: \"vuldetect\", value: \"Check the installed hotfixes.\");\n\n script_tag(name: \"affected\", value: \"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name: \"solution\", value: \"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name: \"URL\", value: \"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "title": "Citrix XenServer Multiple Security Updates", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData", "title"], "edition": 3, "lastseen": "2017-08-03T10:57:36"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "1713e064df470431171d23a85825cd70"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "8ba084be3b52f800e3c7be16e949f0c5"}, {"key": "href", "hash": "8139d8c20e2b0595960a5d5c7a642855"}, {"key": "modified", "hash": "9bd5dcfcb227d4b92eae337f2ff06a78"}, {"key": "naslFamily", "hash": "5b3ffa96845d67695f3a9a84aa63ae0f"}, {"key": "pluginID", "hash": "7f646885f704c38b2553fc75fd077810"}, {"key": "published", "hash": "9564b1250a06eb1a494ab04295d2334a"}, {"key": "references", "hash": "e4b78bd7f7dceb58d50c714a97e99127"}, {"key": "reporter", "hash": "34d8a75328683be1e03ea1de79387567"}, {"key": "sourceData", "hash": "898f8b687e91f1379740a3862e3d1eea"}, {"key": "title", "hash": "7a2353f27d3520063b7c276267163033"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "90268cde8f5426621def944f4946700f636fbf29001bc0a4a6c8c74641c2acad", "viewCount": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_xenserver_ctx224740.nasl 11816 2018-10-10 10:42:56Z mmartin $\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"$Revision: 11816 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-10 12:42:56 +0200 (Wed, 10 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n\"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n script_tag(name:\"summary\", value:\"A number of security issues have been identified within Citrix XenServer.\nThese issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues\nhave the identifiers:\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n - CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"affected\", value:\"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\nreport_if_citrix_xenserver_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "naslFamily": "Citrix Xenserver Local Security Checks", "pluginID": "1361412562310106915"}
{"gentoo": [{"lastseen": "2017-10-18T08:47:07", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=624116", "https://bugs.gentoo.org/show_bug.cgi?id=624118", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10922", "https://bugs.gentoo.org/show_bug.cgi?id=624124", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10914", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10915", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10920", "https://bugs.gentoo.org/show_bug.cgi?id=624128", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10912", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10918", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10913", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10921", "https://bugs.gentoo.org/show_bug.cgi?id=624112"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.7.3", "packageName": "app-emulation/xen-tools", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.7.3", "packageName": "app-emulation/xen", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.7.3", "packageName": "app-emulation/xen-pvgrub", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could escalate privileges, cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.7.3\"\n \n\nAll Xen pvgrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-pvgrub-4.7.3\"\n \n\nAll Xen Tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-tools-4.7.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2017-10-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2017-10-18T00:00:00", "href": "https://security.gentoo.org/glsa/201710-17", "id": "GLSA-201710-17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:41:55", "references": ["2017-c3149b5fcb", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2YX6P3ST264BWLGBSE2UODOT2T4KEXK"], "pluginID": "1361412562310872848", "description": "Check the version of xen", "edition": 3, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-07-14T00:00:00", "title": "Fedora Update for xen FEDORA-2017-c3149b5fcb", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310872848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2017-c3149b5fcb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872848\");\n script_version(\"$Revision: 6725 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-14 12:23:29 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:13 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \n \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10918\", \"CVE-2017-10919\", \n \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-10923\", \n \"CVE-2017-10917\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-c3149b5fcb\");\n script_tag(name: \"summary\", value: \"Check the version of xen\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\");\n script_tag(name: \"affected\", value: \"xen on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-c3149b5fcb\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2YX6P3ST264BWLGBSE2UODOT2T4KEXK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:56:57", "references": ["2017:1826_1"], "pluginID": "1361412562310851577", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-07-14T00:00:00", "title": "SuSE Update for xen openSUSE-SU-2017:1826-1 (xen)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310851577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851577", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_1826_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for xen openSUSE-SU-2017:1826-1 (xen)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851577\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:54:54 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\",\n \"CVE-2017-10922\", \"CVE-2017-8309\", \"CVE-2017-9330\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for xen openSUSE-SU-2017:1826-1 (xen)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code\n allowed for information leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked information to\n other guests (XSA-220, bsc#1042923)\n\n These non-security issues were fixed:\n\n - bsc#1027519: Included various upstream patches\n\n - bsc#1035642: Ensure that rpmbuild works\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1826_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:20", "references": ["http://www.debian.org/security/2017/dsa-3969.html"], "pluginID": "1361412562310703969", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912 \nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914 \nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915 \nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916 \nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917 \nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918 \nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919 \nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 \nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135 \nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136 \nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137 \nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855 \nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.", "edition": 3, "reporter": "Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net", "published": "2017-09-12T00:00:00", "title": "Debian Security Advisory DSA 3969-1 (xen - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-09-14T00:00:00", "id": "OPENVAS:1361412562310703969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3969.nasl 7129 2017-09-14 11:28:03Z teissa $\n#\n# Auto-generated from advisory DSA 3969-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703969\");\n script_version(\"$Revision: 7129 $\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n script_name(\"Debian Security Advisory DSA 3969-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-14 13:28:03 +0200 (Thu, 14 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-12 00:00:00 +0200 (Tue, 12 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3969.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"insight\", value:\"Xen is a hypervisor providing services that allow multiple computer operating\nsystems to execute on the same computer hardware concurrently.\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912 \nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914 \nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915 \nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916 \nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917 \nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918 \nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919 \nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 \nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135 \nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136 \nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137 \nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855 \nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-arm64\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.1-9+deb8u10\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.1-1+deb9u3\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/10/msg00011.html"], "pluginID": "1361412562310891132", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn", "edition": 6, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-02-07T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 1132-1] xen security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1132.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 1132-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891132\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14318\", \"CVE-2017-14319\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1132-1] xen security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"insight\", value:\"Xen is a hypervisor providing services that allow multiple computer operating\nsystems to execute on the same computer hardware concurrently.\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn't\nverified which which may result in privilege escalation.\n\nCVE-2017-14317\n\nEric Chanudet discovered that a race conditions in cxenstored might\nresult in information leaks or privilege escalation.\n\nCVE-2017-14318\n\nMatthew Daley discovered that incorrect validation of\ngrants may result in a denial of service.\n\nCVE-2017-14319\n\nAndrew Cooper discovered that insufficient grant unmapping\nchecks may result in denial of service and privilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-9\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:06", "references": ["http://www.ubuntu.com/usn/usn-3468-2/", "3468-2"], "pluginID": "1361412562310843352", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-01T00:00:00", "title": "Ubuntu Update for linux-hwe USN-3468-2", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_2.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux-hwe USN-3468-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843352\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:01:44 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-hwe USN-3468-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-hwe'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3468-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.04. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu\n 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not\n properly bound guest IRQs. A local attacker in a guest VM could use this to\n cause a denial of service (host system crash). (CVE-2017-1000252) It was\n discovered that the Flash-Friendly File System (f2fs) implementation in the\n Linux kernel did not properly validate superblock metadata. A local attacker\n could use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual\n block driver did not properly initialize some data structures before passing\n them to user space. A local attacker in a guest VM could use this to expose\n sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It\n was discovered that a use-after-free vulnerability existed in the POSIX message\n queue implementation in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce\n that the realtime inode flag was settable only on filesystems on a realtime\n device. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux-hwe on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic-lpae\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-lowlatency\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:07", "references": ["http://www.ubuntu.com/usn/usn-3468-1/", "3468-1"], "pluginID": "1361412562310843353", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-01T00:00:00", "title": "Ubuntu Update for linux USN-3468-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux USN-3468-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843353\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:02:17 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3468-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly bound guest IRQs. A local attacker in a guest\n VM could use this to cause a denial of service (host system crash).\n (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard\n discovered that the Xen virtual block driver did not properly initialize some\n data structures before passing them to user space. A local attacker in a guest\n VM could use this to expose sensitive information from the host OS or other\n guest VMs. (CVE-2017-10911) It was discovered that a use-after-free\n vulnerability existed in the POSIX message queue implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner\n discovered that the XFS filesystem did not enforce that the realtime inode flag\n was settable only on filesystems on a realtime device. A local attacker could\n use this to cause a denial of service (system crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1020-raspi2\", ver:\"4.10.0-1020.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic-lpae\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-lowlatency\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1020.21\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:06", "references": ["http://www.ubuntu.com/usn/usn-3468-3/", "3468-3"], "pluginID": "1361412562310843356", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-01T00:00:00", "title": "Ubuntu Update for linux-gcp USN-3468-3", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_3.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3468-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843356\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:03:27 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3468-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly bound guest IRQs. A local attacker in a guest\n VM could use this to cause a denial of service (host system crash).\n (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard\n discovered that the Xen virtual block driver did not properly initialize some\n data structures before passing them to user space. A local attacker in a guest\n VM could use this to expose sensitive information from the host OS or other\n guest VMs. (CVE-2017-10911) It was discovered that a use-after-free\n vulnerability existed in the POSIX message queue implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner\n discovered that the XFS filesystem did not enforce that the realtime inode flag\n was settable only on filesystems on a realtime device. A local attacker could\n use this to cause a denial of service (system crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1008-gcp\", ver:\"4.10.0-1008.