openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4004-1)
2018-12-10T00:00:00
ID OPENVAS:1361412562310852165 Type openvas Reporter Copyright (C) 2018 Greenbone Networks GmbH Modified 2020-01-31T00:00:00
Description
The remote host is missing an update for the
# Copyright (C) 2018 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.852165");
script_version("2020-01-31T08:23:39+0000");
script_cve_id("CVE-2018-10839", "CVE-2018-15746", "CVE-2018-16847",
"CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
script_tag(name:"creation_date", value:"2018-12-10 07:37:08 +0100 (Mon, 10 Dec 2018)");
script_name("openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4004-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.0");
script_xref(name:"openSUSE-SU", value:"2018:4004-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'qemu'
package(s) announced via the openSUSE-SU-2018:4004-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to
an integer overflow, which could lead to buffer overflow issue. It could
occur when receiving packets over the network. A user inside guest could
use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).
- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest
users to cause a denial of service (guest crash) by leveraging
mishandling of the seccomp policy for threads other than the main thread
(bsc#1106222).
- CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found
in the NVM Express Controller emulation in QEMU. It could occur in
nvme_cmb_ops routines in nvme device. A guest user/process could use
this flaw to crash the QEMU process resulting in DoS or potentially run
arbitrary code with privileges of the QEMU process (bsc#1114529).
- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in
hw/net/rtl8139.c because an incorrect integer data type is used
(bsc#1111006).
- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in
hw/net/pcnet.c because an incorrect integer data type is used
(bsc#1111010).
- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts
packet sizes greater than INT_MAX, which allows attackers to cause a
denial of service or possibly have unspecified other impact.
(bsc#1111013)
- CVE-2018-18849: Fixed an out of bounds memory access issue that was
found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a
message in lsi_do_msgin. It could occur during migration if the
'msg_len' field has an invalid value. A user/process could use this flaw
to crash the Qemu process resulting in DoS (bsc#1114422).
Non-security issues fixed:
- Fix slowness in arm32 emulation (bsc#1112499).
- In order to improve spectre mitigation for s390x, add a new feature in
the QEMU cpu model to provide the etoken cpu feature for guests
(bsc#1107489).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1483=1");
script_tag(name:"affected", value:"qemu on openSUSE Leap 15.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.0") {
if(!isnull(res = isrpmvuln(pkg:"qemu-ipxe", rpm:"qemu-ipxe~1.0.0+~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-seabios", rpm:"qemu-seabios~1.11.0~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-sgabios", rpm:"qemu-sgabios~8~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-vgabios", rpm:"qemu-vgabios~1.11.0~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu", rpm:"qemu~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-arm", rpm:"qemu-arm~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-arm-debuginfo", rpm:"qemu-arm-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-curl", rpm:"qemu-block-curl~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-curl-debuginfo", rpm:"qemu-block-curl-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-dmg", rpm:"qemu-block-dmg~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-dmg-debuginfo", rpm:"qemu-block-dmg-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-gluster", rpm:"qemu-block-gluster~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-gluster-debuginfo", rpm:"qemu-block-gluster-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-iscsi", rpm:"qemu-block-iscsi~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-iscsi-debuginfo", rpm:"qemu-block-iscsi-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-rbd", rpm:"qemu-block-rbd~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-rbd-debuginfo", rpm:"qemu-block-rbd-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-ssh", rpm:"qemu-block-ssh~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-block-ssh-debuginfo", rpm:"qemu-block-ssh-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-debuginfo", rpm:"qemu-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-debugsource", rpm:"qemu-debugsource~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-extra", rpm:"qemu-extra~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-extra-debuginfo", rpm:"qemu-extra-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-guest-agent", rpm:"qemu-guest-agent~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-guest-agent-debuginfo", rpm:"qemu-guest-agent-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-ksm", rpm:"qemu-ksm~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-lang", rpm:"qemu-lang~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-linux-user", rpm:"qemu-linux-user~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-linux-user-debuginfo", rpm:"qemu-linux-user-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-linux-user-debugsource", rpm:"qemu-linux-user-debugsource~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-ppc", rpm:"qemu-ppc~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-ppc-debuginfo", rpm:"qemu-ppc-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-s390", rpm:"qemu-s390~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-s390-debuginfo", rpm:"qemu-s390-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-testsuite", rpm:"qemu-testsuite~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-tools", rpm:"qemu-tools~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-tools-debuginfo", rpm:"qemu-tools-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-x86", rpm:"qemu-x86~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-x86-debuginfo", rpm:"qemu-x86-debuginfo~2.11.2~lp150.7.12.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562310852165", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4004-1)", "description": "The remote host is missing an update for the ", "published": "2018-12-10T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852165", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["2018:4004-1", "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html"], "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "lastseen": "2020-01-31T17:34:25", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2018:4147-1", "OPENSUSE-SU-2018:4004-1", "OPENSUSE-SU-2018:4135-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2018-3912-1.NASL", "SUSE_SU-2018-3927-1.NASL", "SUSE_SU-2018-4237-1.NASL", "FEDORA_2018-87F2ACE20D.NASL", "SUSE_SU-2018-3973-1.NASL", "OPENSUSE-2018-1483.NASL", "SUSE_SU-2018-4185-1.NASL", "OPENSUSE-2019-961.NASL", "SUSE_SU-2018-4129-1.NASL", "OPENSUSE-2018-1563.