{"id": "OPENVAS:1361412562310850862", "bulletinFamily": "scanner", "title": "SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)", "description": "Check the version of qemu", "published": "2015-10-15T00:00:00", "modified": "2017-12-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850862", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015:1519_1"], "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "type": "openvas", "lastseen": "2018-09-01T23:52:32", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of qemu", "edition": 1, "enchantments": {}, "hash": "77b7fd556d6742042923b1f32678328d441e928ec3e6835bf1bd83c3ebade6fa", "hashmap": [{"hash": "f1f6ba73ac687468d4c9b5fa6eeca3d0", "key": "pluginID"}, {"hash": "c9c472afab0fcb66982d0008ee7d4099", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b97832d09ae4c91fdffb66747630f61e", "key": "sourceData"}, {"hash": "9540d42155abfa15dcf6c1147830b922", "key": "description"}, {"hash": "cef2f51ca68178cc378b97521d4e951b", "key": "modified"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "49f0a07035ad79964ced679f310578d1", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "e82095d5f3ede215ff38dcae1f5c7b05", "key": "title"}, {"hash": "092308648d96cd05406a07d3e278adb0", "key": "published"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "ce0063a6660369d52e447030b795ef12", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850862", "id": "OPENVAS:1361412562310850862", "lastseen": "2017-07-02T21:11:38", "modified": "2017-05-22T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310850862", "published": "2015-10-15T00:00:00", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", "2015:1519_1"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850862\");\n script_version(\"$Revision: 6183 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-22 11:03:43 +0200 (Mon, 22 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:43 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\");\n script_tag(name: \"affected\", value: \"qemu on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1519_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:suse:linux_enterprise_desktop\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of qemu", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b395afcbace1792baef7966e35ec560cf81e15ad60a079f64e57f3e6ff2d2e20", "hashmap": [{"hash": "5b848d2648e1ab5e5f72990b21e1966c", "key": "modified"}, {"hash": "8c6638e312e22181a80e9c8b74bd6fc1", "key": "references"}, {"hash": "f1f6ba73ac687468d4c9b5fa6eeca3d0", "key": "pluginID"}, {"hash": "c9c472afab0fcb66982d0008ee7d4099", "key": "href"}, {"hash": "9540d42155abfa15dcf6c1147830b922", "key": "description"}, {"hash": "bb196a5a977dbcadcfba4e3edac6413d", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "49f0a07035ad79964ced679f310578d1", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "e82095d5f3ede215ff38dcae1f5c7b05", "key": "title"}, {"hash": "092308648d96cd05406a07d3e278adb0", "key": "published"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850862", "id": "OPENVAS:1361412562310850862", "lastseen": "2018-08-30T19:22:59", "modified": "2017-12-08T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310850862", "published": "2015-10-15T00:00:00", "references": ["2015:1519_1"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1519_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850862\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:43 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\");\n script_tag(name: \"affected\", value: \"qemu on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1519_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:22:59"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of qemu", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "9650516d3e21c1b06be188f66c6052a30af3d6951587464678ddff6b0a51af8c", "hashmap": [{"hash": "5b848d2648e1ab5e5f72990b21e1966c", "key": "modified"}, {"hash": "8c6638e312e22181a80e9c8b74bd6fc1", "key": "references"}, {"hash": "f1f6ba73ac687468d4c9b5fa6eeca3d0", "key": "pluginID"}, {"hash": "c9c472afab0fcb66982d0008ee7d4099", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9540d42155abfa15dcf6c1147830b922", "key": "description"}, {"hash": "bb196a5a977dbcadcfba4e3edac6413d", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "49f0a07035ad79964ced679f310578d1", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "e82095d5f3ede215ff38dcae1f5c7b05", "key": "title"}, {"hash": "092308648d96cd05406a07d3e278adb0", "key": "published"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850862", "id": "OPENVAS:1361412562310850862", "lastseen": "2017-12-12T11:15:28", "modified": "2017-12-08T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310850862", "published": "2015-10-15T00:00:00", "references": ["2015:1519_1"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1519_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850862\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:43 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\");\n script_tag(name: \"affected\", value: \"qemu on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1519_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-12-12T11:15:28"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of qemu", "edition": 2, "enchantments": {}, "hash": "560c2c00d913891dbe44c764489567486339feff5e43f33059c6a27f845ed684", "hashmap": [{"hash": "f1f6ba73ac687468d4c9b5fa6eeca3d0", "key": "pluginID"}, {"hash": "c9c472afab0fcb66982d0008ee7d4099", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9540d42155abfa15dcf6c1147830b922", "key": "description"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "49f0a07035ad79964ced679f310578d1", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "e82095d5f3ede215ff38dcae1f5c7b05", "key": "title"}, {"hash": "092308648d96cd05406a07d3e278adb0", "key": "published"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "39b0358b492c33a0e1b628a705c661b4", "key": "sourceData"}, {"hash": "bf6febede5ca68e35fdf4a0f47b4ef18", "key": "modified"}, {"hash": "ce0063a6660369d52e447030b795ef12", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850862", "id": "OPENVAS:1361412562310850862", "lastseen": "2017-07-26T08:52:06", "modified": "2017-07-11T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310850862", "published": "2015-10-15T00:00:00", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", "2015:1519_1"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850862\");\n script_version(\"$Revision: 6675 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:54:28 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:43 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\");\n script_tag(name: \"affected\", value: \"qemu on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1519_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 2, "lastseen": "2017-07-26T08:52:06"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "49f0a07035ad79964ced679f310578d1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "9540d42155abfa15dcf6c1147830b922"}, {"key": "href", "hash": "c9c472afab0fcb66982d0008ee7d4099"}, {"key": "modified", "hash": "5b848d2648e1ab5e5f72990b21e1966c"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "f1f6ba73ac687468d4c9b5fa6eeca3d0"}, {"key": "published", "hash": "092308648d96cd05406a07d3e278adb0"}, {"key": "references", "hash": "8c6638e312e22181a80e9c8b74bd6fc1"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "bb196a5a977dbcadcfba4e3edac6413d"}, {"key": "title", "hash": "e82095d5f3ede215ff38dcae1f5c7b05"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "9650516d3e21c1b06be188f66c6052a30af3d6951587464678ddff6b0a51af8c", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1519_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850862\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:43 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu SUSE-SU-2015:1519-1 (qemu)\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\");\n script_tag(name: \"affected\", value: \"qemu on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1519_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.0.2~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.4~48.4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "1361412562310850862"}

{"cve": [{"lastseen": "2017-04-18T15:57:02", "references": ["http://www.debian.org/security/2015/dsa-3285", "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", "http://www.openwall.com/lists/oss-security/2015/05/16/5", "https://bugzilla.redhat.com/show_bug.cgi?id=1222892", "http://www.ubuntu.com/usn/USN-2630-1", "http://www.openwall.com/lists/oss-security/2015/05/23/4", "http://www.openwall.com/lists/oss-security/2015/05/13/7", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html", "http://www.debian.org/security/2015/dsa-3284", "http://www.securityfocus.com/bid/74809", "http://www.securitytracker.com/id/1032547"], "edition": 2, "description": "The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.", "reporter": "NVD", "published": "2015-08-26T15:59:05", "title": "CVE-2015-4037", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-4037"], "scanner": [], "modified": "2016-12-23T21:59:16", "cpe": ["cpe:/a:qemu:qemu:2.3.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4037", "id": "CVE-2015-4037", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:39", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html", "http://www.debian.org/security/2015/dsa-3285", "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", "http://www.debian.org/security/2015/dsa-3286", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html", "http://xenbits.xen.org/xsa/advisory-135.html", "http://www.ubuntu.com/usn/USN-2630-1", "http://www.securityfocus.com/bid/75123", "http://www.securitytracker.com/id/1032545", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", "https://kb.juniper.net/JSA10783", "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html", "http://rhn.redhat.com/errata/RHSA-2015-1089.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html", "http://rhn.redhat.com/errata/RHSA-2015-1087.html", "http://www.debian.org/security/2015/dsa-3284", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html", "https://security.gentoo.org/glsa/201510-02", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html", "http://rhn.redhat.com/errata/RHSA-2015-1189.html", "http://rhn.redhat.com/errata/RHSA-2015-1088.html", "https://security.gentoo.org/glsa/201604-03"], "edition": 6, "description": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.", "reporter": "NVD", "published": "2015-06-15T11:59:00", "title": "CVE-2015-3209", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3209"], "scanner": [], "cpe": ["cpe:/o:xen:xen:4.5.0", "cpe:/a:qemu:qemu:-", "cpe:/a:juniper:junos_space:15.1"], "modified": "2018-01-04T21:30:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3209", "id": "CVE-2015-3209", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:39", "references": ["http://xenbits.xen.org/xsa/advisory-135.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.11.1_20", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.11.1_20", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.3.50.g20150618_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-sbruno", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.5.0_6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xen-tools", "operator": "lt"}], "description": "\nThe QEMU security team reports:\n\nA guest which has access to an emulated PCNET network\n\t device (e.g. with \"model=pcnet\" in their VIF configuration)\n\t can exploit this vulnerability to take over the qemu\n\t process elevating its privilege to that of the qemu\n\t process.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-04-10T00:00:00", "title": "qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "modified": "2015-07-11T00:00:00", "id": "ACD5D037-1C33-11E5-BE9C-6805CA1D3BB1", "href": "https://vuxml.freebsd.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:29:52", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.1.2+dfsg-6+deb7u8", "arch": "all", "packageFilename": "qemu-kvm-dbg_1.1.2+dfsg-6+deb7u8_all.deb", "packageName": "qemu-kvm-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.1.2+dfsg-6+deb7u8", "arch": "all", "packageFilename": "kvm_1.1.2+dfsg-6+deb7u8_all.deb", "packageName": "kvm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.1.2+dfsg-6+deb7u8", "arch": "all", "packageFilename": "qemu-kvm_1.1.2+dfsg-6+deb7u8_all.deb", "packageName": "qemu-kvm", "operator": "lt"}], "description": "Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.\n\n * [CVE-2015-3209](<https://security-tracker.debian.org/tracker/CVE-2015-3209>)\n\nMatt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.\n\n * [CVE-2015-4037](<https://security-tracker.debian.org/tracker/CVE-2015-4037>)\n\nKurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u8.\n\nWe recommend that you upgrade your qemu-kvm packages.", "edition": 1, "reporter": "Debian", "published": "2015-06-13T00:00:00", "title": "qemu-kvm -- security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2015-06-13T00:00:00", "id": "DSA-3285", "href": "http://www.debian.org/security/dsa-3285", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:33:02", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-misc_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-mips_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-kvm_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-guest-agent_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-arm_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-utils_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-utils", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-user-binfmt_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-user-binfmt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-common_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-x86_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-ppc_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-user_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-user-static_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-user-static", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1:2.1+dfsg-12+deb8u1", "packageFilename": "qemu-system-sparc_1:2.1+dfsg-12+deb8u1_all.deb", "arch": "all", "packageName": "qemu-system-sparc", "operator": "lt"}], "edition": 1, "description": "Several vulnerabilities were discovered in qemu, a fast processor emulator.\n\n * [CVE-2015-3209](<https://security-tracker.debian.org/tracker/CVE-2015-3209>)\n\nMatt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.