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.10.0.1008.10\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-23T11:19:54", "references": ["http://www.debian.org/security/2017/dsa-3920.html"], "pluginID": "703920", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.", "edition": 2, "reporter": "Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net", "published": "2017-07-25T00:00:00", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703920", "id": "OPENVAS:703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 6873 2017-08-08 12:35:26Z teissa $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703920);\n script_version(\"$Revision: 6873 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-08 14:35:26 +0200 (Tue, 08 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T12:59:07", "references": ["http://www.ubuntu.com/usn/usn-3470-1/", "3470-1"], "pluginID": "1361412562310843357", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-01T00:00:00", "title": "Ubuntu Update for linux USN-3470-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2016-8632", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663", "CVE-2017-10662"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843357", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3470_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux USN-3470-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843357\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:04:00 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2016-8632\", \"CVE-2017-10661\", \"CVE-2017-10662\", \"CVE-2017-10663\",\n \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3470-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Qian Zhang discovered a heap-based buffer\n overflow in the tipc_msg_build() function in the Linux kernel. A local attacker\n could use to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-8632) Dmitry Vyukov\n discovered that a race condition existed in the timerfd subsystem of the Linux\n kernel when handling might_cancel queuing. A local attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-10661) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n Anthony Perard discovered that the Xen virtual block driver did not properly\n initialize some data structures before passing them to user space. A local\n attacker in a guest VM could use this to expose sensitive information from the\n host OS or other guest VMs. (CVE-2017-10911) It was discovered that a\n use-after-free vulnerability existed in the POSIX message queue implementation\n in the Linux kernel. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave\n Chinner discovered that the XFS filesystem did not enforce that the realtime\n inode flag was settable only on filesystems on a realtime device. A local\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3470-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3470-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-generic\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-generic-lpae\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-lowlatency\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-e500\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-e500mc\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-smp\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc64-emb\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc64-smp\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:43:36", "references": ["http://www.debian.org/security/2017/dsa-3920.html"], "pluginID": "1361412562310703920", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.", "edition": 3, "reporter": "Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net", "published": "2017-07-25T00:00:00", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 9356 2018-04-06 07:17:02Z cfischer $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703920\");\n script_version(\"$Revision: 9356 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:17:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:56:19", "references": ["https://security.gentoo.org/glsa/201710-17"], "pluginID": "103910", "description": "The remote host is affected by the vulnerability described in GLSA-201710-17 (Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.\n Impact :\n\n A local attacker could escalate privileges, cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "edition": 7, "reporter": "Tenable", "published": "2017-10-18T00:00:00", "title": "GLSA-201710-17 : Xen: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2018-01-29T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-pvgrub", "p-cpe:/a:gentoo:linux:xen-tools"], "id": "GENTOO_GLSA-201710-17.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-17.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103910);\n script_version(\"$Revision: 3.4 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:52:25 $\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n script_xref(name:\"GLSA\", value:\"201710-17\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"GLSA-201710-17 : Xen: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-17\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n referenced CVE identifiers for details.\n \nImpact :\n\n A local attacker could escalate privileges, cause a Denial of Service\n condition, obtain sensitive information, or have other unspecified\n impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Xen users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.7.3'\n All Xen pvgrub users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-pvgrub-4.7.3'\n All Xen Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-tools-4.7.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-pvgrub\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/xen\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-pvgrub\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-tools\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-19T14:07:22", "references": ["https://support.citrix.com/article/CTX224740"], "pluginID": "101205", "description": "The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that causes grant table operations to fail due to improper handling of reference counts. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - An information disclosure vulnerability exists due to blkif responses leaking stack data. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.\n\n - A NULL pointer dereference flaw exists in the event channel poll that allows an unauthenticated, remote attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient reference counts. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code that allows an unauthenticated, remote attacker to have an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows a local attacker on the PV guest to gain elevated privileges.\n\n - A flaw exists that is triggered by stale P2M mappings due to insufficient error checking. An unauthenticated, remote attacker can exploit this to have an unspecified impact.", "edition": 6, "reporter": "Tenable", "published": "2017-07-03T00:00:00", "title": "Citrix XenServer Multiple Vulnerabilities (CTX224740)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX224740.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101205);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2017-10911\",\n \"CVE-2017-10912\",\n \"CVE-2017-10913\",\n \"CVE-2017-10914\",\n \"CVE-2017-10915\",\n \"CVE-2017-10917\",\n \"CVE-2017-10918\",\n \"CVE-2017-10920\",\n \"CVE-2017-10921\",\n \"CVE-2017-10922\"\n );\n script_bugtraq_id(\n 99157,\n 99158,\n 99161,\n 99162,\n 99174,\n 99411,\n 99435\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX224740)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer installed on the remote host is\nmissing a security hotfix. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists that causes grant table operations to fail\n due to improper handling of reference counts. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - An information disclosure vulnerability exists due to\n blkif responses leaking stack data. An unauthenticated,\n remote attacker can exploit this to disclose potentially\n sensitive information.\n\n - A NULL pointer dereference flaw exists in the event\n channel poll that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient\n reference counts. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code\n that allows an unauthenticated, remote attacker to have\n an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows\n a local attacker on the PV guest to gain elevated\n privileges.\n\n - A flaw exists that is triggered by stale P2M mappings\n due to insufficient error checking. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX224740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10918\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2017/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\n# two hotfixes for each series\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC045\"; # CTX224687\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS602ECC046\"; # CTX224693\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.2\\.0\")\n{\n fix = \"XS62ESP1061\"; # CTX224688\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS62ESP1062\"; # CTX224694\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1057\"; # CTX224689\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS65ESP1058\"; # CTX224695\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix = \"XS70E035\"; # CTX224690\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS70E036\"; # CTX224696\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71E011\"; # CTX224691\n if (fix >!< patches && \"XS71ECU1\" >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS71E012\"; # CTX224697\n if (fix >!< patches && \"XS71ECU1\" >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E001\"; # CTX224692\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS72E002\"; # CTX224698\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:11", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1042931", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042882", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042915", "https://bugzilla.opensuse.org/show_bug.cgi?id=1027519", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042924", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042893", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042938", "https://bugzilla.opensuse.org/show_bug.cgi?id=1035642", "https://bugzilla.opensuse.org/show_bug.cgi?id=1037243", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042923", "https://bugzilla.opensuse.org/show_bug.cgi?id=1042160"], "pluginID": "101349", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)\n\nThese non-security issues were fixed :\n\n - bsc#1027519: Included various upstream patches \n\n - bsc#1035642: Ensure that rpmbuild works\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "edition": 7, "reporter": "Tenable", "published": "2017-07-10T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2017-799)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2017-799.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101349", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-799.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101349);\n script_version(\"$Revision: 3.4 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:52:25 $\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8309\", \"CVE-2017-9330\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-799)\");\n script_summary(english:\"Check for the openSUSE-2017-799 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n\nThese non-security issues were fixed :\n\n - bsc#1027519: Included various upstream patches \n\n - bsc#1035642: Ensure that rpmbuild works\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-debugsource-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-devel-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-debuginfo-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-debuginfo-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.2_06-11.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:24:54", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1042923", "https://bugzilla.suse.com/show_bug.cgi?id=1014136", "https://www.suse.com/security/cve/CVE-2017-10913/", "https://www.suse.com/security/cve/CVE-2017-8309/", "https://bugzilla.suse.com/show_bug.cgi?id=1042893", "https://bugzilla.suse.com/show_bug.cgi?id=1034845", "https://www.suse.com/security/cve/CVE-2017-10922/", "https://www.suse.com/security/cve/CVE-2017-10914/", "https://bugzilla.suse.com/show_bug.cgi?id=1036470", "https://www.suse.com/security/cve/CVE-2017-10911/", "https://www.suse.com/security/cve/CVE-2017-9503/", "https://www.suse.com/security/cve/CVE-2017-10917/", "https://bugzilla.suse.com/show_bug.cgi?id=1026236", "https://www.suse.com/security/cve/CVE-2017-10915/", "https://www.suse.com/security/cve/CVE-2017-10921/", "https://www.suse.com/security/cve/CVE-2017-9374/", "https://bugzilla.suse.com/show_bug.cgi?id=1043074", "https://www.suse.com/security/cve/CVE-2017-9330/", "https://bugzilla.suse.com/show_bug.cgi?id=1042938", "https://www.suse.com/security/cve/CVE-2017-8905/", "https://bugzilla.suse.com/show_bug.cgi?id=1042915", "http://www.nessus.org/u?c4f0ffc1", "https://bugzilla.suse.com/show_bug.cgi?id=1031460", "https://bugzilla.suse.com/show_bug.cgi?id=1042160", "https://bugzilla.suse.com/show_bug.cgi?id=1042924", "https://bugzilla.suse.com/show_bug.cgi?id=1027519", "https://bugzilla.suse.com/show_bug.cgi?id=1042931", "https://www.suse.com/security/cve/CVE-2017-10912/", "https://bugzilla.suse.com/show_bug.cgi?id=1042882", "https://bugzilla.suse.com/show_bug.cgi?id=1037243", "https://www.suse.com/security/cve/CVE-2017-8112/", "https://www.suse.com/security/cve/CVE-2017-10918/", "https://bugzilla.suse.com/show_bug.cgi?id=1043297", "https://bugzilla.suse.com/show_bug.cgi?id=1042863", "https://www.suse.com/security/cve/CVE-2017-10916/", "https://www.suse.com/security/cve/CVE-2017-10920/"], "pluginID": "101350", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 14, "reporter": "Tenable", "published": "2017-07-10T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-11-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2017-1812-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101350", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1812-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101350);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2018/11/30 10:54:50\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s\n might have leaked information to other guests (XSA-220,\n bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171812-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4f0ffc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1121=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1121=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1121=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.5.5_12-22.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:55", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb"], "pluginID": "101028", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] NULL pointer deref in event channel poll [XSA-221] (#1463231)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2017-06-23T00:00:00", "title": "Fedora 25 : xen (2017-c3149b5fcb)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-C3149B5FCB.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c3149b5fcb.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101028);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2018/02/02 16:15:51 $\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-c3149b5fcb\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 25 : xen (2017-c3149b5fcb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.2-7.