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843830", "OPENVAS:1361412562310876381", "OPENVAS:1361412562310875896", "OPENVAS:1361412562310883114", "OPENVAS:1361412562310852186", "OPENVAS:1361412562310814570", "OPENVAS:1361412562310814564", "OPENVAS:1361412562310704338", "OPENVAS:1361412562310876567", "OPENVAS:1361412562310876241"]}, {"type": "fedora", "idList": ["FEDORA:E51F7608C00A", "FEDORA:5EFCA61845B3", "FEDORA:5D8CE608ED0D", "FEDORA:A833A6076D01"]}, {"type": "cve", "idList": ["CVE-2018-17963", "CVE-2018-17962", "CVE-2018-17958", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-15746", "CVE-2018-10839"]}, {"type": "ubuntu", "idList": ["USN-3826-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1781-1:BE52E", "DEBIAN:DLA-1646-1:B874E", "DEBIAN:DSA-4338-1:E879D", "DEBIAN:DSA-4454-1:F5C49"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4585", "ELSA-2019-4630", "ELSA-2020-3906", "ELSA-2018-4289", "ELSA-2019-4520", "ELSA-2018-4312", "ELSA-2018-4313", "ELSA-2018-4285", "ELSA-2019-2892", "ELSA-2018-4262"]}, {"type": "redhat", "idList": ["RHSA-2019:2553", "RHSA-2019:2166", "RHSA-2019:2425", "RHSA-2020:3906", "RHSA-2019:2892", "RHSA-2020:3907"]}, {"type": "centos", "idList": ["CESA-2019:2892", "CESA-2020:3906"]}, {"type": "citrix", "idList": ["CTX280451"]}, {"type": "amazon", "idList": ["ALAS-2020-1449"]}], "modified": "2020-01-31T17:34:25", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2020-01-31T17:34:25", "rev": 2}, "vulnersScore": 7.3}, "pluginID": "1361412562310852165", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852165\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\",\n \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-10 07:37:08 +0100 (Mon, 10 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4004-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4004-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2018:4004-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found\n in the NVM Express Controller emulation in QEMU. It could occur in\n nvme_cmb_ops routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or potentially run\n arbitrary code with privileges of the QEMU process (bsc#1114529).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n\n - In order to improve spectre mitigation for s390x, add a new feature in\n the QEMU cpu model to provide the etoken cpu feature for guests\n (bsc#1107489).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1483=1\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.11.0~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.11.0~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster\", rpm:\"qemu-block-gluster~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster-debuginfo\", rpm:\"qemu-block-gluster-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debuginfo\", rpm:\"qemu-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.11.2~lp150.7.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}
{"suse": [{"lastseen": "2018-12-07T15:29:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found\n in the NVM Express Controller emulation in QEMU. It could occur in\n nvme_cmb_ops routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or potentially run\n arbitrary code with privileges of the QEMU process (bsc#1114529).\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n - In order to improve spectre mitigation for s390x, add a new feature in\n the QEMU cpu model to provide the etoken cpu feature for guests\n (bsc#1107489).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-07T12:23:09", "published": "2018-12-07T12:23:09", "id": "OPENSUSE-SU-2018:4004-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-16T03:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-12-16T00:09:23", "published": "2018-12-16T00:09:23", "id": "OPENSUSE-SU-2018:4147-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html", "title": "Security update for qemu (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-15T15:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16847"], "description": "This update for qemu fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb\n operations (bsc#1114529).\n\n Non-security issue fixed:\n\n - Fixed serial console issue that triggered a qemu-kvm bug (bsc#1108474).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-15T12:09:23", "published": "2018-12-15T12:09:23", "id": "OPENSUSE-SU-2018:4135-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00036.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-14T06:16:29", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was\nfound in the NVM Express Controller emulation in QEMU. It could occur\nin nvme_cmb_ops routines in nvme device. A guest user/process could\nuse this flaw to crash the QEMU process resulting in DoS or\npotentially run arbitrary code with privileges of the QEMU process\n(bsc#1114529).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed: Fix slowness in arm32 emulation\n(bsc#1112499).\n\nIn order to improve spectre mitigation for s390x, add a new feature in\nthe QEMU cpu model to provide the etoken cpu feature for guests\n(bsc#1107489).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:3927-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-linux-user", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-dmg", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "p-cpe:/a:novell:suse_linux:qemu-extra"], "id": "SUSE_SU-2018-3927-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3927-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120171);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:3927-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was\nfound in the NVM Express Controller emulation in QEMU. It could occur\nin nvme_cmb_ops routines in nvme device. A guest user/process could\nuse this flaw to crash the QEMU process resulting in DoS or\npotentially run arbitrary code with privileges of the QEMU process\n(bsc#1114529).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed: Fix slowness in arm32 emulation\n(bsc#1112499).\n\nIn order to improve spectre mitigation for s390x, add a new feature in\nthe QEMU cpu model to provide the etoken cpu feature for guests\n(bsc#1107489).