\n\n * [CVE-2015-4037](<https://security-tracker.debian.org/tracker/CVE-2015-4037>)\n\nKurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.\n\n * [CVE-2015-4103](<https://security-tracker.debian.org/tracker/CVE-2015-4103>)\n\nJan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4104](<https://security-tracker.debian.org/tracker/CVE-2015-4104>)\n\nJan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4105](<https://security-tracker.debian.org/tracker/CVE-2015-4105>)\n\nJan Beulich of SUSE reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4106](<https://security-tracker.debian.org/tracker/CVE-2015-4106>)\n\nJan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u8. Only [CVE-2015-3209](<https://security-tracker.debian.org/tracker/CVE-2015-3209>) and [CVE-2015-4037](<https://security-tracker.debian.org/tracker/CVE-2015-4037>) affect oldstable.\n\nFor the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1:2.3+dfsg-6.\n\nWe recommend that you upgrade your qemu packages.", "reporter": "Debian", "published": "2015-06-13T00:00:00", "type": "debian", "title": "qemu -- security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-13T00:00:00", "id": "DSA-3284", "href": "http://www.debian.org/security/dsa-3284", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-06T01:29:53", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-hypervisor-4.4-armhf_4.4.1-9+deb8u1_all.deb", "packageName": "xen-hypervisor-4.4-armhf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-utils-4.1_4.1.4-3+deb7u8_all.deb", "packageName": "xen-utils-4.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-system-armhf_4.4.1-9+deb8u1_all.deb", "packageName": "xen-system-armhf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-hypervisor-4.4-amd64_4.4.1-9+deb8u1_all.deb", "packageName": "xen-hypervisor-4.4-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xenstore-utils_4.1.4-3+deb7u8_all.deb", "packageName": "xenstore-utils", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "libxen-4.1_4.1.4-3+deb7u8_all.deb", "packageName": "libxen-4.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen_4.4.1-9+deb8u1_all.deb", "packageName": "xen", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-utils-common_4.4.1-9+deb8u1_all.deb", "packageName": "xen-utils-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-utils-4.4_4.4.1-9+deb8u1_all.deb", "packageName": "xen-utils-4.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "libxen-ocaml-dev_4.1.4-3+deb7u8_all.deb", "packageName": "libxen-ocaml-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-system-i386_4.1.4-3+deb7u8_all.deb", "packageName": "xen-system-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-hypervisor-4.1-amd64_4.1.4-3+deb7u8_all.deb", "packageName": "xen-hypervisor-4.1-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "libxenstore3.0_4.4.1-9+deb8u1_all.deb", "packageName": "libxenstore3.0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xenstore-utils_4.4.1-9+deb8u1_all.deb", "packageName": "xenstore-utils", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-utils-common_4.1.4-3+deb7u8_all.deb", "packageName": "xen-utils-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-hypervisor-4.1-i386_4.1.4-3+deb7u8_all.deb", "packageName": "xen-hypervisor-4.1-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen_4.1.4-3+deb7u8_all.deb", "packageName": "xen", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "libxen-ocaml_4.1.4-3+deb7u8_all.deb", "packageName": "libxen-ocaml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "libxenstore3.0_4.1.4-3+deb7u8_all.deb", "packageName": "libxenstore3.0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "libxen-dev_4.1.4-3+deb7u8_all.deb", "packageName": "libxen-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "xen-system-amd64_4.4.1-9+deb8u1_all.deb", "packageName": "xen-system-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "libxen-4.4_4.4.1-9+deb8u1_all.deb", "packageName": "libxen-4.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-system-amd64_4.1.4-3+deb7u8_all.deb", "packageName": "xen-system-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.1.4-3+deb7u8", "arch": "all", "packageFilename": "xen-docs-4.1_4.1.4-3+deb7u8_all.deb", "packageName": "xen-docs-4.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.4.1-9+deb8u1", "arch": "all", "packageFilename": "libxen-dev_4.4.1-9+deb8u1_all.deb", "packageName": "libxen-dev", "operator": "lt"}], "description": "Multiple security issues have been found in the Xen virtualisation solution:\n\n * [CVE-2015-3209](<https://security-tracker.debian.org/tracker/CVE-2015-3209>)\n\nMatt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.\n\n * [CVE-2015-4103](<https://security-tracker.debian.org/tracker/CVE-2015-4103>)\n\nJan Beulich discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4104](<https://security-tracker.debian.org/tracker/CVE-2015-4104>)\n\nJan Beulich discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4105](<https://security-tracker.debian.org/tracker/CVE-2015-4105>)\n\nJan Beulich reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.\n\n * [CVE-2015-4106](<https://security-tracker.debian.org/tracker/CVE-2015-4106>)\n\nJan Beulich discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.\n\n * [CVE-2015-4163](<https://security-tracker.debian.org/tracker/CVE-2015-4163>)\n\nJan Beulich discovered that a missing version check in the GNTTABOP_swap_grant_ref hypercall handler may result in denial of service. This only applies to Debian stable/jessie.\n\n * [CVE-2015-4164](<https://security-tracker.debian.org/tracker/CVE-2015-4164>)\n\nAndrew Cooper discovered a vulnerability in the iret hypercall handler, which may result in denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u8. \n\nFor the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u1. [CVE-2015-3209](<https://security-tracker.debian.org/tracker/CVE-2015-3209>), [CVE-2015-4103](<https://security-tracker.debian.org/tracker/CVE-2015-4103>), [CVE-2015-4104](<https://security-tracker.debian.org/tracker/CVE-2015-4104>), [CVE-2015-4105](<https://security-tracker.debian.org/tracker/CVE-2015-4105>) and [CVE-2015-4106](<https://security-tracker.debian.org/tracker/CVE-2015-4106>) don't affect the Xen package in stable jessie, it uses the standard qemu package and has already been fixed in DSA-3284-1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your xen packages.", "edition": 2, "reporter": "Debian", "published": "2015-06-13T00:00:00", "title": "xen -- security update", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4164", "CVE-2015-4163", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-13T00:00:00", "id": "DSA-3286", "href": "http://www.debian.org/security/dsa-3286", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:00:12", "references": ["http://www.nessus.org/u?008b7e82", "https://www.suse.com/security/cve/CVE-2015-3209.html", "https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/932267", "http://www.nessus.org/u?f93c1909"], "pluginID": "84443", "description": "KVM was updated to fix two security issues :\n\nCVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (bsc#932770)\n\nCVE-2015-4037: Predictable directory names for smb configuration.\n(bsc#932267)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-06-29T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : KVM (SUSE-SU-2015:1152-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2018-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1152-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84443", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1152-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84443);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_bugtraq_id(74809, 75123);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : KVM (SUSE-SU-2015:1152-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM was updated to fix two security issues :\n\nCVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest\nto host escape. (bsc#932770)\n\nCVE-2015-4037: Predictable directory names for smb configuration.\n(bsc#932267)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/932267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/932770\"\n );\n # https://download.suse.com/patch/finder/?keywords=22b018e7745a4c6e213ac9c05777d59d\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?008b7e82\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3209.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151152-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f93c1909\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-kvm=10747\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-kvm=10747\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kvm-1.4.2-0.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kvm-1.4.2-0.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kvm-1.4.2-0.22.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KVM\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:42", "references": ["http://www.debian.org/security/2015/dsa-3285", "https://security-tracker.debian.org/tracker/CVE-2015-3209", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460", "https://packages.debian.org/source/wheezy/qemu-kvm", "https://security-tracker.debian.org/tracker/CVE-2015-4037"], "pluginID": "84168", "description": "Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.\n\n - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.\n\n - CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.", "edition": 5, "reporter": "Tenable", "published": "2015-06-15T00:00:00", "title": "Debian DSA-3285-1 : qemu-kvm - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2018-07-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-kvm", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3285.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3285. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84168);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_bugtraq_id(74809, 75123);\n script_xref(name:\"DSA\", value:\"3285\");\n\n script_name(english:\"Debian DSA-3285-1 : qemu-kvm - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.\n\n - CVE-2015-3209\n Matt Tait of Google's Project Zero security team\n discovered a flaw in the way QEMU's AMD PCnet Ethernet\n emulation handles multi-TMD packets with a length above\n 4096 bytes. A privileged guest user in a guest with an\n AMD PCNet ethernet card enabled can potentially use this\n flaw to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.\n\n - CVE-2015-4037\n Kurt Seifried of Red Hat Product Security discovered\n that QEMU's user mode networking stack uses predictable\n temporary file names when the -smb option is used. An\n unprivileged user can use this flaw to cause a denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3285\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu-kvm packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.1.2+dfsg-6+deb7u8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:32:48", "references": ["https://www.suse.com/security/cve/CVE-2015-3209.html", "https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/893892", "https://bugzilla.suse.com/932267", "https://www.suse.com/security/cve/CVE-2015-4037.html", "http://www.nessus.org/u?2f5d26d4"], "pluginID": "85902", "description": "qemu was updated to fix two security issues and augments one non-security bug fix.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (bsc#932770)\n\n - CVE-2015-4037: Avoid predictable directory name for smb config (bsc#932267)\n\nThe fix for the following non-security bug was improved :\n\n - bsc#893892: Use improved upstream patch for display issue affecting installs of SLES 11 VMs on SLES 12\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-09-11T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1519-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2018-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2015-1519-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1519-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85902);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_bugtraq_id(74809, 75123);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1519-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qemu was updated to fix two security issues and augments one\nnon-security bug fix.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3209: heap overflow in qemu pcnet controller\n allowing guest to host escape (XSA-135) (bsc#932770)\n\n - CVE-2015-4037: Avoid predictable directory name for smb\n config (bsc#932267)\n\nThe fix for the following non-security bug was improved :\n\n - bsc#893892: Use improved upstream patch for display\n issue affecting installs of SLES 11 VMs on SLES 12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/893892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/932267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/932770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4037.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151519-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f5d26d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-509=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-509=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-debugsource-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-lang-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-kvm-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-kvm-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-tools-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-48.4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-48.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:07", "references": ["http://xenbits.xen.org/xsa/advisory-135.html", "http://www.nessus.org/u?4fb7c68f"], "pluginID": "84438", "description": "The QEMU security team reports :\n\nA guest which has access to an emulated PCNET network device (e.g.\nwith 'model=pcnet' in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.", "edition": 4, "reporter": "Tenable", "published": "2015-06-29T00:00:00", "title": "FreeBSD : qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209) (acd5d037-1c33-11e5-be9c-6805ca1d3bb1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2015-07-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:qemu-devel", "p-cpe:/a:freebsd:freebsd:qemu-sbruno", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:qemu", "p-cpe:/a:freebsd:freebsd:xen-tools"], "id": "FREEBSD_PKG_ACD5D0371C3311E5BE9C6805CA1D3BB1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84438);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/07/14 13:43:56 $\");\n\n script_cve_id(\"CVE-2015-3209\");\n\n script_name(english:\"FreeBSD : qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209) (acd5d037-1c33-11e5-be9c-6805ca1d3bb1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The QEMU security team reports :\n\nA guest which has access to an emulated PCNET network device (e.g.