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:13", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3bdaf58bc"], "pluginID": "101183", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] NULL pointer deref in event channel poll [XSA-221] (#1463231)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2017-07-03T00:00:00", "title": "Fedora 24 : xen (2017-b3bdaf58bc)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-B3BDAF58BC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b3bdaf58bc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101183);\n script_version(\"$Revision: 3.5 $\");\n script_cvs_date(\"$Date: 2018/02/02 16:15:51 $\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-b3bdaf58bc\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 24 : xen (2017-b3bdaf58bc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3bdaf58bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"xen-4.6.5-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:25", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c6a9b07a3"], "pluginID": "101638", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in event channel poll [XSA-221] (#1463231) stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2017-07-17T00:00:00", "title": "Fedora 26 : xen (2017-5c6a9b07a3)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-5C6A9B07A3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5c6a9b07a3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101638);\n script_version(\"$Revision: 3.4 $\");\n script_cvs_date(\"$Date: 2018/02/02 16:15:51 $\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-5c6a9b07a3\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 26 : xen (2017-5c6a9b07a3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in\nevent channel poll [XSA-221] (#1463231) stale P2M mappings due to\ninsufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c6a9b07a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:35:23", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1014136", "https://bugzilla.suse.com/show_bug.cgi?id=1032148", "https://www.suse.com/security/cve/CVE-2017-10913/", "https://www.suse.com/security/cve/CVE-2017-8309/", "https://bugzilla.suse.com/show_bug.cgi?id=1042893", "https://bugzilla.suse.com/show_bug.cgi?id=1034845", "https://www.suse.com/security/cve/CVE-2017-10922/", "https://www.suse.com/security/cve/CVE-2017-10914/", "https://bugzilla.suse.com/show_bug.cgi?id=1036470", "https://www.suse.com/security/cve/CVE-2017-10911/", "https://www.suse.com/security/cve/CVE-2017-9503/", "https://www.suse.com/security/cve/CVE-2017-10917/", "https://bugzilla.suse.com/show_bug.cgi?id=1026236", "https://www.suse.com/security/cve/CVE-2017-10915/", "https://www.suse.com/security/cve/CVE-2017-10921/", "https://www.suse.com/security/cve/CVE-2017-9374/", "https://bugzilla.suse.com/show_bug.cgi?id=1043074", "https://www.suse.com/security/cve/CVE-2017-9330/", "https://bugzilla.suse.com/show_bug.cgi?id=1042938", "https://www.suse.com/security/cve/CVE-2017-8905/", "https://bugzilla.suse.com/show_bug.cgi?id=1042915", "https://bugzilla.suse.com/show_bug.cgi?id=1031460", "https://bugzilla.suse.com/show_bug.cgi?id=1042160", "https://bugzilla.suse.com/show_bug.cgi?id=1042924", "https://bugzilla.suse.com/show_bug.cgi?id=1027519", "https://bugzilla.suse.com/show_bug.cgi?id=1042931", "https://www.suse.com/security/cve/CVE-2017-10912/", "https://bugzilla.suse.com/show_bug.cgi?id=1042882", "https://bugzilla.suse.com/show_bug.cgi?id=1037243", "https://www.suse.com/security/cve/CVE-2017-8112/", "https://www.suse.com/security/cve/CVE-2017-10918/", "http://www.nessus.org/u?022392d7", "https://bugzilla.suse.com/show_bug.cgi?id=1043297", "https://bugzilla.suse.com/show_bug.cgi?id=1042863", "https://www.suse.com/security/cve/CVE-2017-10920/"], "pluginID": "101293", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 16, "reporter": "Tenable", "published": "2017-07-07T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2018-11-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2017-1795-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1795-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101293);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2018/11/30 10:54:50\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171795-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?022392d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1118=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1118=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.4.4_21-22.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-20T07:44:39", "references": ["http://www.nessus.org/u?6b0e0c73"], "pluginID": "102835", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0142 for details.", "edition": 9, "reporter": "Tenable", "published": "2017-08-30T00:00:00", "title": "OracleVM 3.4 : xen (OVMSA-2017-0142)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-2615", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-8905", "CVE-2017-12136", "CVE-2017-8904", "CVE-2017-10912", "CVE-2017-2620", "CVE-2017-7228", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-8903", "CVE-2017-10915", "CVE-2016-9603"], "modified": "2018-11-19T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2017-0142.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=102835", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0142.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102835);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/11/19 16:36:34\");\n\n script_cve_id(\"CVE-2016-9603\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-7228\", \"CVE-2017-8903\", \"CVE-2017-8904\", \"CVE-2017-8905\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2017-0142)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2017-0142 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000772.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b0e0c73\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-155.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-155.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:44:58", "references": ["https://security-tracker.debian.org/tracker/CVE-2017-10912", "https://security-tracker.debian.org/tracker/CVE-2017-10913", "https://packages.debian.org/source/stretch/xen", "https://security-tracker.debian.org/tracker/CVE-2017-10922", "https://www.debian.org/security/2017/dsa-3969", "https://security-tracker.debian.org/tracker/CVE-2017-10918", "https://security-tracker.debian.org/tracker/CVE-2017-12855", "https://security-tracker.debian.org/tracker/CVE-2017-10920", "https://security-tracker.debian.org/tracker/CVE-2017-10917", "https://packages.debian.org/source/jessie/xen", "https://security-tracker.debian.org/tracker/CVE-2017-10914", "https://security-tracker.debian.org/tracker/CVE-2017-12136", "https://security-tracker.debian.org/tracker/CVE-2017-10919", "https://security-tracker.debian.org/tracker/CVE-2017-10916", "https://security-tracker.debian.org/tracker/CVE-2017-12137", "https://security-tracker.debian.org/tracker/CVE-2017-10915", "https://security-tracker.debian.org/tracker/CVE-2017-12135", "https://security-tracker.debian.org/tracker/CVE-2017-10921"], "pluginID": "103146", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation.\n\n - CVE-2017-10915 Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation.\n\n - CVE-2017-10916 Andrew Cooper discovered an information leak in the handling of the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch.\n\n - CVE-2017-10917 Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service.\n\n - CVE-2017-10918 Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak.\n\n - CVE-2017-10919 Julien Grall discovered that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation.\n\n - CVE-2017-12135 Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation.\n\n - CVE-2017-12136 Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch.\n\n - CVE-2017-12137 Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation.\n\n - CVE-2017-12855 Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service.", "edition": 11, "reporter": "Tenable", "published": "2017-09-13T00:00:00", "title": "Debian DSA-3969-1 : xen - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915", "CVE-2017-15596"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3969.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103146", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3969. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103146);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-15596\");\n script_xref(name:\"DSA\", value:\"3969\");\n\n script_name(english:\"Debian DSA-3969-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912\n Jann Horn discovered that incorrectly handling of page\n transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914\n Jann Horn discovered that race conditions in grant\n handling might result in information leaks or privilege\n escalation.\n\n - CVE-2017-10915\n Andrew Cooper discovered that incorrect reference\n counting with shadow paging might result in privilege\n escalation.\n\n - CVE-2017-10916\n Andrew Cooper discovered an information leak in the\n handling of the Memory Protection Extensions (MPX) and\n Protection Key (PKU) CPU features. This only affects\n Debian stretch.\n\n - CVE-2017-10917\n Ankur Arora discovered a NULL pointer dereference in\n event polling, resulting in denial of service.\n\n - CVE-2017-10918\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in\n privilege escalation, denial of service or an\n information leak.\n\n - CVE-2017-10919\n Julien Grall discovered that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect,\n resulting in potential privilege escalation.\n\n - CVE-2017-12135\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of\n service and potentially privilege escalation.\n\n - CVE-2017-12136\n Ian Jackson discovered that race conditions in the\n allocator for grant mappings may result in denial of\n service or privilege escalation. This only affects\n Debian stretch.\n\n - CVE-2017-12137\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\n - CVE-2017-12855\n Jan Beulich discovered that incorrect grant status\n handling, thus incorrectly informing the guest that the\n grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of\n add-to-physmap operations on ARM may result in denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.1-1+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.1-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2017-07-08T16:48:26", "references": ["https://bugzilla.suse.com/1042915", "https://bugzilla.suse.com/1042923", "https://bugzilla.suse.com/1042924", "https://bugzilla.suse.com/1042938", "https://bugzilla.suse.com/1042893", "https://bugzilla.suse.com/1027519", "https://bugzilla.suse.com/1042160", "https://bugzilla.suse.com/1035642", "https://bugzilla.suse.com/1042931", "https://bugzilla.suse.com/1042882", "https://bugzilla.suse.com/1037243"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-debuginfo-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-debuginfo-32bit-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-devel-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-debuginfo-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-libs-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-devel-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-debugsource-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-debugsource", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-debugsource-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-debuginfo-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-doc-html-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-domU-debuginfo-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-32bit-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-domU-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-tools-domU", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-domU-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-4.7.2_06-11.9.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-tools-domU-debuginfo-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "4.7.2_06-11.9.1", "packageFilename": "xen-libs-4.7.2_06-11.9.1.i586.rpm", "packageName": "xen-libs", "arch": "i586", "operator": "lt"}], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - PKRU and BND* leakage between vCPU-s might have leaked information to\n other guests (XSA-220, bsc#1042923)\n\n These non-security issues were fixed:\n\n - bsc#1027519: Included various upstream patches\n - bsc#1035642: Ensure that rpmbuild works\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2017-07-08T15:12:52", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Security update for xen (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-08T15:12:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00011.html", "id": "OPENSUSE-SU-2017:1826-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-06T16:48:23", "references": ["https://bugzilla.suse.com/1034845", "https://bugzilla.suse.com/1042915", "https://bugzilla.suse.com/1031460", "https://bugzilla.suse.com/1026236", "https://bugzilla.suse.com/1043074", "https://bugzilla.suse.com/1043297", "https://bugzilla.suse.com/1042924", "https://bugzilla.suse.com/1032148", "https://bugzilla.suse.com/1014136", "https://bugzilla.suse.com/1042863", "https://bugzilla.suse.com/1036470", "https://bugzilla.suse.com/1042938", "https://bugzilla.suse.com/1042893", "https://bugzilla.suse.com/1027519", "https://bugzilla.suse.com/1042160", "https://bugzilla.suse.com/1042931", "https://bugzilla.suse.com/1042882", "https://bugzilla.suse.com/1037243"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21_k3.12.61_52.77-22.42.1", "packageFilename": "xen-kmp-default-debuginfo-4.4.4_21_k3.12.61_52.77-22.42.1.x86_64.rpm", "packageName": "xen-kmp-default-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-domU-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-doc-html-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-debugsource-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-32bit-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-32bit-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21_k3.12.61_52.77-22.42.1", "packageFilename": "xen-kmp-default-4.4.4_21_k3.12.61_52.77-22.42.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-domU-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-debugsource-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21_k3.12.61_52.77-22.42.1", "packageFilename": "xen-kmp-default-4.4.4_21_k3.12.61_52.77-22.42.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-debuginfo-32bit-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-domU-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21_k3.12.61_52.77-22.42.1", "packageFilename": "xen-kmp-default-debuginfo-4.4.4_21_k3.12.61_52.77-22.42.1.x86_64.rpm", "packageName": "xen-kmp-default-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-debuginfo-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-doc-html-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-libs-debuginfo-32bit-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "4.4.4_21-22.42.1", "packageFilename": "xen-tools-domU-4.4.4_21-22.42.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n - bsc#1032148: Ensure that time doesn't goes backwards during live\n migration of HVM domU\n - bsc#1027519: Included various upstream patches\n\n", "edition": 1, "reporter": "Suse", "published": "2017-07-06T15:15:02", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Security update for xen (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-06T15:15:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00005.html", "id": "SUSE-SU-2017:1795-1", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-07T16:48:26", "references": ["https://bugzilla.suse.com/1034845", "https://bugzilla.suse.com/1042915", "https://bugzilla.suse.com/1031460", "https://bugzilla.suse.com/1026236", "https://bugzilla.suse.com/1043074", "https://bugzilla.suse.com/1042923", "https://bugzilla.suse.com/1043297", "https://bugzilla.suse.com/1042924", "https://bugzilla.suse.com/1014136", "https://bugzilla.suse.com/1042863", "https://bugzilla.suse.com/1036470", "https://bugzilla.suse.com/1042938", "https://bugzilla.suse.com/1042893", "https://bugzilla.suse.com/1027519", "https://bugzilla.suse.com/1042160", "https://bugzilla.suse.com/1042931", "https://bugzilla.suse.com/1042882", "https://bugzilla.suse.com/1037243"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-debugsource-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-debugsource-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-doc-html-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-debugsource-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-debuginfo-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-doc-html-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-doc-html-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-32bit-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-libs-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12_k3.12.74_60.64.45-22.18.1", "packageFilename": "xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1.x86_64.rpm", "packageName": "xen-kmp-default-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "4.5.5_12-22.18.1", "packageFilename": "xen-tools-domU-debuginfo-4.5.5_12-22.18.1.x86_64.rpm", "packageName": "xen-tools-domU-debuginfo", "arch": "x86_64", "operator": "lt"}], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n\n", "edition": 1, "reporter": "Suse", "published": "2017-07-07T15:09:38", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Security update for xen (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-07T15:09:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00008.html", "id": "SUSE-SU-2017:1812-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-03T02:32:22", "references": ["https://bugzilla.suse.com/1056334", "https://bugzilla.suse.com/1062942", "https://bugzilla.suse.com/1057585", "https://bugzilla.suse.com/1056291", "https://bugzilla.suse.com/1062069", "https://bugzilla.suse.com/1063122", "https://bugzilla.suse.com/1055587", "https://bugzilla.suse.com/1057966", "https://bugzilla.suse.com/1054724", "https://bugzilla.suse.com/1057378"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.10.2-6.6.3", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.10.2-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "6.6.3", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.10.2-6.6.3", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.10.2-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.10.2-6.6.3", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.10.2-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.0.0-6.6.3", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu", "packageFilename": "qemu-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.10.2-6.6.3", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.10.2-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu", "packageFilename": "qemu-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.0.0-6.6.3", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "aarch64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.9.1-6.6.3.