Ubuntu Update for qemu USN-3575-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_3575_1.nasl 14140 2019-03-13 12:26:09Z cfischer $
#
# Ubuntu Update for qemu USN-3575-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.843452");
  script_version("$Revision: 14140 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
  script_tag(name:"creation_date", value:"2018-02-21 08:46:41 +0100 (Wed, 21 Feb 2018)");
  script_cve_id("CVE-2017-11334", "CVE-2017-13672", "CVE-2017-14167", "CVE-2017-15038",
                "CVE-2017-15118", "CVE-2017-15119", "CVE-2017-15124", "CVE-2017-15268",
                "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-17381", "CVE-2017-18043",
                "CVE-2018-5683");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("Ubuntu Update for qemu USN-3575-1");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'qemu'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"It was discovered that QEMU incorrectly
  handled guest ram. A privileged attacker inside the guest could use this issue
  to cause QEMU to crash, resulting in a denial of service. This issue only
  affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan
  discovered that QEMU incorrectly handled the VGA device. A privileged attacker
  inside the guest could use this issue to cause QEMU to crash, resulting in a
  denial of service. This issue was only addressed in Ubuntu 17.10.
  (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled
  multiboot. An attacker could use this issue to cause QEMU to crash, resulting in
  a denial of service, or possibly execute arbitrary code on the host. In the
  default installation, when QEMU is used with libvirt, attackers would be
  isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04
  LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU
  incorrectly handled VirtFS directory sharing. An attacker could use this issue
  to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake
  discovered that QEMU incorrectly handled memory in the NBD server. An attacker
  could use this issue to cause the NBD server to crash, resulting in a denial of
  service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake
  discovered that QEMU incorrectly handled certain options to the NBD server. An
  attacker could use this issue to cause the NBD server to crash, resulting in a
  denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
  LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled
  the VNC server. A remote attacker could possibly use this issue to consume
  memory, resulting in a denial of service. This issue was only addressed in
  Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly
  handled certain websockets. A remote attacker could possibly use this issue to
  consume memory, resulting in a denial of service. This issue only affected
  Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly
  handled the Cirrus VGA device. A privileged attacker inside the guest could use
  this issue to cause QEMU to crash, resulting in a denial of service.
  (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled
  certain PS2 values during migration. An attacker could possibly use this issue
  to cause QEMU to crash, resulting in a denial of service, or possibly execute
  arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.
  (CVE-2017-1 ... Description truncated, for more information please check the
  Reference URL");
  script_tag(name:"affected", value:"qemu on Ubuntu 17.10,
  Ubuntu 16.04 LTS,
  Ubuntu 14.04 LTS");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");

  script_xref(name:"USN", value:"3575-1");
  script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3575-1/");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04 LTS|17\.10|16\.04 LTS)");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "UBUNTU14.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"qemu-system", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-aarch64", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-arm", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-mips", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-misc", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-x86", ver:"2.0.0+dfsg-2ubuntu1.39", rls:"UBUNTU14.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "UBUNTU17.10")
{

  if ((res = isdpkgvuln(pkg:"qemu-system", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-aarch64", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-arm", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-mips", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-misc", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-s390x", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-x86", ver:"1:2.10+dfsg-0ubuntu3.5", rls:"UBUNTU17.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "UBUNTU16.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"qemu-system", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-aarch64", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-arm", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-mips", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-misc", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-s390x", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"qemu-system-x86", ver:"1:2.5+dfsg-5ubuntu10.22", rls:"UBUNTU16.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}