\nwith 'model=pcnet' in their VIF configuration) can exploit this\nvulnerability to take over the qemu process elevating its privilege to\nthat of the qemu process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://xenbits.xen.org/xsa/advisory-135.html\"\n );\n # http://www.freebsd.org/ports/portaudit/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4fb7c68f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu-sbruno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"qemu<0.11.1_20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu>=0.12<2.3.0_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-devel<0.11.1_20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-devel>=0.12<2.3.0_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-sbruno<2.3.50.g20150618_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"xen-tools<4.5.0_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:25", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1222892", "http://www.nessus.org/u?9857375f"], "pluginID": "84307", "description": "- User interface freezes when entering space character in Xfig (bz #1151253)\n\n - CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894)\n\n - Backport {Haswell,Broadwell}-noTSX cpu models (bz #1213053)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-22T00:00:00", "title": "Fedora 21 : qemu-2.1.3-8.fc21 (2015-9599)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qemu", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-9599.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9599.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84307);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-4037\");\n script_xref(name:\"FEDORA\", value:\"2015-9599\");\n\n script_name(english:\"Fedora 21 : qemu-2.1.3-8.fc21 (2015-9599)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - User interface freezes when entering space character in\n Xfig (bz #1151253)\n\n - CVE-2015-4037: insecure temporary file use in\n /net/slirp.c (bz #1222894)\n\n - Backport {Haswell,Broadwell}-noTSX cpu models (bz\n #1213053)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222892\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9857375f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"qemu-2.1.3-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:59", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1222892", "http://www.nessus.org/u?efdc5f35"], "pluginID": "84131", "description": "- CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-12T00:00:00", "title": "Fedora 22 : qemu-2.3.0-5.fc22 (2015-9601)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qemu", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-9601.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9601.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84131);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-4037\");\n script_xref(name:\"FEDORA\", value:\"2015-9601\");\n\n script_name(english:\"Fedora 22 : qemu-2.3.0-5.fc22 (2015-9601)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2015-4037: insecure temporary file use in\n /net/slirp.c (bz #1222894)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222892\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efdc5f35\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"qemu-2.3.0-5.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:15", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-June/005180.html"], "pluginID": "84418", "description": "From Red Hat Security Advisory 2015:1189 :\n\nUpdated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.", "edition": 5, "reporter": "Tenable", "published": "2015-06-26T00:00:00", "title": "Oracle Linux 5 : kvm (ELSA-2015-1189)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kvm-tools", "p-cpe:/a:oracle:linux:kvm", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kmod-kvm", "p-cpe:/a:oracle:linux:kmod-kvm-debug", "p-cpe:/a:oracle:linux:kvm-qemu-img"], "id": "ORACLELINUX_ELSA-2015-1189.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1189 and \n# Oracle Linux Security Advisory ELSA-2015-1189 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84418);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2015-3209\");\n script_bugtraq_id(75123);\n script_xref(name:\"RHSA\", value:\"2015:1189\");\n\n script_name(english:\"Oracle Linux 5 : kvm (ELSA-2015-1189)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1189 :\n\nUpdated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation\nhandled multi-TMD packets with a length above 4096 bytes. A privileged\nguest user in a guest with an AMD PCNet ethernet card enabled could\npotentially use this flaw to execute arbitrary code on the host with\nthe privileges of the hosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero\nsecurity team for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure\nin the Solution section must be performed before this update will take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005180.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-273.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-273.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-83-273.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-273.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-273.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:54", "references": ["http://www.nessus.org/u?6a853699", "https://bugzilla.redhat.com/show_bug.cgi?id=1225882"], "pluginID": "84374", "description": "stubs-32.h is back, so revert to previous behaviour. Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-25T00:00:00", "title": "Fedora 22 : xen-4.5.0-11.fc22 (2015-10001)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-10001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10001.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84374);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:49:04 $\");\n\n script_cve_id(\"CVE-2015-3209\");\n script_xref(name:\"FEDORA\", value:\"2015-10001\");\n\n script_name(english:\"Fedora 22 : xen-4.5.0-11.fc22 (2015-10001)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"stubs-32.h is back, so revert to previous behaviour. Heap overflow in\nQEMU PCNET controller, allowing guest->host escape [XSA-135,\nCVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior\n[XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler\n[XSA-136, CVE-2015-4164].\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1225882\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a853699\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"xen-4.5.0-11.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:40", "references": ["http://www.nessus.org/u?1aef9bbc", "https://bugzilla.redhat.com/show_bug.cgi?id=1225882"], "pluginID": "84379", "description": "Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-25T00:00:00", "title": "Fedora 21 : xen-4.4.2-6.fc21 (2015-9978)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2015-9978.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9978.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84379);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-3209\");\n script_xref(name:\"FEDORA\", value:\"2015-9978\");\n\n script_name(english:\"Fedora 21 : xen-4.4.2-6.fc21 (2015-9978)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap overflow in QEMU PCNET controller, allowing guest->host escape\n[XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation\nmisbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret\nhypercall handler [XSA-136, CVE-2015-4164].\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1225882\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aef9bbc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"xen-4.4.2-6.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:00", "references": ["https://packages.debian.org/source/wheezy/qemu", "https://security-tracker.debian.org/tracker/CVE-2015-3209", "https://security-tracker.debian.org/tracker/CVE-2015-3209", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460", "https://packages.debian.org/source/jessie/qemu", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547", "https://security-tracker.debian.org/tracker/CVE-2015-4103", "https://security-tracker.debian.org/tracker/CVE-2015-4106", "https://security-tracker.debian.org/tracker/CVE-2015-4037", "https://security-tracker.debian.org/tracker/CVE-2015-4037", "http://www.debian.org/security/2015/dsa-3284", "https://security-tracker.debian.org/tracker/CVE-2015-4105", "https://security-tracker.debian.org/tracker/CVE-2015-4104"], "pluginID": "84167", "description": "Several vulnerabilities were discovered in qemu, a fast processor emulator.\n\n - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.\n\n - CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. An unprivileged user can use this flaw to cause a denial of service.\n\n - CVE-2015-4103 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.\n\n - CVE-2015-4104 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.\n\n - CVE-2015-4105 Jan Beulich of SUSE reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.\n\n - CVE-2015-4106 Jan Beulich of SUSE discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.", "edition": 5, "reporter": "Tenable", "published": "2015-06-15T00:00:00", "title": "Debian DSA-3284-1 : qemu - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2018-05-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:qemu", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3284.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3284. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84167);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/05/10 13:08:41\");\n\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\", \"CVE-2015-4103\", \"CVE-2015-4104\", \"CVE-2015-4105\", \"CVE-2015-4106\");\n script_bugtraq_id(74809, 74947, 74948, 74949, 74950, 75123);\n script_xref(name:\"DSA\", value:\"3284\");\n\n script_name(english:\"Debian DSA-3284-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu, a fast processor\nemulator.\n\n - CVE-2015-3209\n Matt Tait of Google's Project Zero security team\n discovered a flaw in the way QEMU's AMD PCnet Ethernet\n emulation handles multi-TMD packets with a length above\n 4096 bytes. A privileged guest user in a guest with an\n AMD PCNet ethernet card enabled can potentially use this\n flaw to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.\n\n - CVE-2015-4037\n Kurt Seifried of Red Hat Product Security discovered\n that QEMU's user mode networking stack uses predictable\n temporary file names when the -smb option is used. An\n unprivileged user can use this flaw to cause a denial of\n service.\n\n - CVE-2015-4103\n Jan Beulich of SUSE discovered that the QEMU Xen code\n does not properly restrict write access to the host MSI\n message data field, allowing a malicious guest to cause\n a denial of service.\n\n - CVE-2015-4104\n Jan Beulich of SUSE discovered that the QEMU Xen code\n does not properly restrict access to PCI MSI mask bits,\n allowing a malicious guest to cause a denial of service.\n\n - CVE-2015-4105\n Jan Beulich of SUSE reported that the QEMU Xen code\n enables logging for PCI MSI-X pass-through error\n messages, allowing a malicious guest to cause a denial\n of service.\n\n - CVE-2015-4106\n Jan Beulich of SUSE discovered that the QEMU Xen code\n does not properly restrict write access to the PCI\n config space for certain PCI pass-through devices,\n allowing a malicious guest to cause a denial of service,\n obtain sensitive information or potentially execute\n arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3284\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.1.2+dfsg-6+deb7u8. Only CVE-2015-3209 and\nCVE-2015-4037 affect oldstable.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:2.1+dfsg-12+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-kvm\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-arm\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-common\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-mips\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-misc\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-x86\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-static\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-utils\", reference:\"1:2.1+dfsg-12+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:35", "references": ["https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/932267", "https://download.suse.com/patch/finder/?keywords=22b018e7745a4c6e213ac9c05777d59d"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.4.2-0.22.31.1", "arch": "s390x", "packageFilename": "kvm-1.4.2-0.22.31.1.s390x.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.4.2-0.22.31.1", "arch": "i586", "packageFilename": "kvm-1.4.2-0.22.31.1.i586.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.4.2-0.22.31.1", "arch": "x86_64", "packageFilename": "kvm-1.4.2-0.22.31.1.x86_64.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.4.2-0.22.31.1", "arch": "x86_64", "packageFilename": "kvm-1.4.2-0.22.31.1.x86_64.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.4.2-0.22.31.1", "arch": "i586", "packageFilename": "kvm-1.4.2-0.22.31.1.i586.rpm", "packageName": "kvm", "operator": "lt"}], "description": "KVM was updated to fix two security issues:\n\n * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest\n to host escape. (bsc#932770)\n * CVE-2015-4037: Predictable directory names for smb configuration.