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "6.6.3", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-6.6.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "ppc64le", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.9.1-6.6.3.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "s390x", "packageName": "qemu", "packageFilename": "qemu-2.9.1-6.6.3.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "2.9.1-6.6.3", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.9.1-6.6.3.x86_64.rpm", "operator": "lt"}], "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in SLE 15 (fate#324200).\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-03T00:08:15", "title": "Security update for qemu (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15268", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-10911", "CVE-2017-13672"], "modified": "2017-11-03T00:08:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00003.html", "id": "SUSE-SU-2017:2924-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T08:32:56", "references": ["https://bugzilla.suse.com/1056334", "https://bugzilla.suse.com/1062942", "https://bugzilla.suse.com/1057585", "https://bugzilla.suse.com/1056291", "https://bugzilla.suse.com/1062069", "https://bugzilla.suse.com/1063122", "https://bugzilla.suse.com/1055587", "https://bugzilla.suse.com/1057966", "https://bugzilla.suse.com/1054724", "https://bugzilla.suse.com/1057378"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "i586", "packageName": "qemu-linux-user-debuginfo", "packageFilename": "qemu-linux-user-debuginfo-2.9.1-35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-testsuite", "packageFilename": "qemu-testsuite-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-x86-debuginfo", "packageFilename": "qemu-x86-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.0.0-35.1", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-35.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-linux-user-debugsource", "packageFilename": "qemu-linux-user-debugsource-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-dmg-debuginfo", "packageFilename": "qemu-block-dmg-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "35.1", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-35.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-ksm", "packageFilename": "qemu-ksm-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.10.2-35.1", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.10.2-35.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-extra-debuginfo", "packageFilename": "qemu-extra-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-extra", "packageFilename": "qemu-extra-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-dmg", "packageFilename": "qemu-block-dmg-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-linux-user", "packageFilename": "qemu-linux-user-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.10.2-35.1", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.10.2-35.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "i586", "packageName": "qemu-linux-user-debugsource", "packageFilename": "qemu-linux-user-debugsource-2.9.1-35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "i586", "packageName": "qemu-linux-user", "packageFilename": "qemu-linux-user-2.9.1-35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.9.1-35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "2.9.1-35.1", "arch": "x86_64", "packageName": "qemu-linux-user-debuginfo", "packageFilename": "qemu-linux-user-debuginfo-2.9.1-35.1.x86_64.rpm", "operator": "lt"}], "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in Leap 15.0.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-07T06:09:17", "title": "Security update for qemu (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15268", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-10911", "CVE-2017-13672"], "modified": "2017-11-07T06:09:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00007.html", "id": "OPENSUSE-SU-2017:2938-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T08:32:55", "references": ["https://bugzilla.suse.com/1048902", "https://bugzilla.suse.com/1056334", "https://bugzilla.suse.com/1062942", "https://bugzilla.suse.com/1043176", "https://bugzilla.suse.com/1057585", "https://bugzilla.suse.com/1062069", "https://bugzilla.suse.com/1046636", "https://bugzilla.suse.com/1049381", "https://bugzilla.suse.com/997358", "https://bugzilla.suse.com/1063122", "https://bugzilla.suse.com/1057966", "https://bugzilla.suse.com/1054724", "https://bugzilla.suse.com/1047674", "https://bugzilla.suse.com/1043808", "https://bugzilla.suse.com/1057378", "https://bugzilla.suse.com/1059369"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-extra", "packageFilename": "qemu-extra-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-extra", "packageFilename": "qemu-extra-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.9.1-31.9.1", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.9.1-31.9.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-extra-debuginfo", "packageFilename": "qemu-extra-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-x86-debuginfo", "packageFilename": "qemu-x86-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.2", "arch": "x86_64", "packageName": "qemu-testsuite", "packageFilename": "qemu-testsuite-2.6.2-31.9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu", "packageFilename": "qemu-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.2", "arch": "i586", "packageName": "qemu-testsuite", "packageFilename": "qemu-testsuite-2.6.2-31.9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-dmg", "packageFilename": "qemu-block-dmg-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.0.0-31.9.1", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-31.9.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-linux-user-debuginfo", "packageFilename": "qemu-linux-user-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "31.9.1", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-31.9.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-dmg", "packageFilename": "qemu-block-dmg-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.9.1-31.9.1", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.9.1-31.9.1.noarch.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-linux-user-debugsource", "packageFilename": "qemu-linux-user-debugsource-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-linux-user-debugsource", "packageFilename": "qemu-linux-user-debugsource-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-extra-debuginfo", "packageFilename": "qemu-extra-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-iscsi", "packageFilename": "qemu-block-iscsi-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-dmg-debuginfo", "packageFilename": "qemu-block-dmg-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-iscsi-debuginfo", "packageFilename": "qemu-block-iscsi-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-linux-user", "packageFilename": "qemu-linux-user-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-linux-user-debuginfo", "packageFilename": "qemu-linux-user-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-x86-debuginfo", "packageFilename": "qemu-x86-debuginfo-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-block-dmg-debuginfo", "packageFilename": "qemu-block-dmg-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-31.9.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "x86_64", "packageName": "qemu-linux-user", "packageFilename": "qemu-linux-user-2.6.2-31.9.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.6.2-31.9.1", "arch": "i586", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.6.2-31.9.1.i586.rpm", "operator": "lt"}], "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-07T06:12:01", "title": "Security update for qemu (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15268", "CVE-2017-11334", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9524"], "modified": "2017-11-07T06:12:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00008.html", "id": "OPENSUSE-SU-2017:2941-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T00:32:53", "references": ["https://bugzilla.suse.com/1048902", "https://bugzilla.suse.com/1056334", "https://bugzilla.suse.com/1062942", "https://bugzilla.suse.com/1043176", "https://bugzilla.suse.com/1057585", "https://bugzilla.suse.com/1062069", "https://bugzilla.suse.com/1046636", "https://bugzilla.suse.com/1049381", "https://bugzilla.suse.com/997358", "https://bugzilla.suse.com/1063122", "https://bugzilla.suse.com/1057966", "https://bugzilla.suse.com/1054724", "https://bugzilla.suse.com/1047674", "https://bugzilla.suse.com/1043808", "https://bugzilla.suse.com/1057378", "https://bugzilla.suse.com/1059369"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.0.0-41.22.2", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "41.22.2", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-arm", "packageFilename": "qemu-arm-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.9.1-41.22.2", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.9.1-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.9.1-41.22.2", "arch": "noarch", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.9.1-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.9.1-41.22.2", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.9.1-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu", "packageFilename": "qemu-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.9.1-41.22.2", "arch": "noarch", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.9.1-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-arm-debuginfo", "packageFilename": "qemu-arm-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "1.0.0-41.22.2", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-ssh-debuginfo", "packageFilename": "qemu-block-ssh-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "x86_64", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.6.2-41.22.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-block-ssh", "packageFilename": "qemu-block-ssh-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "aarch64", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "ppc64le", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.6.2-41.22.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "2.6.2-41.22.2", "arch": "s390x", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.6.2-41.22.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "41.22.2", "arch": "noarch", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-41.22.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.0.0-41.22.2", "arch": "noarch", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-41.22.2.noarch.rpm", "operator": "lt"}], "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-06T21:07:59", "title": "Security update for qemu (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15268", "CVE-2017-11334", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9524"], "modified": "2017-11-06T21:07:59", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00006.html", "id": "SUSE-SU-2017:2936-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-08T14:32:19", "references": ["https://bugzilla.suse.com/1048902", "https://bugzilla.suse.com/1035950", "https://bugzilla.suse.com/1037242", "https://bugzilla.suse.com/1056334", "https://bugzilla.suse.com/1020427", "https://bugzilla.suse.com/1043296", "https://bugzilla.suse.com/1042801", "https://bugzilla.suse.com/1035406", "https://bugzilla.suse.com/1045035", "https://bugzilla.suse.com/1057585", "https://bugzilla.suse.com/1028184", "https://bugzilla.suse.com/1025311", "https://bugzilla.suse.com/1062069", "https://bugzilla.suse.com/1046636", "https://bugzilla.suse.com/1049381", "https://bugzilla.suse.com/1063122", "https://bugzilla.suse.com/1042800", "https://bugzilla.suse.com/1039495", "https://bugzilla.suse.com/1030624", "https://bugzilla.suse.com/1054724", "https://bugzilla.suse.com/1032075", "https://bugzilla.suse.com/1021741", "https://bugzilla.suse.com/1047674", "https://bugzilla.suse.com/1036211", "https://bugzilla.suse.com/1057378", "https://bugzilla.suse.com/1037336", "https://bugzilla.suse.com/1043073", "https://bugzilla.suse.com/994605", "https://bugzilla.suse.com/994418", "https://bugzilla.suse.com/1028656", "https://bugzilla.suse.com/1034866", "https://bugzilla.suse.com/1037334", "https://bugzilla.suse.com/1034908", "https://bugzilla.suse.com/1042159", "https://bugzilla.suse.com/1025109"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "33.3.3", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.0.0-33.3.3", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.0.0-33.3.3", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "33.3.3", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.0.0-33.3.3", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "33.3.3", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.3.1-33.3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu", "packageFilename": "qemu-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.8.1-33.3.3", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.8.1-33.3.3.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.3.1-33.3.3.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.3.1-33.3.3", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.3.1-33.3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378).\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025109)\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in\n hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial\n of service (infinite loop and QEMU process crash) via vectors involving\n the transfer mode register during multi block transfer (bsc#1025311)\n - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS\n users to cause a denial of service (infinite loop) via vectors involving\n the number of link endpoint list descriptors (bsc#1028184)\n - CVE-2016-9603: A privileged user within the guest VM could have caused a\n heap overflow in the device model process, potentially escalating their\n privileges to that of the device model process (bsc#1028656)\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions\n (bsc#1034908)\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD\n 54xx VGA Emulator support allowed privileged user inside guest to use\n this flaw to crash the Qemu process resulting in DoS or potentially\n execute arbitrary code on a host with privileges of Qemu process on the\n host (bsc#1035406)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036211)\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable\n to an infinite recursive call loop issue, which allowed a privileged\n user inside guest to crash the Qemu process resulting in DoS\n (bsc#1042800)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043073)\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host\n memory leakage issue, which allowed a privileged user inside guest to\n leak host memory resulting in DoS (bsc#1042801)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042159)\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support\n allowed local guest OS privileged users to cause a denial of service\n (host memory consumption) by rapidly generating large keyboard events\n (bsc#1037334)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037242)\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to an out-of-bounds read access issue which\n allowed a privileged user inside guest to read host memory resulting in\n DoS (bsc#1037336)\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File\n System(9pfs) support, was vulnerable to an improper access control\n issue. It could occur while accessing virtfs metadata files in\n mapped-file security mode. A guest user could have used this flaw to\n escalate their privileges inside guest (bsc#1039495)\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper link following issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1020427)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043296)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper link following issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1020427)\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in\n hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial\n of service (file descriptor or memory consumption) via vectors related\n to an already in-use fid (bsc#1032075)\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in\n hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a\n denial of service (memory consumption) via vectors involving the\n orig_value variable (bsc#1035950)\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper access control issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1034866)\n - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support,\n causing an OOB read access (bsc#994605)\n - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE\n VMXNET3 NIC device support allowed privileged user inside guest to crash\n the Qemu instance resulting in DoS (bsc#994418)\n - Fix privilege escalation in TCG mode (bsc#1030624)\n\n This non-security issue was fixed:\n\n - Fix regression introduced by recent virtfs security fixes (bsc#1045035)\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-08T12:10:08", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-11334", "CVE-2017-7718", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-8086", "CVE-2017-6505", "CVE-2017-14167", "CVE-2016-6834", "CVE-2017-9330", "CVE-2016-6835", "CVE-2017-7377", "CVE-2017-15289", "CVE-2017-5579", "CVE-2017-8380", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-5987", "CVE-2017-10911", "CVE-2017-7471", "CVE-2017-10664", "CVE-2017-10806", "CVE-2016-9602", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9373", "CVE-2016-9603"], "modified": "2017-11-08T12:10:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00010.html", "id": "SUSE-SU-2017:2946-1", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "http://www.securityfocus.com/bid/99411", "https://xenbits.xen.org/xsa/advisory-218.html", "http://www.securitytracker.com/id/1038722"], "description": "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.", "edition": 7, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CVE-2017-10914", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10914"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10914", "id": "CVE-2017-10914", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "https://xenbits.xen.org/xsa/advisory-224.html", "http://www.securitytracker.com/id/1038734"], "description": "The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.", "edition": 6, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2017-10922", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10922"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:32", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10922", "id": "CVE-2017-10922", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "https://xenbits.xen.org/xsa/advisory-224.html", "http://www.securitytracker.com/id/1038734"], "description": "The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.", "edition": 6, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CVE-2017-10921", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10921"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:32", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10921", "id": "CVE-2017-10921", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "http://www.securityfocus.com/bid/99411", "https://xenbits.xen.org/xsa/advisory-218.html", "http://www.securitytracker.com/id/1038722"], "description": "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.", "edition": 7, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CVE-2017-10913", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10913"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10913", "id": "CVE-2017-10913", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "http://www.securitytracker.com/id/1038731", "http://www.securityfocus.com/bid/99157", "https://xenbits.xen.org/xsa/advisory-221.html"], "description": "Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.", "edition": 5, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2017-10917", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10917"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10917", "id": "CVE-2017-10917", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "https://xenbits.xen.org/xsa/advisory-224.html", "http://www.securitytracker.com/id/1038734"], "description": "The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.", "edition": 6, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CVE-2017-10920", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10920"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:32", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10920", "id": "CVE-2017-10920", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://xenbits.xen.org/xsa/advisory-222.html", "https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "http://www.securityfocus.com/bid/99161", "http://www.securitytracker.com/id/1038732"], "description": "Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.", "edition": 7, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "CVE-2017-10918", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10918"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10918", "id": "CVE-2017-10918", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "http://www.securityfocus.com/bid/99158", "http://www.securitytracker.com/id/1038721", "https://xenbits.xen.org/xsa/advisory-217.html"], "description": "Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.", "edition": 6, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "CVE-2017-10912", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10912"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10912", "id": "CVE-2017-10912", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-04T10:53:59", "references": ["https://security.gentoo.org/glsa/201710-17", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3969", "https://xenbits.xen.org/xsa/advisory-219.html", "http://www.securityfocus.com/bid/99174"], "description": "The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.", "edition": 6, "reporter": "NVD", "published": "2017-07-04T21:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CVE-2017-10915", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10915"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.8.1"], "modified": "2017-11-03T21:29:31", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10915", "id": "CVE-2017-10915", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-08T11:05:33", "references": ["https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341", "http://www.debian.org/security/2017/dsa-3920", "https://security.gentoo.org/glsa/201708-03", "http://www.debian.org/security/2017/dsa-3927", "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8", "https://xenbits.xen.org/xsa/advisory-216.html", "http://www.debian.org/security/2017/dsa-3945", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341", "http://www.securitytracker.com/id/1038720", "http://www.securityfocus.com/bid/99162"], "description": "The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.", "edition": 8, "reporter": "NVD", "published": "2017-07-04T21:29:00", "title": "CVE-2017-10911", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10911"], "scanner": [], "modified": "2018-09-07T06:29:02", "cpe": ["cpe:/o:linux:linux_kernel:4.11.7"], "id": "CVE-2017-10911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10911", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:32", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-utils-4.4_4.4.1-9+deb8u10_all.deb", "packageName": "xen-utils-4.4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-hypervisor-4.4-amd64_4.4.1-9+deb8u10_all.deb", "packageName": "xen-hypervisor-4.4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "libxen-4.8_4.8.1-1+deb9u3_all.deb", "packageName": "libxen-4.8", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xenstore-utils_4.4.1-9+deb8u10_all.deb", "packageName": "xenstore-utils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-system-amd64_4.8.1-1+deb9u3_all.deb", "packageName": "xen-system-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-hypervisor-4.8-amd64_4.8.1-1+deb9u3_all.deb", "packageName": "xen-hypervisor-4.8-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xenstore-utils_4.8.1-1+deb9u3_all.deb", "packageName": "xenstore-utils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "libxen-dev_4.4.1-9+deb8u10_all.deb", "packageName": "libxen-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-utils-common_4.8.1-1+deb9u3_all.deb", "packageName": "xen-utils-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-utils-4.8_4.8.1-1+deb9u3_all.deb", "packageName": "xen-utils-4.8", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-hypervisor-4.8-arm64_4.8.1-1+deb9u3_all.deb", "packageName": "xen-hypervisor-4.8-arm64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "libxen-4.4_4.4.1-9+deb8u10_all.deb", "packageName": "libxen-4.4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-hypervisor-4.4-armhf_4.4.1-9+deb8u10_all.deb", "packageName": "xen-hypervisor-4.4-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-system-amd64_4.4.1-9+deb8u10_all.deb", "packageName": "xen-system-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "libxen-dev_4.8.1-1+deb9u3_all.deb", "packageName": "libxen-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-system-armhf_4.4.1-9+deb8u10_all.deb", "packageName": "xen-system-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-hypervisor-4.8-armhf_4.8.1-1+deb9u3_all.deb", "packageName": "xen-hypervisor-4.8-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen-utils-common_4.4.1-9+deb8u10_all.deb", "packageName": "xen-utils-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-system-arm64_4.8.1-1+deb9u3_all.deb", "packageName": "xen-system-arm64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "xen_4.4.1-9+deb8u10_all.deb", "packageName": "xen", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen_4.8.1-1+deb9u3_all.deb", "packageName": "xen", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "xen-system-armhf_4.8.1-1+deb9u3_all.deb", "packageName": "xen-system-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.8.1-1+deb9u3", "arch": "all", "packageFilename": "libxenstore3.0_4.8.1-1+deb9u3_all.deb", "packageName": "libxenstore3.0", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u10", "arch": "all", "packageFilename": "libxenstore3.0_4.4.1-9+deb8u10_all.deb", "packageName": "libxenstore3.0", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3969-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914\n CVE-2017-10915 CVE-2017-10916 CVE-2017-10917\n\t\t CVE-2017-10918 CVE-2017-10919 CVE-2017-10920\n\t\t CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 \n CVE-2017-12136 CVE-2017-12137 CVE-2017-12855\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\n Jann Horn discovered that incorrectly handling of page transfers might\n result in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\n Jann Horn discovered that race conditions in grant handling might\n result in information leaks or privilege escalation.\n\nCVE-2017-10915\n\n Andrew Cooper discovered that incorrect reference counting with\n shadow paging might result in privilege escalation.\n\nCVE-2017-10916\n\n Andrew Cooper discovered an information leak in the handling\n of the the Memory Protection Extensions (MPX) and Protection\n Key (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\n\n Ankur Arora discovered a NULL pointer dereference in event\n polling, resulting in denial of service.\n\nCVE-2017-10918\n\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in privilege\n escalation, denial of service or an information leak.\n\nCVE-2017-10919\n\n Julien Grall discovered that that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect, resulting\n in potential privilege escalation\n\nCVE-2017-12135\n\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of service\n and potentially privilege escalation.\n\nCVE-2017-12136\n\n Ian Jackson discovered that race conditions in the allocator\n for grant mappings may result in denial of service or privilege\n escalation. This only affects Debian stretch.\n\nCVE-2017-12137\n\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\nCVE-2017-12855\n\n Jan Beulich discovered that incorrect grant status handling, thus\n incorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of add-to-physmap\n operations on ARM may result in denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2017-09-12T21:06:17", "title": "[SECURITY] [DSA 3969-1] xen security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:32", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-09-12T21:06:17", "id": "DEBIAN:DSA-3969-1:F2748", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00231.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:50:12", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "4.1.6.lts1-9", "arch": "all", "packageFilename": "xen_4.1.6.lts1-9_all.deb", "packageName": "xen", "operator": "lt"}], "description": "Package : xen\nVersion : 4.1.6.lts1-9\nCVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 \n CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 \n CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 \n CVE-2017-14317 CVE-2017-14318 CVE-2017-14319\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\n Jann Horn discovered that incorrectly handling of page transfers might\n result in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\n Jann Horn discovered that race conditions in grant handling might\n result in information leaks or privilege escalation.\n\nCVE-2017-10915\n\n Andrew Cooper discovered that incorrect reference counting with\n shadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in privilege\n escalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect, resulting\n in potential privilege escalation\n\nCVE-2017-12135\n\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of service\n and potentially privilege escalation.\n\nCVE-2017-12137\n\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\nCVE-2017-12855\n\n Jan Beulich discovered that incorrect grant status handling, thus\n incorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\n Matthew Daley discovered that the NUMA node parameter wasn't\n verified which which may result in privilege escalation.\n\nCVE-2017-14317\n\n Eric Chanudet discovered that a race conditions in cxenstored might\n result in information leaks or privilege escalation.\n\n\nCVE-2017-14318\n\n Matthew Daley discovered that incorrect validation of\n grants may result in a denial of service.\n\nCVE-2017-14319\n\n Andrew Cooper discovered that insufficient grant unmapping\n checks may result in denial of service and privilege escalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "reporter": "Debian", "published": "2017-10-11T12:10:49", "title": "[SECURITY] [DLA 1132-1] xen security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:12", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2017-10-11T12:10:49", "id": "DEBIAN:DLA-1132-1:FB7F1", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:44", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-mips_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-ppc_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-sparc_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-user-static_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-user-static", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-block-extra_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-block-extra", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-user-binfmt_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-user-binfmt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-utils_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-utils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-x86_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-kvm_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-misc_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-common_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-user_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-user", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-guest-agent_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu-system-arm_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1:2.8+dfsg-6+deb9u1", "arch": "all", "packageFilename": "qemu_1:2.8+dfsg-6+deb9u1_all.deb", "packageName": "qemu", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3920-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 \n CVE-2017-9375 CVE-2017-9524 CVE-2017-10664 CVE-2017-10911\n\nMultiple vulnerabilities were found in in qemu, a fast processor\nemulator:\n \nCVE-2017-9310\n\n Denial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\n\n Denial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\n\n Denial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\n\n Denial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\n\n Denial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\n\n Denial of service in qemu-nbd server.\n\nCVE-2017-10664\n\n Denial of service in qemu-nbd server.\n\nCVE-2017-10911\n\n Information leak in Xen blkif response handling.\n\nFor the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2017-07-25T20:06:31", "title": "[SECURITY] [DSA 3920-1] qemu security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:44", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-07-25T20:06:31", "id": "DEBIAN:DSA-3920-1:E2BE6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00182.