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183927-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5557eaad\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2018-2794=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2794=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2794=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-curl-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-dmg-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-iscsi-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-rbd-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-rbd-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-ssh-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-ssh-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-debugsource-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-extra-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-extra-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-guest-agent-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-kvm-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-lang-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-debuginfo-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-debugsource-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-tools-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-block-dmg-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-debugsource-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-extra-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-extra-debuginfo-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-debuginfo-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-debugsource-2.11.2-9.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-tools-2.11.2-9.12.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.11.2-9.12.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:35:34", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access\n issue that was found in the NVM Express Controller\n emulation in QEMU. It could occur in nvme_cmb_ops\n routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or\n potentially run arbitrary code with privileges of the\n QEMU process (bsc#1114529).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n\n - In order to improve spectre mitigation for s390x, add a\n new feature in the QEMU cpu model to provide the etoken\n cpu feature for guests (bsc#1107489).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-07T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2018-1483)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2018-1483.NASL", "href": "https://www.tenable.com/plugins/nessus/119491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1483.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119491);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2018-1483)\");\n script_summary(english:\"Check for the openSUSE-2018-1483 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access\n issue that was found in the NVM Express Controller\n emulation in QEMU. It could occur in nvme_cmb_ops\n routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or\n potentially run arbitrary code with privileges of the\n QEMU process (bsc#1114529).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n\n - In order to improve spectre mitigation for s390x, add a\n new feature in the QEMU cpu model to provide the etoken\n cpu feature for guests (bsc#1107489).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114529\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debugsource-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ipxe-1.0.0+-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ksm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-kvm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-lang-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-debugsource-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-seabios-1.11.0-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-sgabios-8-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-testsuite-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-vgabios-1.11.0-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:54:38", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access\n issue that was found in the NVM Express Controller\n emulation in QEMU. It could occur in nvme_cmb_ops\n routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or\n potentially run arbitrary code with privileges of the\n QEMU process (bsc#1114529).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n\n - In order to improve spectre mitigation for s390x, add a\n new feature in the QEMU cpu model to provide the etoken\n cpu feature for guests (bsc#1107489).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2019-961)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2019-961.NASL", "href": "https://www.tenable.com/plugins/nessus/123389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-961.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123389);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-961)\");\n script_summary(english:\"Check for the openSUSE-2019-961 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-16847: Fixed an OOB heap buffer r/w access\n issue that was found in the NVM Express Controller\n emulation in QEMU. It could occur in nvme_cmb_ops\n routines in nvme device. A guest user/process could use\n this flaw to crash the QEMU process resulting in DoS or\n potentially run arbitrary code with privileges of the\n QEMU process (bsc#1114529).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Fix slowness in arm32 emulation (bsc#1112499).\n\n - In order to improve spectre mitigation for s390x, add a\n new feature in the QEMU cpu model to provide the etoken\n cpu feature for guests (bsc#1107489).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114529\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debugsource-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ipxe-1.0.0+-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ksm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-kvm-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-lang-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-linux-user-debugsource-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-seabios-1.11.0-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-sgabios-8-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-testsuite-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-vgabios-1.11.0-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-2.11.2-lp150.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-debuginfo-2.11.2-lp150.7.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:16:36", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nCVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb\noperations (bsc#1114529).\n\nNon-security issue fixed: Fixed a condition when retry logic does not\nhave been executed in case of data transmit failure or connection\nhungup (bsc#1108474).