\n (bsc#932267)\n\n Security Issues:\n\n * CVE-2015-3209\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-26T15:08:01", "title": "Security update for KVM (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2015-06-26T15:08:01", "id": "SUSE-SU-2015:1152-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:39:29", "references": ["https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/893892", "https://bugzilla.suse.com/932267"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "48.4.1", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu", "packageFilename": "qemu-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-s390", "packageFilename": "qemu-s390-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.4-48.4.1", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.7.4-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu", "packageFilename": "qemu-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu", "packageFilename": "qemu-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.0.0-48.4.1", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-rbd", "packageFilename": "qemu-block-rbd-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "48.4.1", "packageName": "qemu-sgabios-8", "packageFilename": "qemu-sgabios-8-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-s390-debuginfo", "packageFilename": "qemu-s390-debuginfo-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-rbd-debuginfo", "packageFilename": "qemu-block-rbd-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.4-48.4.1", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.7.4-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu", "packageFilename": "qemu-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-lang", "packageFilename": "qemu-lang-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.4-48.4.1", "packageName": "qemu-seabios", "packageFilename": "qemu-seabios-1.7.4-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools-debuginfo", "packageFilename": "qemu-tools-debuginfo-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-ppc", "packageFilename": "qemu-ppc-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.0.0-48.4.1", "packageName": "qemu-ipxe", "packageFilename": "qemu-ipxe-1.0.0-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.4-48.4.1", "packageName": "qemu-vgabios", "packageFilename": "qemu-vgabios-1.7.4-48.4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-x86-debuginfo", "packageFilename": "qemu-x86-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl-debuginfo", "packageFilename": "qemu-block-curl-debuginfo-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-guest-agent-debuginfo", "packageFilename": "qemu-guest-agent-debuginfo-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-block-curl", "packageFilename": "qemu-block-curl-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-x86-debuginfo", "packageFilename": "qemu-x86-debuginfo-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-ppc-debuginfo", "packageFilename": "qemu-ppc-debuginfo-2.0.2-48.4.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-debugsource", "packageFilename": "qemu-debugsource-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-tools", "packageFilename": "qemu-tools-2.0.2-48.4.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "2.0.2-48.4.1", "packageName": "qemu-x86", "packageFilename": "qemu-x86-2.0.2-48.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "qemu was updated to fix two security issues and augments one non-security\n bug fix.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to\n host escape (XSA-135) (bsc#932770)\n * CVE-2015-4037: Avoid predictable directory name for smb config\n (bsc#932267)\n\n The fix for the following non-security bug was improved:\n\n * bsc#893892: Use improved upstream patch for display issue affecting\n installs of SLES 11 VMs on SLES 12\n\n", "edition": 1, "reporter": "Suse", "published": "2015-09-09T18:13:21", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2015-09-09T18:13:21", "id": "SUSE-SU-2015:1519-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:50", "references": ["https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/938344"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm-debugsource", "packageFilename": "kvm-debugsource-0.15.1-0.32.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm", "packageFilename": "kvm-0.15.1-0.32.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm-debuginfo", "packageFilename": "kvm-debuginfo-0.15.1-0.32.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm-debuginfo", "packageFilename": "kvm-debuginfo-0.15.1-0.32.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm", "packageFilename": "kvm-0.15.1-0.32.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "0.15.1-0.32.2", "packageName": "kvm-debugsource", "packageFilename": "kvm-debugsource-0.15.1-0.32.2.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "kvm was updated to fix two security issues.\n\n The following vulnerabilities were fixed:\n\n - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n - CVE-2015-3209: Fix buffer overflow in pcnet emulation (bsc#932770).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-08-21T18:13:47", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for kvm (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5154", "CVE-2015-3209"], "modified": "2015-08-21T18:13:47", "id": "SUSE-SU-2015:1426-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:08:53", "references": ["https://bugzilla.suse.com/932770", "https://download.suse.com/patch/finder/?keywords=f26fb5291b18bbfa26447df16a7ab90f", "https://bugzilla.suse.com/932996"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-vmi", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-doc-ps", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-debug", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-tools-ioemu", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-tools-ioemu", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-doc-pdf", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-kdumppae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-libs-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-libs", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.x86_64.rpm", "packageName": "xen-kmp-kdump", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.x86_64.rpm", "packageName": "xen-kmp-smp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.x86_64.rpm", "packageName": "xen-kmp-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-doc-ps", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-libs-32bit-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-kdump", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-bigsmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-devel-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-devel-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-libs-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-tools-domU", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-smp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-doc-html", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.17.1.x86_64.rpm", "packageName": "xen-doc-pdf", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1", "packageFilename": "xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1.i586.rpm", "packageName": "xen-kmp-vmipae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.17.1", "packageFilename": "xen-tools-3.2.3_17040_46-0.17.1.i586.rpm", "packageName": "xen-tools", "arch": "i586", "operator": "lt"}], "description": "Xen was updated to fix two security issues:\n\n * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest\n to host escape. (XSA-135, bsc#932770)\n * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,\n bsc#932996)\n\n Security Issues:\n\n * CVE-2015-4164\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164</a>&gt;\n * CVE-2015-3209\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-08T17:08:09", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Security update for Xen (important)", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4164", "CVE-2015-3209"], "modified": "2015-07-08T17:08:09", "id": "SUSE-SU-2015:1206-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:37:04", "references": ["https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/939712", "https://download.suse.com/patch/finder/?keywords=8837c9fd890aaac522c74dc7741b001c", "https://bugzilla.suse.com/932996", "https://bugzilla.suse.com/938344"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-debug", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-tools-ioemu", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-tools-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "x86_64", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.x86_64.rpm", "packageName": "xen-kmp-kdump", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "x86_64", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.x86_64.rpm", "packageName": "xen-kmp-smp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-tools-ioemu", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-smp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-vmipae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-libs-32bit-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-devel-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-doc-ps", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "x86_64", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-tools-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-kdumppae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-libs-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-vmi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-bigsmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "i586", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.i586.rpm", "packageName": "xen-kmp-kdump", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1", "arch": "x86_64", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1.x86_64.rpm", "packageName": "xen-kmp-debug", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-doc-ps", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "x86_64", "packageFilename": "xen-devel-3.2.3_17040_46-0.21.1.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.21.1", "arch": "i586", "packageFilename": "xen-libs-3.2.3_17040_46-0.21.1.i586.rpm", "packageName": "xen-libs", "operator": "lt"}], "description": "Xen was updated to fix the following security issues:\n\n * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM.\n (bsc#938344)\n * CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing\n guest to host escape. (bsc#932770)\n * CVE-2015-4164: DoS through iret hypercall handler. (bsc#932996)\n * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139\n device model. (XSA-140, bsc#939712)\n\n Security Issues:\n\n * CVE-2015-5154\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154</a>&gt;\n * CVE-2015-3209\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>&gt;\n * CVE-2015-4164\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164</a>&gt;\n * CVE-2015-5165\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165</a>&gt;\n\n\n", "edition": 1, "reporter": "Suse", "published": "2015-09-25T21:10:23", "title": "Security update for Xen (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4164", "CVE-2015-5154", "CVE-2015-3209", "CVE-2015-5165"], "modified": "2015-09-25T21:10:23", "id": "SUSE-SU-2015:1643-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:36", "references": ["https://download.suse.com/patch/finder/?keywords=5db78436698154117f5060fbcf442cac", "https://bugzilla.suse.com/931626", "https://bugzilla.suse.com/931625", "https://bugzilla.suse.com/932770", "https://bugzilla.suse.com/931627", "https://bugzilla.suse.com/931628", "https://bugzilla.suse.com/932996"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18_2.6.32.59_0.19-0.25.1", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen", "packageFilename": "xen-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18_2.6.32.59_0.19-0.25.1", "packageName": "xen-kmp-trace", "packageFilename": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-libs", "packageFilename": "xen-libs-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18_2.6.32.59_0.19-0.25.1", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-libs", "packageFilename": "xen-libs-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-doc-pdf", "packageFilename": "xen-doc-pdf-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-tools", "packageFilename": "xen-tools-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18_2.6.32.59_0.19-0.25.1", "packageName": "xen-kmp-trace", "packageFilename": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18_2.6.32.59_0.19-0.25.1", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen", "packageFilename": "xen-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.0.3_21548_18-0.25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-tools", "packageFilename": "xen-tools-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_18-0.25.1", "packageName": "xen-doc-pdf", "packageFilename": "xen-doc-pdf-4.0.3_21548_18-0.25.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "Xen was updated to fix six security issues:\n\n * CVE-2015-4103: Potential unintended writes to host MSI message data\n field via qemu. (XSA-128, bsc#931625)\n * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.\n (XSA-129, bsc#931626)\n * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error\n messages. (XSA-130, bsc#931627)\n * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,\n bsc#931628)\n * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest\n to host escape. (XSA-135, bsc#932770)\n * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,\n bsc#932996)\n\n Security Issues:\n\n * CVE-2015-4103\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103</a>&gt;\n * CVE-2015-4104\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104</a>&gt;\n * CVE-2015-4105\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105</a>&gt;\n * CVE-2015-4106\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106</a>&gt;\n * CVE-2015-4164\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164</a>&gt;\n * CVE-2015-3209\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-29T14:05:20", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4164", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-29T14:05:20", "id": "SUSE-SU-2015:1156-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["https://bugzilla.suse.com/950367", "https://bugzilla.suse.com/944697", "https://bugzilla.suse.com/950703", "https://bugzilla.suse.com/932267", "https://bugzilla.suse.com/950706", "https://bugzilla.suse.com/944463", "https://bugzilla.suse.com/877642", "https://bugzilla.suse.com/950705"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08_3.0.101_0.7.37-20.1", "packageFilename": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-20.1.i586.rpm", "packageName": "xen-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-libs-32bit-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-devel-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08_3.0.101_0.7.37-20.1", "packageFilename": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-20.1.x86_64.rpm", "packageName": "xen-kmp-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-debugsource-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-doc-html-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-doc-pdf-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-doc-pdf", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-tools-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-libs-4.1.6_08-20.1.i586.rpm", "packageName": "xen-libs", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-devel-4.1.6_08-20.1.i586.rpm", "packageName": "xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08_3.0.101_0.7.37-20.1", "packageFilename": "xen-kmp-default-4.1.6_08_3.0.101_0.7.37-20.