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-11T04:06:31", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-4kc-malta-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-4kc-malta-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-octeon-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-octeon-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-libc-dev_4.9.30-2+deb9u3_all.deb", "packageName": "linux-libc-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-storage-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-storage-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "speakup-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "speakup-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "libusbip-dev_4.9.30-2+deb9u3_all.deb", "packageName": "libusbip-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "firewire-core-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "firewire-core-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-686-pae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "leds-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "leds-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-armmp-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-armmp-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-doc-4.9_4.9.30-2+deb9u3_all.deb", "packageName": "linux-doc-4.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-armmp-lpae-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-armmp-lpae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "efi-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "efi-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "dasd-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "dasd-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "speakup-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "speakup-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-686_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-686", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usbip_4.9.30-2+deb9u3_all.deb", "packageName": "usbip", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-loongson-3-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-loongson-3-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-storage-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-storage-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-core-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-core-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-rt-amd64-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-rt-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-kbuild-4.9_4.9.30-2+deb9u3_all.deb", "packageName": "linux-kbuild-4.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-pcmcia-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-pcmcia-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-rt-686-pae-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-rt-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "minix-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "minix-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "libcpupower-dev_4.9.30-2+deb9u3_all.deb", "packageName": "libcpupower-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux_4.9.30-2+deb9u3_all.deb", "packageName": "linux", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-pcmcia-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-pcmcia-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "minix-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "minix-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-686-pae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "speakup-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "speakup-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "leds-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "leds-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-mips64el_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-mips64el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-powerpc64le-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-powerpc64le-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-arm64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-arm64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-powerpc64le_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-powerpc64le", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-armmp_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "minix-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "minix-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hyperv-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "hyperv-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-5kc-malta-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-5kc-malta-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-compiler-gcc-6-s390_4.9.30-2+deb9u3_all.deb", "packageName": "linux-compiler-gcc-6-s390", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "firewire-core-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "firewire-core-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-core-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-core-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "leds-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "leds-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-core-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-core-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-octeon_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-octeon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hyperv-daemons_4.9.30-2+deb9u3_all.deb", "packageName": "hyperv-daemons", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-loongson-3_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-loongson-3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-marvell_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-marvell", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "dasd-extra-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "dasd-extra-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-source-4.9_4.9.30-2+deb9u3_all.deb", "packageName": "linux-source-4.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "acpi-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "acpi-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "firewire-core-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "firewire-core-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-loongson-3_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-loongson-3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-s390x_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-s390x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "rtc-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "rtc-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-manual-4.9_4.9.30-2+deb9u3_all.deb", "packageName": "linux-manual-4.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "minix-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "minix-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "serial-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "serial-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "hfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-compiler-gcc-6-x86_4.9.30-2+deb9u3_all.deb", "packageName": "linux-compiler-gcc-6-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-i386_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-s390x_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-s390x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "efi-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "efi-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "affs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "affs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-amd64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "libcpupower1_4.9.30-2+deb9u3_all.deb", "packageName": "libcpupower1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-compiler-gcc-6-arm_4.9.30-2+deb9u3_all.deb", "packageName": "linux-compiler-gcc-6-arm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-5kc-malta_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-5kc-malta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hyperv-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "hyperv-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-5kc-malta_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-5kc-malta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-arm64-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-arm64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-octeon_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-octeon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-mips_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-mips", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-arm64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-arm64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-armmp_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "efi-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "efi-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "hfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jffs2-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "jffs2-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-mipsel_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-mipsel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-common-rt_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-common-rt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hypervisor-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "hypervisor-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mtd-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "mtd-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "firewire-core-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "firewire-core-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-powerpc64le_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-powerpc64le", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-marvell_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-marvell", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-core-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-core-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-rt-686-pae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-rt-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "firewire-core-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "firewire-core-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-amd64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-armel_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mtd-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "mtd-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "acpi-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "acpi-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-rt-686-pae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-rt-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-686-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-686-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-4kc-malta_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-4kc-malta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-s390x-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-s390x-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-cpupower_4.9.30-2+deb9u3_all.deb", "packageName": "linux-cpupower", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "speakup-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "speakup-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sata-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "sata-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-pcmcia-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-pcmcia-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "serial-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "serial-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hyperv-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "hyperv-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "affs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "affs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fancontrol-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "fancontrol-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "input-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "input-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-marvell-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-marvell-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-core-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-core-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "serial-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "serial-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fb-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "fb-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-core-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-core-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "zlib-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "zlib-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ata-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "ata-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "acpi-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "acpi-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-amd64-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "sound-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "sound-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "efi-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "efi-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-amd64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-4kc-malta_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-4kc-malta", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "hfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-ppc64el_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-ppc64el", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-rt-amd64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-rt-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-common_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-dm-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-dm-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "cdrom-core-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "cdrom-core-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "btrfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "btrfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "jfs-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "jfs-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pcmcia-storage-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "pcmcia-storage-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "scsi-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "scsi-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "serial-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "serial-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-686-pae-dbg_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-perf-4.9_4.9.30-2+deb9u3_all.deb", "packageName": "linux-perf-4.9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "multipath-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "multipath-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "minix-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "minix-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "i2c-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "i2c-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-rt-amd64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-rt-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-armmp-lpae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-storage-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-storage-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "isofs-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "isofs-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-wireless-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-wireless-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-s390x_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-s390x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "efi-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "efi-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mouse-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "mouse-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-arm64_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-arm64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "pata-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "pata-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crc-modules-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "crc-modules-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-shared-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-shared-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-s390x-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-s390x-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "mmc-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "mmc-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-armmp-lpae_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "affs-modules-4.9.0-8-4kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "affs-modules-4.9.0-8-4kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ipv6-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "ipv6-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "kernel-image-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "kernel-image-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "uinput-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "uinput-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-headers-4.9.0-8-all-armhf_4.9.30-2+deb9u3_all.deb", "packageName": "linux-headers-4.9.0-8-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-serial-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-serial-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "affs-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "affs-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "crypto-modules-4.9.0-8-686-di_4.9.30-2+deb9u3_all.deb", "packageName": "crypto-modules-4.9.0-8-686-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fuse-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "fuse-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ext4-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "ext4-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "md-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "md-modules-4.9.0-8-arm64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-usb-modules-4.9.0-8-armmp-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-usb-modules-4.9.0-8-armmp-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "fat-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "fat-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-image-4.9.0-8-686_4.9.30-2+deb9u3_all.deb", "packageName": "linux-image-4.9.0-8-686", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nbd-modules-4.9.0-8-octeon-di_4.9.30-2+deb9u3_all.deb", "packageName": "nbd-modules-4.9.0-8-octeon-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "loop-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "loop-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "linux-support-4.9.0-8_4.9.30-2+deb9u3_all.deb", "packageName": "linux-support-4.9.0-8", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "xfs-modules-4.9.0-8-amd64-di_4.9.30-2+deb9u3_all.deb", "packageName": "xfs-modules-4.9.0-8-amd64-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "event-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "event-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ppp-modules-4.9.0-8-marvell-di_4.9.30-2+deb9u3_all.deb", "packageName": "ppp-modules-4.9.0-8-marvell-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "squashfs-modules-4.9.0-8-powerpc64le-di_4.9.30-2+deb9u3_all.deb", "packageName": "squashfs-modules-4.9.0-8-powerpc64le-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "nic-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "nic-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "udf-modules-4.9.0-8-686-pae-di_4.9.30-2+deb9u3_all.deb", "packageName": "udf-modules-4.9.0-8-686-pae-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "hfs-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "hfs-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "ntfs-modules-4.9.0-8-loongson-3-di_4.9.30-2+deb9u3_all.deb", "packageName": "ntfs-modules-4.9.0-8-loongson-3-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "virtio-modules-4.9.0-8-5kc-malta-di_4.9.30-2+deb9u3_all.deb", "packageName": "virtio-modules-4.9.0-8-5kc-malta-di", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "4.9.30-2+deb9u3", "arch": "all", "packageFilename": "usb-modules-4.9.0-8-arm64-di_4.9.30-2+deb9u3_all.deb", "packageName": "usb-modules-4.9.0-8-arm64-di", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3927-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 07, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541\n CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911\n CVE-2017-11176 CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10810\n\n Li Qiang discovered a memory leak flaw within the VirtIO GPU driver\n resulting in denial of service (memory consumption).\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a user-space close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2017-08-07T05:19:12", "title": "[SECURITY] [DSA 3927-1] linux security update", "type": "debian", "enchantments": {"score": {"modified": "2018-11-11T04:06:31", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7346", "CVE-2017-10810", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "modified": "2017-08-07T05:19:12", "id": "DEBIAN:DSA-3927-1:A186E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00189.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:29", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-source-3.16_3.16.43-2+deb8u3_all.deb", "packageName": "linux-source-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-support-3.16.0-6_3.16.43-2+deb8u3_all.deb", "packageName": "linux-support-3.16.0-6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-armhf_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-armel_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-amd64-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-support-3.16.0-7_3.16.43-2+deb8u3_all.deb", "packageName": "linux-support-3.16.0-7", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-compiler-gcc-4.8-arm_3.16.43-2+deb8u3_all.deb", "packageName": "linux-compiler-gcc-4.8-arm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-686-pae-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-686-pae-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-amd64-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-armel_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-686-pae-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-support-3.16.0-4_3.16.43-2+deb8u3_all.deb", "packageName": "linux-support-3.16.0-4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-common_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-4-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "xen-linux-system-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-armhf_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-compiler-gcc-4.8-x86_3.16.43-2+deb8u3_all.deb", "packageName": "linux-compiler-gcc-4.8-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-i386_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-common_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-amd64-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-armel_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-versatile_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-armel_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-i386_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-common_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-common_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-ixp4xx_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-686-pae-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-kirkwood_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-compiler-gcc-4.9-x86_3.16.43-2+deb8u3_all.deb", "packageName": "linux-compiler-gcc-4.9-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux_3.16.43-2+deb8u3_all.deb", "packageName": "linux", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-libc-dev_3.16.43-2+deb8u3_all.deb", "packageName": "linux-libc-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-6-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-armmp_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-4-586_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-4-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-manual-3.16_3.16.43-2+deb8u3_all.deb", "packageName": "linux-manual-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-7-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-i386_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-5-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-doc-3.16_3.16.43-2+deb8u3_all.deb", "packageName": "linux-doc-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-armhf_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-5-amd64-dbg_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-5-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-armhf_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-7-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "xen-linux-system-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-orion5x_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-5-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "xen-linux-system-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-686-pae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-4-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-i386_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-6-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "xen-linux-system-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-image-3.16.0-6-amd64_3.16.43-2+deb8u3_all.deb", "packageName": "linux-image-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.43-2+deb8u3", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-armmp-lpae_3.16.43-2+deb8u3_all.deb", "packageName": "linux-headers-3.16.0-7-armmp-lpae", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3945-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533\n CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605\n CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363\n CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\n\n A use-after-free flaw in the voltage and current regulator driver\n could allow a local user to cause a denial of service or potentially\n escalate privileges.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments, allowing a local attacker with write access to the\n kernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2017-08-17T18:40:23", "title": "[SECURITY] [DSA 3945-1] linux security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:29", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7889", "CVE-2017-7346", "CVE-2014-9940", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "modified": "2017-08-17T18:40:23", "id": "DEBIAN:DSA-3945-1:532A6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00207.html", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:49:02", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "3.2.93-1", "arch": "all", "packageFilename": "linux_3.2.93-1_all.deb", "packageName": "linux", "operator": "lt"}], "description": "Package : linux\nVersion : 3.2.93-1\nCVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 \n CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 \n CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 \n CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 \n CVE-2017-1000251 CVE-2017-1000363 CVE-2017-1000365\n\t\t CVE-2017-1000380\nDebian Bug : #866511 #875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-11600\n\n bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Sch\u00f6nherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability on a system with a wifi device\n can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov of Google reported that a specific sequence of\n operations on a TCP socket could lead to division by zero. A\n local user could use this for denial of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call permitted\n users to discover the memory layout of a set-UID process running\n under their real user-ID. This made it easier for local users to\n exploit vulnerabilities in programs installed with the set-UID\n permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported that a race condition in the\n raw packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this to cause a denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n properly taken into account by the size restrictions on arguments\n and environmental strings passed through execve(). A local\n attacker can take advantage of this flaw in conjunction with other\n flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 "Stretch", these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 2, "reporter": "Debian", "published": "2017-09-20T17:48:01", "title": "[SECURITY] [DLA 1099-1] linux security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:02", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "modified": "2017-09-20T17:48:01", "id": "DEBIAN:DLA-1099-1:57108", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00017.html", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:12:53", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-mips_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-guest-agent_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-x86_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-common_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-misc_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-user-static_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-user-static", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-kvm_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-user-binfmt_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-user-binfmt", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-user_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-user", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-arm_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-ppc_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-utils_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-utils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u7", "arch": "all", "packageFilename": "qemu-system-sparc_1:2.1+dfsg-12+deb8u7_all.deb", "packageName": "qemu-system-sparc", "operator": "lt"}], "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u7\nCVE ID : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835\n CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602\n CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911\n CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921\n CVE-2016-9922 CVE-2016-10155 CVE-2017-2615 CVE-2017-2620\n CVE-2017-5525 CVE-2017-5526 CVE-2017-5579 CVE-2017-5667\n CVE-2017-5715 CVE-2017-5856 CVE-2017-5973 CVE-2017-5987\n CVE-2017-6505 CVE-2017-7377 CVE-2017-7493 CVE-2017-7718\n CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309\n CVE-2017-8379 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374\n CVE-2017-9503 CVE-2017-10806 CVE-2017-10911\n CVE-2017-11434 CVE-2017-14167 CVE-2017-15038\n CVE-2017-15289 CVE-2017-16845 CVE-2017-18030\n CVE-2017-18043 CVE-2018-5683 CVE-2018-7550\nDebian Bug : 813193 834904 835031 840945 840950 847496 847951 847953\n 847960 851910 852232 853002 853006 853996 854731 855159\n 855611 855791 856399 856969 857744 859854 860785 861348\n 861351 862280 862289 863943 864216 864568 865754 867751\n 869171 869706 874606 877890 880832 882136 886532 887392\n 892041\n\nSeveral vulnerabilities were found in qemu, a fast processor emulator:\n\nCVE-2015-8666\n\n Heap-based buffer overflow in QEMU when built with the\n Q35-chipset-based PC system emulator\n\nCVE-2016-2198\n\n Null pointer dereference in ehci_caps_write in the USB EHCI support\n that may result in denial of service\n\nCVE-2016-6833\n\n Use after free while writing in the vmxnet3 device that could be used\n to cause a denial of service\n\nCVE-2016-6835\n\n Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device\n that could result in denial of service\n\nCVE-2016-8576\n\n Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\n Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset\n emulator, and in serial_update_parameters of some serial devices, that\n could result in denial of service\n\nCVE-2016-9602\n\n Improper link following with VirtFS\n\nCVE-2016-9603\n\n Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA\n emulator support\n\nCVE-2016-9776\n\n Infinite loop while receiving data in the ColdFire Fast Ethernet\n Controller emulator\n\nCVE-2016-9907\n\n Memory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\n Memory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\n Plan 9 File System (9pfs): add missing cleanup operation in\n FileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\n Divide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator\n support \n\nCVE-2016-10155\n\n Memory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS\n privileged users to cause a denial of service via a large number of\n device unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718\n\n Out-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator\n support, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\n Memory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\n Most memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\n Out-of-bounds access during multi block SDMA transfer in the SDHCI\n emulation support.