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-19T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4185-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2018-4185-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119763", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4185-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119763);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4185-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nCVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb\noperations (bsc#1114529).\n\nNon-security issue fixed: Fixed a condition when retry logic does not\nhave been executed in case of data transmit failure or connection\nhungup (bsc#1108474).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184185-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fe62767\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2983=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2983=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"qemu-s390-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-curl-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-curl-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-iscsi-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-ssh-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-ssh-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-debugsource-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-guest-agent-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-guest-agent-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-kvm-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-lang-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-tools-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-tools-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-kvm-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-tools-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.11.2-5.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-5.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:16:29", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3912-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2018-3912-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119215", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3912-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119215);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3912-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183912-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?691b947d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-2781=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-debugsource-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-kvm-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-lang-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-2.0.2-48.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.0.2-48.46.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:16:30", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-06T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3973-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2018-3973-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3973-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119453);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3973-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183973-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?969b115d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-2834=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-debugsource-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-kvm-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-lang-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-2.3.1-33.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-debuginfo-2.3.1-33.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:16:35", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed: Improving disk performance for qemu on xen\n(bsc#1100408)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4129-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2018-4129-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4129-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119741);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4129-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNon-security issues fixed: Improving disk performance for qemu on xen\n(bsc#1100408)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184129-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc6d087f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2944=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2944=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-debugsource-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-kvm-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-lang-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-6.22.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.22.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:35:49", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-17T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2018-1563)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo"], "id": "OPENSUSE-2018-1563.NASL", "href": "https://www.tenable.com/plugins/nessus/119717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1563.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119717);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2018-1563)\");\n script_summary(english:\"Check for the openSUSE-2018-1563 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that\n is vulnerable to an integer overflow, which could lead\n to buffer overflow issue. It could occur when receiving\n packets over the network. A user inside guest could use\n this flaw to crash the Qemu process resulting in DoS\n (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow\n local OS guest users to cause a denial of service (guest\n crash) by leveraging mishandling of the seccomp policy\n for threads other than the main thread (bsc#1106222).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in\n rtl8139_do_receive in hw/net/rtl8139.c because an\n incorrect integer data type is used (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive\n in hw/net/pcnet.c because an incorrect integer data type\n is used (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in\n net/net.c that accepts packet sizes greater than\n INT_MAX, which allows attackers to cause a denial of\n service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access\n issue that was found in the LSI53C895A SCSI Host Bus\n Adapter emulation while writing a message in\n lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process\n could use this flaw to crash the Qemu process resulting\n in DoS (bsc#1114422).