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-tools-domU-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-libs-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-tools-domU-4.1.6_08-20.1.i586.rpm", "packageName": "xen-tools-domU", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-debuginfo-4.1.6_08-20.1.i586.rpm", "packageName": "xen-debuginfo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08_3.0.101_0.7.37-20.1", "packageFilename": "xen-kmp-default-4.1.6_08_3.0.101_0.7.37-20.1.i586.rpm", "packageName": "xen-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-debugsource-4.1.6_08-20.1.i586.rpm", "packageName": "xen-debugsource", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.1.6_08-20.1", "packageFilename": "xen-debuginfo-4.1.6_08-20.1.x86_64.rpm", "packageName": "xen-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_08_3.0.101_0.7.37-20.1", "packageFilename": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-20.1.i586.rpm", "packageName": "xen-kmp-trace", "arch": "i586", "operator": "lt"}], "description": "xen was updated to fix eight security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-11-10T18:10:12", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "modified": "2015-11-10T18:10:12", "id": "SUSE-SU-2015:1952-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00016.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:24", "references": ["https://bugzilla.suse.com/950367", "https://bugzilla.suse.com/944697", "https://bugzilla.suse.com/947165", "https://bugzilla.suse.com/950703", "https://bugzilla.suse.com/932267", "https://bugzilla.suse.com/923967", "https://bugzilla.suse.com/907514", "https://bugzilla.suse.com/941074", "https://bugzilla.suse.com/918984", "https://bugzilla.suse.com/950706", "https://bugzilla.suse.com/944463", "https://bugzilla.suse.com/910258", "https://bugzilla.suse.com/877642", "https://bugzilla.suse.com/950705"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-debuginfo", "packageFilename": "xen-debuginfo-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-doc-pdf", "packageFilename": "xen-doc-pdf-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-debuginfo", "packageFilename": "xen-debuginfo-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-devel", "packageFilename": "xen-devel-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-devel", "packageFilename": "xen-devel-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools", "packageFilename": "xen-tools-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-doc-pdf", "packageFilename": "xen-doc-pdf-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen", "packageFilename": "xen-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14_3.0.101_0.47.67-18.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-tools", "packageFilename": "xen-tools-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.2.5_14-18.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.5_14-18.2", "packageName": "xen", "packageFilename": "xen-4.2.5_14-18.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "xen was updated to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bsc#941074: Device 51728 could not be connected. Hotplug scripts not\n working\n\n", "edition": 1, "reporter": "Suse", "published": "2015-10-30T17:13:49", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "modified": "2015-10-30T17:13:49", "id": "SUSE-SU-2015:1853-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:09", "references": ["https://bugzilla.suse.com/950367", "https://bugzilla.suse.com/944697", "https://bugzilla.suse.com/947165", "https://bugzilla.suse.com/950703", "https://bugzilla.suse.com/932267", "https://bugzilla.suse.com/923967", "https://bugzilla.suse.com/907514", "https://bugzilla.suse.com/945167", "https://bugzilla.suse.com/918984", "https://bugzilla.suse.com/950706", "https://bugzilla.suse.com/944463", "https://bugzilla.suse.com/949138", "https://bugzilla.suse.com/910258", "https://bugzilla.suse.com/877642", "https://bugzilla.suse.com/950705", "https://bugzilla.suse.com/901488"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02_k3.12.48_52.27-22.12.1", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_k3.12.48_52.27-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-tools", "packageFilename": "xen-tools-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen", "packageFilename": "xen-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02_k3.12.48_52.27-22.12.1", "packageName": "xen-kmp-default-debuginfo", "packageFilename": "xen-kmp-default-debuginfo-4.4.3_02_k3.12.48_52.27-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-tools-domU-debuginfo", "packageFilename": "xen-tools-domU-debuginfo-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02_k3.12.48_52.27-22.12.1", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_k3.12.48_52.27-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-debuginfo-32bit", "packageFilename": "xen-libs-debuginfo-32bit-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-debuginfo-32bit", "packageFilename": "xen-libs-debuginfo-32bit-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-debuginfo", "packageFilename": "xen-libs-debuginfo-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02_k3.12.48_52.27-22.12.1", "packageName": "xen-kmp-default-debuginfo", "packageFilename": "xen-kmp-default-debuginfo-4.4.3_02_k3.12.48_52.27-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen", "packageFilename": "xen-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-tools-debuginfo", "packageFilename": "xen-tools-debuginfo-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-devel", "packageFilename": "xen-devel-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.4.3_02-22.12.1", "packageName": "xen-libs-debuginfo", "packageFilename": "xen-libs-debuginfo-4.4.3_02-22.12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "xen was updated to version 4.4.3 to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting\n in irq problems on servers with a large amount of CPU cores\n - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show\n errors\n - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort\n\n", "edition": 1, "reporter": "Suse", "published": "2015-11-04T17:13:16", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "modified": "2015-11-04T17:13:16", "id": "SUSE-SU-2015:1908-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:21:42", "references": ["https://bugzilla.suse.com/950367", "https://bugzilla.suse.com/944697", "https://bugzilla.suse.com/947165", "https://bugzilla.suse.com/950703", "https://bugzilla.suse.com/932267", "https://bugzilla.suse.com/949549", "https://bugzilla.suse.com/923967", "https://bugzilla.suse.com/907514", "https://bugzilla.suse.com/945167", "https://bugzilla.suse.com/918984", "https://bugzilla.suse.com/950706", "https://bugzilla.suse.com/944463", "https://bugzilla.suse.com/949138", "https://bugzilla.suse.com/910258", "https://bugzilla.suse.com/877642", "https://bugzilla.suse.com/950705", "https://bugzilla.suse.com/901488"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen", "packageFilename": "xen-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.4.3_02_3.0.101_65-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_3.0.101_65-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_3.0.101_65-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-debuginfo", "packageFilename": "xen-debuginfo-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools", "packageFilename": "xen-tools-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_3.0.101_65-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.4.3_02_3.0.101_65-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools", "packageFilename": "xen-tools-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-devel", "packageFilename": "xen-devel-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen", "packageFilename": "xen-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02_3.0.101_65-26.2", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.4.3_02_3.0.101_65-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-devel", "packageFilename": "xen-devel-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-debugsource", "packageFilename": "xen-debugsource-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs-32bit", "packageFilename": "xen-libs-32bit-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-debuginfo", "packageFilename": "xen-debuginfo-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-doc-html", "packageFilename": "xen-doc-html-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-libs", "packageFilename": "xen-libs-4.4.3_02-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.4", "packageVersion": "4.4.3_02-26.2", "packageName": "xen-tools-domU", "packageFilename": "xen-tools-domU-4.4.3_02-26.2.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "xen was updated to version 4.4.3 to fix nine security issues.\n\n These security issues were fixed:\n - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary\n files with predictable names, which allowed local users to cause a\n denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*\n files before the program (bsc#932267).\n - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote\n attackers to cause a denial of service (crash) via a large L2 table in a\n QCOW version 1 image (bsc#877642).\n - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests\n (bsc#950367).\n - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on\n disks when using the qemu-xen device model, which allowed local guest\n users to write to a read-only disk image (bsc#947165).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter\n an infinite loop (bsc#944697).\n - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to\n denial of service (bsc#950703).\n - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array\n leading to denial of service (bsc#950705).\n - CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (bsc#950706).\n\n These non-security issues were fixed:\n - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed\n - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of\n guest with VT-d NIC\n - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed\n - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has\n been observed\n - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting\n in irq problems on servers with a large amount of CPU cores\n - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show\n errors\n - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort\n - bsc#949549: xm create hangs when maxmen value is enclosed in quotes\n\n", "edition": 1, "reporter": "Suse", "published": "2015-11-03T11:12:06", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7835", "CVE-2014-0222", "CVE-2015-7311", "CVE-2015-4037", "CVE-2015-6815", "CVE-2015-5239"], "modified": "2015-11-03T11:12:06", "id": "SUSE-SU-2015:1894-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:52:49", "references": ["http://www.debian.org/security/2015/dsa-3285.html"], "pluginID": "703285", "description": "Several vulnerabilities were discovered\nin qemu-kvm, a full virtualization solution on x86 hardware.\n\nCVE-2015-3209 \nMatt Tait of Google", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-13T00:00:00", "title": "Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703285", "id": "OPENVAS:703285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3285.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3285-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703285);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_name(\"Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3285.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu-kvm on Debian Linux\");\n script_tag(name: \"insight\", value: \"Using KVM, one can run multiple virtual\nPCs, each running unmodified Linux or Windows images. Each virtual machine has\nprivate virtualized hardware: a network card, disk, graphics adapter, etc.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.1.2+dfsg-6+deb7u8.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin qemu-kvm, a full virtualization solution on x86 hardware.\n\nCVE-2015-3209 \nMatt Tait of Google's Project Zero security team discovered a flaw\nin the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\npackets with a length above 4096 bytes. A privileged guest user in a\nguest with an AMD PCNet ethernet card enabled can potentially use\nthis flaw to execute arbitrary code on the host with the privileges\nof the hosting QEMU process.\n\nCVE-2015-4037 \nKurt Seifried of Red Hat Product Security discovered that QEMU's\nuser mode networking stack uses predictable temporary file names\nwhen the -smb option is used. An unprivileged user can use this flaw\nto cause a denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:47", "references": ["http://www.debian.org/security/2015/dsa-3285.html"], "pluginID": "1361412562310703285", "description": "Several vulnerabilities were discovered\nin qemu-kvm, a full virtualization solution on x86 hardware.\n\nCVE-2015-3209 \nMatt Tait of Google", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-13T00:00:00", "title": "Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3285.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3285-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703285\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_name(\"Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3285.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu-kvm on Debian Linux\");\n script_tag(name: \"insight\", value: \"Using KVM, one can run multiple virtual\nPCs, each running unmodified Linux or Windows images. Each virtual machine has\nprivate virtualized hardware: a network card, disk, graphics adapter, etc.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.1.2+dfsg-6+deb7u8.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin qemu-kvm, a full virtualization solution on x86 hardware.