\n\nCVE-2017-5715\n\n Mitigations against the Spectre v2 vulnerability. For more information\n please refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\n Memory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\n Infinite loop issues in the USB xHCI, in the transfer mode register\n of the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n 9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\n Improper access control issues in the host directory sharing via\n 9pfs support.\n\nCVE-2017-7980\n\n Heap-based buffer overflow in the Cirrus VGA device that could allow\n local guest OS users to execute arbitrary code or cause a denial of\n service\n\nCVE-2017-8086\n\n 9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\n Infinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\n Host memory leakage issues via the audio capture buffer and the\n keyboard input event handlers \n\nCVE-2017-9330\n\n Infinite loop due to incorrect return value in USB OHCI that may\n result in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\n Host memory leakage during hot unplug in IDE AHCI and USB emulated\n devices that could result in denial of service\n\nCVE-2017-9503\n\n Null pointer dereference while processing megasas command\n\nCVE-2017-10806\n\n Stack buffer overflow in USB redirector\n\nCVE-2017-10911\n\n Xen disk may leak stack data via response ring\n\nCVE-2017-11434\n\n Out-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\n Out-of-bounds access while processing multiboot headers that could\n result in the execution of arbitrary code\n\nCVE-2017-15038\n\n 9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\n Out-of-bounds write access issue in the Cirrus graphic adaptor that\n could result in denial of service\n\nCVE-2017-16845\n\n Information leak in the PS/2 mouse and keyboard emulation support that\n could be exploited during instance migration \n\nCVE-2017-18043\n\n Integer overflow in the macro ROUND_UP (n, d) that could result in\n denial of service\n\nCVE-2018-7550\n\n Incorrect handling of memory during multiboot that could may result in\n execution of arbitrary code\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "reporter": "Debian", "published": "2018-09-06T18:49:41", "title": "[SECURITY] [DLA 1497-1] qemu security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:53", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2018-5683", "CVE-2017-9503", "CVE-2016-9776", "CVE-2017-8112", "CVE-2017-7493", "CVE-2016-9915", "CVE-2017-7718", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-2615", "CVE-2015-8666", "CVE-2017-8086", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2017-14167", "CVE-2017-9330", "CVE-2016-6835", "CVE-2017-7377", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-15289", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-5715", "CVE-2017-5987", "CVE-2017-18030", "CVE-2016-8667", "CVE-2017-10911", "CVE-2016-2198", "CVE-2017-10806", "CVE-2016-9921", "CVE-2016-8576", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-6833", "CVE-2016-9907", "CVE-2016-9911", "CVE-2018-7550", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-18043", "CVE-2016-9603"], "modified": "2018-09-06T18:49:41", "id": "DEBIAN:DLA-1497-1:58644", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201809/msg00007.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T12:09:41", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://usn.ubuntu.com/usn/usn-3468-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000252", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10663"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0-1008.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-1008-gcp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0.1008.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-gcp", "operator": "lt"}], "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)", "edition": 4, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel (GCP) vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-3", "href": "https://usn.ubuntu.com/3468-3/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T12:10:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://usn.ubuntu.com/usn/usn-3468-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000252", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10663"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0.38.40", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-hwe-16.04", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0-38.42~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0.38.40", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency-hwe-16.04", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0.38.40", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-hwe-16.04", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0-38.42~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.10.0-38.42~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-generic-lpae", "operator": "lt"}], "description": "USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)", "edition": 4, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-2", "href": "https://usn.ubuntu.com/3468-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T12:11:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000252", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10663"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "4.10.0-1020.23", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-1020-raspi2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-raspi2 - 4.10.0.1020.21", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "4.10.0-38.42", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic - 4.10.0.38.38", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "4.10.0-38.42", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "4.10.0-38.42", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.10.0-38-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae - 4.10.0.38.38", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency - 4.10.0.38.38", "operator": "lt"}], "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)", "edition": 4, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-1", "href": "https://usn.ubuntu.com/3468-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T12:09:57", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10662", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-8632", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10663", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10661"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-powerpc-e500", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.135.144", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-135.184", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-powerpc64-smp", "operator": "lt"}], "description": "Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)", "edition": 4, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2016-8632", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663", "CVE-2017-10662"], "modified": "2017-10-31T00:00:00", "id": "USN-3470-1", "href": "https://usn.ubuntu.com/3470-1/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T12:10:57", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10662", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-8632", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://usn.ubuntu.com/usn/usn-3470-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10663", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10661"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-lts-trusty - 3.13.0.135.125", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lts-trusty - 3.13.0.135.125", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-generic - 3.13.0-135.184~precise1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-135-generic-lpae - 3.13.0-135.184~precise1", "operator": "lt"}], "description": "USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)", "edition": 4, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2016-8632", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663", "CVE-2017-10662"], "modified": "2017-10-31T00:00:00", "id": "USN-3470-2", "href": "https://usn.ubuntu.com/3470-2/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:11", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14051", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12192", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12154", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9984", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9985", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14991", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14156", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15537", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12153", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14489"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1039.48", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1039-aws", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-kvm - 4.4.0.1009.9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-aws - 4.4.0.1039.41", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1078.83", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1078-snapdragon", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1076.84", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1076-raspi2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-gke - 4.4.0.1033.34", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-raspi2 - 4.4.0.1076.76", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1033.33", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1033-gke", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1009.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1009-kvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-98.121", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-snapdragon - 4.4.0.1078.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp - 4.4.0.98.103", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency - 4.4.0.98.103", "operator": "lt"}], "description": "Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task\u2019s extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)", "edition": 3, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-10-31T00:00:00", "id": "USN-3469-1", "href": "https://usn.ubuntu.com/3469-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:14", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14051", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12192", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12154", "https://usn.ubuntu.com/usn/usn-3469-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9984", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9985", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14991", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14340", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14156", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15537", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12153", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14489"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.98.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-98.121~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-98-lowlatency", "operator": "lt"}], "description": "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task\u2019s extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)", "edition": 3, "reporter": "Ubuntu", "published": "2017-10-31T00:00:00", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-10-31T00:00:00", "id": "USN-3469-2", "href": "https://usn.ubuntu.com/3469-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:46", "references": ["https://launchpad.net/bugs/1718222", "https://usn.ubuntu.com/usn/usn-3414-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-s390x", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-s390x", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}], "description": "USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nLeo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)", "edition": 3, "reporter": "Ubuntu", "published": "2017-09-20T00:00:00", "title": "QEMU regression", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9060", "CVE-2017-10806", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-09-20T00:00:00", "id": "USN-3414-2", "href": "https://usn.ubuntu.com/3414-2/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:24", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10911", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10806", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8112", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12809", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9375", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9503", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9374", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9524", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10664", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9373", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8380", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9330", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11434", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7493", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9310"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-s390x", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-s390x", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.35", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1:2.5+dfsg-5ubuntu10.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1:2.8+dfsg-3ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}], "description": "Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)", "edition": 3, "reporter": "Ubuntu", "published": "2017-09-13T00:00:00", "title": "QEMU vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9060", "CVE-2017-10806", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-09-13T00:00:00", "id": "USN-3414-1", "href": "https://usn.ubuntu.com/3414-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:51", "references": [], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. ([CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>))\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). ([CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>))\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>))\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). ([CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>))\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>))\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>))\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>))\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>))\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task\u2019s extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>))\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). ([CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>), [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.32\n * 3445.x versions prior to 3445.17\n * 3468.x versions prior to 3468.11\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.32\n * Upgrade 3445.x versions prior to 3445.17\n * Upgrade 3468.x versions prior to 3468.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3469-2](<http://www.ubuntu.com/usn/usn-3469-2/>)\n * [CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>)\n * [CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>)\n * [CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>)\n * [CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>)\n * [CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>)\n * [CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>)\n * [CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>)\n * [CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>)\n * [CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>)\n * [CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>)\n * [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>)\n * [CVE-2017-12154](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12154>)\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2017-11-27T00:00:00", "title": "USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-11-27T00:00:00", "id": "CFOUNDRY:14981E32944F89BB69AF2D0158A379F0", "href": "https://www.cloudfoundry.org/blog/usn-3469-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