\n\nNon-security issues fixed :\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ipxe-1.0.0+-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debugsource-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-seabios-1.10.2-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-sgabios-8-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-vgabios-1.10.2-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ksm-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-lang-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-testsuite-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:16:38", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-24T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2018:4237-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2018-12-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86"], "id": "SUSE_SU-2018-4237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119872);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2018:4237-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable\nto an integer overflow, which could lead to buffer overflow issue. It\ncould occur when receiving packets over the network. A user inside\nguest could use this flaw to crash the Qemu process resulting in DoS\n(bsc#1110910).\n\nCVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\nusers to cause a denial of service (guest crash) by leveraging\nmishandling of the seccomp policy for threads other than the main\nthread (bsc#1106222).\n\nCVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\nhw/net/rtl8139.c because an incorrect integer data type is used\n(bsc#1111006).\n\nCVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\nhw/net/pcnet.c because an incorrect integer data type is used\n(bsc#1111010).\n\nCVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that\naccepts packet sizes greater than INT_MAX, which allows attackers to\ncause a denial of service or possibly have unspecified other impact.\n(bsc#1111013)\n\nCVE-2018-18849: Fixed an out of bounds memory access issue that was\nfound in the LSI53C895A SCSI Host Bus Adapter emulation while writing\na message in lsi_do_msgin. It could occur during migration if the\n'msg_len' field has an invalid value. A user/process could use this\nflaw to crash the Qemu process resulting in DoS (bsc#1114422).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18849/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184237-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf62b1c0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-3047=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-3047=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-3047=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-3047=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-3047=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-debugsource-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-kvm-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-lang-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-2.6.2-41.46.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-debuginfo-2.6.2-41.46.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:19:14", "description": " - Fix cpu model crash on AMD hosts (bz #1640140)\n\n - CVE-2018-15746: seccomp blacklist is not applied to all\n threads (bz #1618357)\n\n - Fix assertion in address_space_stw_le_cached (bz\n #1644728)\n\n - CVE-2018-10839: ne2000: fix possible out of bound access\n (bz #1636429)\n\n - CVE-2018-17958: rtl8139: fix possible out of bound\n access (bz #1636729)\n\n - CVE-2018-17962: pcnet: fix possible buffer overflow (bz\n #1636775)\n\n - CVE-2018-17963: net: ignore packet size greater than\n INT_MAX (bz #1636782)\n\n - CVE-2018-18849: lsi53c895a: OOB msg buffer access leads\n to DoS (bz #1644977)\n\n - CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in\n pnv_lpc_do_eccb (bz #1645442)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : 2:qemu (2018-87f2ace20d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-17962", "CVE-2018-17958"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:2:qemu"], "id": "FEDORA_2018-87F2ACE20D.NASL", "href": "https://www.tenable.com/plugins/nessus/120587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-87f2ace20d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120587);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-16847\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\", \"CVE-2018-18954\");\n script_xref(name:\"FEDORA\", value:\"2018-87f2ace20d\");\n\n script_name(english:\"Fedora 29 : 2:qemu (2018-87f2ace20d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix cpu model crash on AMD hosts (bz #1640140)\n\n - CVE-2018-15746: seccomp blacklist is not applied to all\n threads (bz #1618357)\n\n - Fix assertion in address_space_stw_le_cached (bz\n #1644728)\n\n - CVE-2018-10839: ne2000: fix possible out of bound access\n (bz #1636429)\n\n - CVE-2018-17958: rtl8139: fix possible out of bound\n access (bz #1636729)\n\n - CVE-2018-17962: pcnet: fix possible buffer overflow (bz\n #1636775)\n\n - CVE-2018-17963: net: ignore packet size greater than\n INT_MAX (bz #1636782)\n\n - CVE-2018-18849: lsi53c895a: OOB msg buffer access leads\n to DoS (bz #1644977)\n\n - CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in\n pnv_lpc_do_eccb (bz #1645442)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:qemu package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"qemu-3.0.0-2.fc29\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:qemu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-04-07T16:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "The remote host is missing an update for the ", "modified": "2020-04-02T00:00:00", "published": "2018-12-18T00:00:00", "id": "OPENVAS:1361412562310852186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852186", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4147-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852186\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\",\n \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-18 07:41:02 +0100 (Tue, 18 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4147-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4147-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2018:4147-1 advisory.\n\n This NVT has been replaced by OID: 1.3.6.1.4.1.25623.1.0.814570\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1563=1\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in OID: 1.3.6.1.4.1.25623.1.0.814570\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:51:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-17962", "CVE-2018-17958"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-18T00:00:00", "id": "OPENVAS:1361412562310814570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814570", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4147-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814570\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-15746\", \"CVE-2018-17958\",\n \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-18 07:41:02 +0100 (Tue, 18 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4147-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4147-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2018:4147-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to\n an integer overflow, which could lead to buffer overflow issue. It could\n occur when receiving packets over the network. A user inside guest could\n use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).