\n\nCVE-2015-3209 \nMatt Tait of Google's Project Zero security team discovered a flaw\nin the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\npackets with a length above 4096 bytes. A privileged guest user in a\nguest with an AMD PCNet ethernet card enabled can potentially use\nthis flaw to execute arbitrary code on the host with the privileges\nof the hosting QEMU process.\n\nCVE-2015-4037 \nKurt Seifried of Red Hat Product Security discovered that QEMU's\nuser mode networking stack uses predictable temporary file names\nwhen the -smb option is used. An unprivileged user can use this flaw\nto cause a denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:52", "references": ["2015:1152_1"], "pluginID": "1361412562310850828", "description": "Check the version of KVM", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for KVM SUSE-SU-2015:1152-1 (KVM)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4037", "CVE-2015-3209"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310850828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1152_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for KVM SUSE-SU-2015:1152-1 (KVM)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850828\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for KVM SUSE-SU-2015:1152-1 (KVM)\");\n script_tag(name: \"summary\", value: \"Check the version of KVM\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n KVM was updated to fix two security issues:\n\n * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest\n to host escape. (bsc#932770)\n * CVE-2015-4037: Predictable directory names for smb configuration.\n (bsc#932267)\n\n Security Issues:\n\n * CVE-2015-3209\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209\");\n script_tag(name: \"affected\", value: \"KVM on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:1152_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~1.4.2~0.22.31.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:55", "references": ["2015:1087-01", "https://www.redhat.com/archives/rhsa-announce/2015-June/msg00013.html"], "pluginID": "1361412562310871374", "description": "Check the version of qemu-kvm", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-11T00:00:00", "title": "RedHat Update for qemu-kvm RHSA-2015:1087-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871374", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2015:1087-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871374\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-11 06:29:29 +0200 (Thu, 11 Jun 2015)\");\n script_cve_id(\"CVE-2015-3209\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2015:1087-01\");\n script_tag(name: \"summary\", value: \"Check the version of qemu-kvm\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\");\n script_tag(name: \"affected\", value: \"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:1087-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.448.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:14", "references": ["http://linux.oracle.com/errata/ELSA-2015-1087.html"], "pluginID": "1361412562310123104", "description": "Oracle Linux Local Security Checks ELSA-2015-1087", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1087", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123104", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-1087.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123104\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 13:59:25 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-1087\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-1087 - qemu-kvm security update - [0.12.1.2-2.448.el6_6.4]- kvm-pcnet-fix-Negative-array-index-read.patch [bz#1225886]- kvm-pcnet-force-the-buffer-access-to-be-in-bounds-during.patch [bz#1225886]- Resolves: bz#1225886 (EMBARGOED CVE-2015-3209 qemu-kvm: qemu: pcnet: multi-tmd buffer overflow in the tx path [rhel-6.6.z])\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-1087\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-1087.html\");\nscript_cve_id(\"CVE-2015-3209\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:20", "references": ["http://www.debian.org/security/2015/dsa-3284.html"], "pluginID": "703284", "description": "Several vulnerabilities were discovered\nin qemu, a fast processor emulator.\n\nCVE-2015-3209 \nMatt Tait of Google", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-13T00:00:00", "title": "Debian Security Advisory DSA 3284-1 (qemu - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703284", "id": "OPENVAS:703284", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3284.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3284-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703284);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\", \"CVE-2015-4103\", \"CVE-2015-4104\",\n \"CVE-2015-4105\", \"CVE-2015-4106\");\n script_name(\"Debian Security Advisory DSA 3284-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3284.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator:\ncurrently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze,\nMIPS, PowerPC, SH4, SPARC and x86-64 emulation. By using dynamic translation\nit achieves reasonable speed while being easy to port on new host CPUs. QEMU\nhas two operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209\nand CVE-2015-4037 affect oldstable.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:2.3+dfsg-6.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin qemu, a fast processor emulator.\n\nCVE-2015-3209 \nMatt Tait of Google's Project Zero security team discovered a flaw\nin the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\npackets with a length above 4096 bytes. A privileged guest user in a\nguest with an AMD PCNet ethernet card enabled can potentially use\nthis flaw to execute arbitrary code on the host with the privileges\nof the hosting QEMU process.\n\nCVE-2015-4037 \nKurt Seifried of Red Hat Product Security discovered that QEMU's\nuser mode networking stack uses predictable temporary file names\nwhen the -smb option is used. An unprivileged user can use this flaw\nto cause a denial of service.\n\nCVE-2015-4103 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict write access to the host MSI message data field,\nallowing a malicious guest to cause a denial of service.\n\nCVE-2015-4104 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict access to PCI MSI mask bits, allowing a malicious\nguest to cause a denial of service.\n\nCVE-2015-4105 \nJan Beulich of SUSE reported that the QEMU Xen code enables\nlogging for PCI MSI-X pass-through error messages, allowing a\nmalicious guest to cause a denial of service.\n\nCVE-2015-4106 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict write access to the PCI config space for certain\nPCI pass-through devices, allowing a malicious guest to cause a\ndenial of service, obtain sensitive information or potentially\nexecute arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the\ninstalled software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:56", "references": ["http://www.debian.org/security/2015/dsa-3284.html"], "pluginID": "1361412562310703284", "description": "Several vulnerabilities were discovered\nin qemu, a fast processor emulator.\n\nCVE-2015-3209 \nMatt Tait of Google", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-13T00:00:00", "title": "Debian Security Advisory DSA 3284-1 (qemu - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703284", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3284.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3284-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703284\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\", \"CVE-2015-4103\", \"CVE-2015-4104\",\n \"CVE-2015-4105\", \"CVE-2015-4106\");\n script_name(\"Debian Security Advisory DSA 3284-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3284.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator:\ncurrently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze,\nMIPS, PowerPC, SH4, SPARC and x86-64 emulation. By using dynamic translation\nit achieves reasonable speed while being easy to port on new host CPUs. QEMU\nhas two operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209\nand CVE-2015-4037 affect oldstable.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:2.3+dfsg-6.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin qemu, a fast processor emulator.\n\nCVE-2015-3209 \nMatt Tait of Google's Project Zero security team discovered a flaw\nin the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\npackets with a length above 4096 bytes. A privileged guest user in a\nguest with an AMD PCNet ethernet card enabled can potentially use\nthis flaw to execute arbitrary code on the host with the privileges\nof the hosting QEMU process.\n\nCVE-2015-4037 \nKurt Seifried of Red Hat Product Security discovered that QEMU's\nuser mode networking stack uses predictable temporary file names\nwhen the -smb option is used. An unprivileged user can use this flaw\nto cause a denial of service.\n\nCVE-2015-4103 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict write access to the host MSI message data field,\nallowing a malicious guest to cause a denial of service.\n\nCVE-2015-4104 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict access to PCI MSI mask bits, allowing a malicious\nguest to cause a denial of service.\n\nCVE-2015-4105 \nJan Beulich of SUSE reported that the QEMU Xen code enables\nlogging for PCI MSI-X pass-through error messages, allowing a\nmalicious guest to cause a denial of service.\n\nCVE-2015-4106 \nJan Beulich of SUSE discovered that the QEMU Xen code does not\nproperly restrict write access to the PCI config space for certain\nPCI pass-through devices, allowing a malicious guest to cause a\ndenial of service, obtain sensitive information or potentially\nexecute arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the\ninstalled software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u8\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:58", "references": ["2015:1189", "http://lists.centos.org/pipermail/centos-announce/2015-June/021224.html"], "pluginID": "1361412562310882211", "description": "Check the version of kmod-kvm", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-03T00:00:00", "title": "CentOS Update for kmod-kvm CESA-2015:1189 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882211", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2015:1189 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882211\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-3209\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-03 11:19:11 +0530 (Fri, 03 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kmod-kvm CESA-2015:1189 centos5 \");\n script_tag(name: \"summary\", value: \"Check the version of kmod-kvm\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"KVM (Kernel-based Virtual Machine) is a full\n virtualization solution for Linux on AMD64 and Intel 64 systems.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n\");\n script_tag(name: \"affected\", value: \"kmod-kvm on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1189\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-June/021224.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~273.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~273.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~273.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~273.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~273.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:31", "references": ["2630-1", "http://www.ubuntu.com/usn/usn-2630-1/"], "pluginID": "1361412562310842235", "description": "Check the version of qemu", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-11T00:00:00", "title": "Ubuntu Update for qemu USN-2630-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qemu USN-2630-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842235\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-11 06:30:50 +0200 (Thu, 11 Jun 2015)\");\n script_cve_id(\"CVE-2015-3209\", \"CVE-2015-4037\", \"CVE-2015-4103\", \"CVE-2015-4104\",\n \"CVE-2015-4105\", \"CVE-2015-4106\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-2630-1\");\n script_tag(name:\"summary\", value:\"Check the version of qemu\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Matt Tait discovered that QEMU incorrectly\nhandled the virtual PCNET driver. A malicious guest could use this issue to\ncause a denial of service, or possibly execute arbitrary code on the host as the\nuser running the QEMU process. In the default installation, when QEMU is used\nwith libvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2015-3209)\n\nKurt Seifried discovered that QEMU incorrectly handled certain temporary\nfiles. A local attacker could use this issue to cause a denial of service.\n(CVE-2015-4037)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the host MSI message data field. A malicious guest could use this\nissue to cause a denial of service. This issue only applied to Ubuntu 14.04\nLTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted access\nto the PCI MSI mask bits. A malicious guest could use this issue to cause a\ndenial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu\n14.10 and Ubuntu 15.04. (CVE-2015-4104)\n\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X\nerror messages. A malicious guest could use this issue to cause a denial of\nservice. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and\nUbuntu 15.04. (CVE-2015-4105)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the PCI config space. A malicious guest could use this issue to\ncause a denial of service, obtain sensitive information, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS,\nUbuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106)\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2630-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2630-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.1+dfsg-4ubuntu6.7\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.0+noroms-0ubuntu14.23\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:05", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-June/021168.html", "2015:1087"], "pluginID": "1361412562310882196", "description": "Check the version of qemu-guest-agent", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-11T00:00:00", "title": "CentOS Update for qemu-guest-agent CESA-2015:1087 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3209"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2015:1087 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882196\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-11 06:30:21 +0200 (Thu, 11 Jun 2015)\");\n script_cve_id(\"CVE-2015-3209\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2015:1087 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of qemu-guest-agent\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\");\n script_tag(name: \"affected\", value: \"qemu-guest-agent on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1087\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-June/021168.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.448.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.448.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.448.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.448.el6_6.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kvm-debuginfo-83-273.el5_11.x86_64.rpm", "packageName": "kvm-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "src", "packageFilename": "kvm-83-273.el5_11.src.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kvm-83-273.el5_11.x86_64.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kmod-kvm-83-273.el5_11.x86_64.rpm", "packageName": "kmod-kvm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kvm-qemu-img-83-273.el5_11.x86_64.rpm", "packageName": "kvm-qemu-img", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kmod-kvm-debug-83-273.el5_11.x86_64.rpm", "packageName": "kmod-kvm-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-273.el5_11", "arch": "x86_64", "packageFilename": "kvm-tools-83-273.el5_11.x86_64.rpm", "packageName": "kvm-tools", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n", "reporter": "RedHat", "published": "2015-06-25T04:00:00", "type": "redhat", "title": "(RHSA-2015:1189) Important: kvm security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:04", "id": "RHSA-2015:1189", "href": "https://access.redhat.com/errata/RHSA-2015:1189", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-12T21:09:54", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "i686", "packageName": "qemu-kvm-debuginfo", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "src", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-debuginfo", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "i686", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-img", "packageFilename": "qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-tools", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "reporter": "RedHat", "published": "2015-06-10T04:00:00", "type": "redhat", "title": "(RHSA-2015:1087) Important: qemu-kvm security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:11", "id": "RHSA-2015:1087", "href": "https://access.redhat.com/errata/RHSA-2015:1087", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-07T05:57:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "src", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "reporter": "RedHat", "published": "2015-06-10T04:00:00", "type": "redhat", "title": "(RHSA-2015:1088) Important: qemu-kvm-rhev security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:34", "id": "RHSA-2015:1088", "href": "https://access.redhat.com/errata/RHSA-2015:1088", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-06T23:50:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "src", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.", "reporter": "RedHat", "published": "2015-06-10T18:50:31", "type": "redhat", "title": "(RHSA-2015:1089) Important: qemu-kvm-rhev security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:58", "id": "RHSA-2015:1089", "href": "https://access.redhat.com/errata/RHSA-2015:1089", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:02", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1189.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "any", "packageName": "kvm", "packageFilename": "kvm-83-273.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "x86_64", "packageName": "kmod-kvm-debug", "packageFilename": "kmod-kvm-debug-83-273.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "x86_64", "packageName": "kvm-qemu-img", "packageFilename": "kvm-qemu-img-83-273.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "x86_64", "packageName": "kmod-kvm", "packageFilename": "kmod-kvm-83-273.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "x86_64", "packageName": "kvm", "packageFilename": "kvm-83-273.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-273.el5.centos", "arch": "x86_64", "packageName": "kvm-tools", "packageFilename": "kvm-tools-83-273.el5.centos.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1189\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021224.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1189.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-06-26T12:05:54", "title": "kmod, kvm security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "modified": "2015-06-26T12:05:54", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021224.html", "id": "CESA-2015:1189", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:43", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1087.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm-tools", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "i686", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-img", "packageFilename": "qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "any", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1087\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. A privileged guest user\nin a guest with an AMD PCNet ethernet card enabled could potentially use\nthis flaw to execute arbitrary code on the host with the privileges of the\nhosting QEMU process. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google's Project Zero security\nteam for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021168.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1087.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-06-10T15:32:54", "title": "qemu security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "modified": "2015-06-10T15:32:54", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021168.html", "id": "CESA-2015:1087", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2630-1\r\nJune 10, 2015\r\n\r\nqemu, qemu-kvm vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in QEMU.\r\n\r\nSoftware Description:\r\n- qemu: Machine emulator and virtualizer\r\n- qemu-kvm: Machine emulator and virtualizer\r\n\r\nDetails:\r\n\r\nMatt Tait discovered that QEMU incorrectly handled the virtual PCNET\r\ndriver. A malicious guest could use this issue to cause a denial of\r\nservice, or possibly execute arbitrary code on the host as the user running\r\nthe QEMU process. In the default installation, when QEMU is used with\r\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\r\n&#40;CVE-2015-3209&#41;\r\n\r\nKurt Seifried discovered that QEMU incorrectly handled certain temporary\r\nfiles. A local attacker could use this issue to cause a denial of service.\r\n&#40;CVE-2015-4037&#41;\r\n\r\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\r\naccess to the host MSI message data field. A malicious guest could use this\r\nissue to cause a denial of service. This issue only applied to Ubuntu 14.04\r\nLTS, Ubuntu 14.10 and Ubuntu 15.04. &#40;CVE-2015-4103&#41;\r\n\r\nJan Beulich discovered that the QEMU Xen code incorrectly restricted access\r\nto the PCI MSI mask bits. A malicious guest could use this issue to cause a\r\ndenial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu\r\n14.10 and Ubuntu 15.04. &#40;CVE-2015-4104&#41;\r\n\r\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X\r\nerror messages. A malicious guest could use this issue to cause a denial of\r\nservice. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and\r\nUbuntu 15.04. &#40;CVE-2015-4105&#41;\r\n\r\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\r\naccess to the PCI config space. A malicious guest could use this issue to\r\ncause a denial of service, obtain sensitive information, or possibly\r\nexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS,\r\nUbuntu 14.10 and Ubuntu 15.04. &#40;CVE-2015-4106&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n qemu-system 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-arm 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-mips 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-misc 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-ppc 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-sparc 1:2.2+dfsg-5expubuntu9.2\r\n qemu-system-x86 1:2.2+dfsg-5expubuntu9.2\r\n\r\nUbuntu 14.10:\r\n qemu-system 2.1+dfsg-4ubuntu6.7\r\n qemu-system-aarch64 2.1+dfsg-4ubuntu6.7\r\n qemu-system-arm 2.1+dfsg-4ubuntu6.7\r\n qemu-system-mips 2.1+dfsg-4ubuntu6.7\r\n qemu-system-misc 2.1+dfsg-4ubuntu6.7\r\n qemu-system-ppc 2.1+dfsg-4ubuntu6.7\r\n qemu-system-sparc 2.1+dfsg-4ubuntu6.7\r\n qemu-system-x86 2.1+dfsg-4ubuntu6.7\r\n\r\nUbuntu 14.04 LTS:\r\n qemu-system 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-arm 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-mips 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-misc 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-ppc 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-sparc 2.0.0+dfsg-2ubuntu1.13\r\n qemu-system-x86 2.0.0+dfsg-2ubuntu1.13\r\n\r\nUbuntu 12.04 LTS:\r\n qemu-kvm 1.0+noroms-0ubuntu14.23\r\n\r\nAfter a standard system update you need to restart all QEMU virtual\r\nmachines to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2630-1\r\n CVE-2015-3209, CVE-2015-4037, CVE-2015-4103, CVE-2015-4104,\r\n CVE-2015-4105, CVE-2015-4106\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.2\r\n https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.7\r\n https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.13\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.23\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-06-13T00:00:00", "title": "[USN-2630-1] QEMU vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:59", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-13T00:00:00", "id": "SECURITYVULNS:DOC:32207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32207", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32207", "https://vulners.com/securityvulns/securityvulns:doc:32231"], "description": "DoS, privilege escalation, information disclosure, code execution.", "edition": 1, "reporter": "UBUNTU", "published": "2015-06-21T00:00:00", "title": "libvirt / qemu / Xen multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "qemu", "version": "2.2", "operator": "eq"}, {"name": "Xen", "version": "4.5", "operator": "eq"}], "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4164", "CVE-2015-4163", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-21T00:00:00", "id": "SECURITYVULNS:VULN:14532", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14532", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:59", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3286-1 security@debian.org\r\nhttps://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 13, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : xen\r\nCVE ID : CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105\r\n CVE-2015-4106 CVE-2015-4163 CVE-2015-4164\r\n\r\nMultiple security issues have been found in the Xen virtualisation\r\nsolution:\r\n \r\nCVE-2015-3209\r\n\r\n Matt Tait discovered a flaw in the way QEMU&#39;s AMD PCnet Ethernet\r\n emulation handles multi-TMD packets with a length above 4096 bytes.\r\n A privileged guest user in a guest with an AMD PCNet ethernet card\r\n enabled can potentially use this flaw to execute arbitrary code on\r\n the host with the privileges of the hosting QEMU process.\r\n\r\nCVE-2015-4103\r\n\r\n Jan Beulich discovered that the QEMU Xen code does not properly\r\n restrict write access to the host MSI message data field, allowing\r\n a malicious guest to cause a denial of service.\r\n\r\nCVE-2015-4104\r\n\r\n Jan Beulich discovered that the QEMU Xen code does not properly\r\n restrict access to PCI MSI mask bits, allowing a malicious guest to\r\n cause a denial of service.\r\n\r\nCVE-2015-4105\r\n\r\n Jan Beulich reported that the QEMU Xen code enables logging for PCI\r\n MSI-X pass-through error messages, allowing a malicious guest to\r\n cause a denial of service.\r\n\r\nCVE-2015-4106\r\n\r\n Jan Beulich discovered that the QEMU Xen code does not properly restrict\r\n write access to the PCI config space for certain PCI pass-through devices,\r\n allowing a malicious guest to cause a denial of service, obtain sensitive\r\n information or potentially execute arbitrary code.\r\n\r\nCVE-2015-4163\r\n\r\n Jan Beulich discovered that a missing version check in the\r\n GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.\r\n This only applies to Debian stable/jessie.\r\n\r\nCVE-2015-4164\r\n\r\n Andrew Cooper discovered a vulnerability in the iret hypercall handler,\r\n which may result in denial of service.\r\n\r\nFor the oldstable distribution &#40;wheezy&#41;, these problems have been fixed\r\nin version 4.1.4-3+deb7u8. \r\n\r\nFor the stable distribution &#40;jessie&#41;, these problems have been fixed in\r\nversion 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,\r\nCVE-2015-4105 and CVE-2015-4106 don&#39;t affect the Xen package in stable\r\njessie, it uses the standard qemu package and has already been fixed in\r\nDSA-3284-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your xen packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVfDmzAAoJEBDCk7bDfE42W3AP+QGuXuhGJ5FFSHK7UmCFPbrn\r\nxsujh8hQKJHb7WFc7k/xdimHWRT2K6MJ6v29Zl+MNR2oLcO0ty28Xuyb+EIWwTbV\r\navuP2igg56delwp73P5ts3ZX4YFBCsonqCjIhSd3QCQkAIGL63x78n26OrDAVvba\r\n2piJ2lJPAMhm4gBJvkWbKnQaIDaDN5qzckZwXfHgCYKhu/d0C2ZrD+RcMg+UTq6j\r\nCFqWB/xaGMT6WILfiKPOMlKkNxH1rqaJ3Kou5q8i9T4QvZq9vU0KHhYWWecFo/KP\r\nS1AH7Vp1UZPQbxVAYHq2mITvIr6RRRMZxJEpzG6wnlPV5G8cM6ZqR1a7nBQ9mhoB\r\nlRWNs8zHvMpS2XxfXzgt/pV3jH1Pj+ELPWP+m4Kjy8g2xFaiW8y4LYq4AUv5+oDa\r\nIBuJW+UNkEWIyrWqhzu0laT8EwTmS1JFt4est4bbNMU0O2Xdo6qB432XNwM804lo\r\nlsii1eEXe0FKpFZVYKho1gLCHVxdWz3EPhZ5qHb8Gi5tnbElVY7aqtACBFXvKd6K\r\n81+qOpiqGk8EMHkdmGBXpwJoMTIczBXxXD9RZazq1Ynr3yNcgtnsz7CVqJTUAb2a\r\nOt4yIf0E5kYAau+tyVQ+Y0ZRbUN3A1u+6gpJqLvTqF80pj1M8kt7DuXC/2lQXl4q\r\nngY7U6RlmLRNSaXd+xvR\r\n=gL/x\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-06-21T00:00:00", "title": "[SECURITY] [DSA 3286-1] xen security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:59", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4164", "CVE-2015-4163", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-21T00:00:00", "id": "SECURITYVULNS:DOC:32231", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32231", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:01", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4106", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4105", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4037", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3209", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4104", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4103"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0+noroms-0ubuntu14.23", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-x86", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-ppc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-arm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-aarch64", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-sparc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.1+dfsg-4ubuntu6.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-mips", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "1:2.2+dfsg-5expubuntu9.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.0.0+dfsg-2ubuntu1.13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-system-misc", "operator": "lt"}], "description": "Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3209)\n\nKurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. (CVE-2015-4037)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the host MSI message data field. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted access to the PCI MSI mask bits. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104)\n\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X error messages. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the PCI config space. A malicious guest could use this issue to cause a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106)", "edition": 3, "reporter": "Ubuntu", "published": "2015-06-10T00:00:00", "title": "QEMU vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-4037", "CVE-2015-4104", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2015-06-10T00:00:00", "id": "USN-2630-1", "href": "https://usn.ubuntu.com/2630-1/", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:40", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "x86_64", "packageFilename": "kvm-83-273.0.1.el5_11.x86_64.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "x86_64", "packageFilename": "kmod-kvm-debug-83-273.0.1.el5_11.x86_64.rpm", "packageName": "kmod-kvm-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "x86_64", "packageFilename": "kvm-tools-83-273.0.1.el5_11.x86_64.rpm", "packageName": "kvm-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "x86_64", "packageFilename": "kvm-qemu-img-83-273.0.1.el5_11.x86_64.rpm", "packageName": "kvm-qemu-img", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "x86_64", "packageFilename": "kmod-kvm-83-273.0.1.el5_11.x86_64.rpm", "packageName": "kmod-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-273.0.1.el5_11", "arch": "src", "packageFilename": "kvm-83-273.0.1.el5_11.src.rpm", "packageName": "kvm", "operator": "lt"}], "description": "[kvm-83-273.0.1.el5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83.273.el5]\n- kvm-pcnet-Properly-handle-TX-requests-during-Link-Fail.patch [bz#1225896]\n- kvm-pcnet-fix-Negative-array-index-read.patch [bz#1225896]\n- kvm-pcnet-force-the-buffer-access-to-be-in-bounds-during.patch [bz#1225896]\n- Resolves: bz#1225896\n (EMBARGOED CVE-2015-3209 kvm: qemu: pcnet: multi-tmd buffer overflow in the tx path [rhel-5.11.z)", "edition": 3, "reporter": "Oracle", "published": "2015-06-25T00:00:00", "title": "kvm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "modified": "2015-06-25T00:00:00", "id": "ELSA-2015-1189", "href": "http://linux.oracle.com/errata/ELSA-2015-1189.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:10", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "i686", "packageFilename": "qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageFilename": "qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "packageName": "qemu-img", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "x86_64", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm", "packageName": "qemu-kvm-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "src", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.448.el6_6.4", "arch": "src", "packageFilename": "qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm", "packageName": "qemu-kvm", "operator": "lt"}], "description": "[0.12.1.2-2.448.el6_6.4]\n- kvm-pcnet-fix-Negative-array-index-read.patch [bz#1225886]\n- kvm-pcnet-force-the-buffer-access-to-be-in-bounds-during.patch [bz#1225886]\n- Resolves: bz#1225886\n (EMBARGOED CVE-2015-3209 qemu-kvm: qemu: pcnet: multi-tmd buffer overflow in the tx path [rhel-6.6.z])", "edition": 3, "reporter": "Oracle", "published": "2015-06-10T00:00:00", "title": "qemu-kvm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3209"], "modified": "2015-06-10T00:00:00", "id": "ELSA-2015-1087", "href": "http://linux.oracle.com/errata/ELSA-2015-1087.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "xen": [{"lastseen": "2016-04-01T21:57:16", "references": [], "description": "#### ISSUE DESCRIPTION\nThe QEMU security team has predisclosed the following advisory:\n pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated frame buffer. If the status field indicates that the frame buffer is ready to be sent out (i.e. by setting the TXSTATUS_DEVICEOWNS, TXSTATUS_STARTPACKET and TXSTATUS_ENDPACKET bits on the status field), the PCNET device controller pulls in the frame from the guest-physical location to s-&gt;buffer (which is 4096 bytes long), and then transmits the frame.\n Because of the layout of the transmit-frame descriptor, it is not possible to send the PCNET device controller a frame of length &gt; 4096, but it /is/ possible to send the PCNET device controller a frame that is marked as TXSTATUS_STARTPACKET, but not TXSTATUS_ENDPACKET. If we do this - and the PCNET controller is configured via the XMTRL CSR to support split-frame processing - then the pcnet_transmit functions loops round, pulling a second transmit frame descriptor from the guest. If this second transmit frame descriptor sets the TXSTATUS_DEVICEOWNS and doesn&#39;t set the TXSTATUS_STARTPACKET bits, this frame is appended to the s-&gt;buffer field.\n An attacker can then exploit this vulnerability by sending a first packet of length 4096 to the device controller, and a second frame containing N-bytes to trigger an N-byte heap overflow.\n On 64-bit QEMU, a 24-byte overflow allows the guest to take control of the phys_mem_write function pointer in the PCNetState_st structure, and this is called when trying to flush the updated transmit frame descriptor back to the guest. By specifying the content of the second transmit frame, the attacker therefore gets reliable fully-chosen control of the host instruction pointer, allowing them to take control of the host.\n#### IMPACT\nA guest which has access to an emulated PCNET network device (e.g. with &quot;model=pcnet&quot; in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.\n#### VULNERABLE SYSTEMS\nAll Xen systems running x86 HVM guests without stubdomains which have been configured to use the PCNET emulated driver model are vulnerable.\nThe default configuration is NOT vulnerable (because it does not emulate PCNET NICs).\nSystems running only PV guests are NOT vulnerable.\nSystems using qemu-dm stubdomain device models (for example, by specifying &quot;device_model_stubdomain_override=1&quot; in xl&#39;s domain configuration files) are NOT vulnerable.\nBoth the traditional &quot;qemu-xen&quot; or upstream qemu device models are potentially vulnerable.\nARM systems are NOT vulnerable.\n", "edition": 1, "reporter": "Xen Project", "published": "2015-06-10T13:10:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "xen", "title": "Heap overflow in QEMU PCNET controller, allowing guest->host escape", "bulletinFamily": "software", "cvelist": ["CVE-2015-3209"], "modified": "2015-06-10T13:10:00", "id": "XSA-135", "href": "http://xenbits.xen.org/xsa/advisory-135.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209", "https://bugs.gentoo.org/show_bug.cgi?id=556050", "https://bugs.gentoo.org/show_bug.cgi?id=556052", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214", "https://bugs.gentoo.org/show_bug.cgi?id=551752", "https://bugs.gentoo.org/show_bug.cgi?id=555680", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.3.0-r4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/qemu", "operator": "lt"}], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nHeap-based buffer overflow has been found in QEMU\u2019s PCNET controller.\n\n### Impact\n\nA remote attacker could execute arbitrary code via a specially crafted packets. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.3.0-r4\"", "reporter": "Gentoo Foundation", "published": "2015-10-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "QEMU: Arbitrary code execution", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3214", "CVE-2015-5158", "CVE-2015-5154", "CVE-2015-3209"], "modified": "2015-10-31T00:00:00", "id": "GLSA-201510-02", "href": "https://security.gentoo.org/glsa/201510-02", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:33", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=555532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340", "https://bugs.gentoo.org/show_bug.cgi?id=566842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105", "https://bugs.gentoo.org/show_bug.cgi?id=571556", "https://bugs.gentoo.org/show_bug.cgi?id=564932", "https://bugs.gentoo.org/show_bug.cgi?id=549200", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163", "https://bugs.gentoo.org/show_bug.cgi?id=550658", "https://bugs.gentoo.org/show_bug.cgi?id=566798", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498", "https://bugs.gentoo.org/show_bug.cgi?id=564472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813", "https://bugs.gentoo.org/show_bug.cgi?id=513832", "https://bugs.gentoo.org/show_bug.cgi?id=553718", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036", "https://bugs.gentoo.org/show_bug.cgi?id=556304", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035", "https://bugs.gentoo.org/show_bug.cgi?id=561110", "https://bugs.gentoo.org/show_bug.cgi?id=566838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340", "https://bugs.gentoo.org/show_bug.cgi?id=574012", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154", "https://bugs.gentoo.org/show_bug.cgi?id=547202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550", "https://bugs.gentoo.org/show_bug.cgi?id=549950", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104", "https://bugs.gentoo.org/show_bug.cgi?id=445254", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031", "https://bugs.gentoo.org/show_bug.cgi?id=571552", "https://bugs.gentoo.org/show_bug.cgi?id=553664", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539", "https://bugs.gentoo.org/show_bug.cgi?id=567962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.6.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/pvgrub", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.6.0-r9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.6.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen-pvgrub", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.6.0-r9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen-tools", "operator": "lt"}], "edition": 1, "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could possibly cause a Denial of Service condition or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen 4.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.5.2-r5\"\n \n\nAll Xen 4.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.6.0-r9\"\n \n\nAll Xen tools 4.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-tools-4.5.2-r5\"\n \n\nAll Xen tools 4.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-tools-4.6.0-r9\"\n \n\nAll Xen pvgrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-pvgrub-4.6.0\"", "reporter": "Gentoo Foundation", "published": "2016-04-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4105", "CVE-2015-4103", "CVE-2015-8551", "CVE-2012-6034", "CVE-2015-7969", "CVE-2015-7813", "CVE-2015-8340", "CVE-2012-3494", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-3340", "CVE-2015-8339", "CVE-2015-7835", "CVE-2016-2270", "CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2015-3259", "CVE-2015-7311", "CVE-2012-3495", "CVE-2012-3498", "CVE-2015-7970", "CVE-2015-7504", "CVE-2015-3456", "CVE-2012-6030", "CVE-2012-3515", "CVE-2015-4164", "CVE-2015-8550", "CVE-2015-7814", "CVE-2015-8554", "CVE-2015-7812", "CVE-2012-3497", "CVE-2012-6035", "CVE-2012-6031", "CVE-2012-6033", "CVE-2012-4537", "CVE-2012-4538", "CVE-2015-4163", "CVE-2015-2151", "CVE-2015-8555", "CVE-2015-4104", "CVE-2012-3496", "CVE-2015-7871", "CVE-2012-6032", "CVE-2012-4536", "CVE-2012-6036", "CVE-2015-8341", "CVE-2016-2271", "CVE-2015-8552", "CVE-2015-5154", "CVE-2015-3209", "CVE-2015-4106"], "modified": "2016-04-05T00:00:00", "id": "GLSA-201604-03", "href": "https://security.gentoo.org/glsa/201604-03", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-11-16T02:57:58", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 572590, 572592, 572596, 572597, and 572599 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H63519101 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | vCMP \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP GTM | 11.0.0 - 11.6.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP PSM | 11.0.0 - 11.4.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WOM | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2016-02-16T19:39:00", "title": "Multiple QEMU vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-8106", "CVE-2015-7504", "CVE-2015-7512", "CVE-2015-5279", "CVE-2007-1320", "CVE-2015-3209", "CVE-2015-5165"], "modified": "2017-11-16T00:00:00", "href": "https://support.f5.com/csp/article/K63519101", "id": "F5:K63519101", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:49", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2016-02-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL63519101 - Multiple QEMU vulnerabilities", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PEM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP DNS", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "12.0.0", "operator": "le"}], "cvelist": ["CVE-2014-8106", "CVE-2015-7504", "CVE-2015-7512", "CVE-2015-5279", "CVE-2007-1320", "CVE-2015-3209", "CVE-2015-5165"], "modified": "2016-05-28T00:00:00", "id": "SOL63519101", "href": "http://support.f5.com/kb/en-us/solutions/public/k/63/sol63519101.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}