\n\n - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest\n users to cause a denial of service (guest crash) by leveraging\n mishandling of the seccomp policy for threads other than the main thread\n (bsc#1106222).\n\n - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in\n hw/net/rtl8139.c because an incorrect integer data type is used\n (bsc#1111006).\n\n - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in\n hw/net/pcnet.c because an incorrect integer data type is used\n (bsc#1111010).\n\n - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts\n packet sizes greater than INT_MAX, which allows attackers to cause a\n denial of service or possibly have unspecified other impact.\n (bsc#1111013)\n\n - CVE-2018-18849: Fixed an out of bounds memory access issue that was\n found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a\n message in lsi_do_msgin. It could occur during migration if the\n 'msg_len' field has an invalid value. A user/process could use this flaw\n to crash the Qemu process resulting in DoS (bsc#1114422).\n\n Non-security issues fixed:\n\n - Improving disk performance for qemu on xen (bsc#1100408)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1563=1\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-10839", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-17962", "CVE-2018-17958"], "description": "The remote host is missing an update for the ", "modified": "2019-05-15T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876241", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2018-87f2ace20d", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876241\");\n script_version(\"2019-05-15T14:58:59+0000\");\n script_cve_id(\"CVE-2018-15746\", \"CVE-2018-10839\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\", \"CVE-2018-18954\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-15 14:58:59 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:40:17 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2018-87f2ace20d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-87f2ace20d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the FEDORA-2018-87f2ace20d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor emulator which achieves a good\nemulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.0.0~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11806", "CVE-2018-12617", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-17958"], "description": "The remote host is missing an update for the ", "modified": "2019-03-26T00:00:00", "published": "2018-11-27T00:00:00", "id": "OPENVAS:1361412562310843830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843830", "type": "openvas", "title": "Ubuntu Update for qemu USN-3826-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3826_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for qemu USN-3826-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843830\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-11806\", \"CVE-2018-12617\", \"CVE-2018-16847\",\n \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\",\n \"CVE-2018-18954\", \"CVE-2018-19364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-27 15:42:59 +0100 (Tue, 27 Nov 2018)\");\n script_name(\"Ubuntu Update for qemu USN-3826-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3826-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3826-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the USN-3826-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled\nNE2000 device emulation. An attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)\n\nIt was discovered that QEMU incorrectly handled the Slirp networking\nback-end. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. In the default installation, when QEMU is used\nwith libvirt, attackers would be isolated by the libvirt AppArmor profile.\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n18.04 LTS. (CVE-2018-11806)\n\nFakhri Zulkifli discovered that the QEMU guest agent incorrectly handled\ncertain QMP commands. An attacker could possibly use this issue to crash\nthe QEMU guest agent, resulting in a denial of service. (CVE-2018-12617)\n\nLi Qiang discovered that QEMU incorrectly handled NVM Express Controller\nemulation. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode on the host. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled\nRTL8139 device emulation. An attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled\nPCNET device emulation. An attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962)\n\nDaniel Shapira discovered that QEMU incorrectly handled large packet sizes.\nAn attacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2018-17963)\n\nIt was discovered that QEMU incorrectly handled LSI53C895A device\nemulation. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2018-18849)\n\nMoguofang discovered that QEMU incorrectly handled the IPowerNV LPC\ncontroller. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-18954)\n\nZhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System\nsupport. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2018-19364)\");\n\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.44\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.11+dfsg-1ubuntu7.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.12+dfsg-3ubuntu8.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10839", "CVE-2018-17963", "CVE-2018-17962"], "description": "Integer overflows in the processing of packets in network cards emulated\nby QEMU, a fast processor emulator, could result in denial of service.\n\nIn addition this update backports support to passthrough the new CPU\nfeatures added in the intel-microcode update shipped in DSA 4273 to\nx86-based guests.", "modified": "2019-07-04T00:00:00", "published": "2018-11-11T00:00:00", "id": "OPENVAS:1361412562310704338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704338", "type": "openvas", "title": "Debian Security Advisory DSA 4338-1 (qemu - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4338-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704338\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-17962\", \"CVE-2018-17963\");\n script_name(\"Debian Security Advisory DSA 4338-1 (qemu - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-11 00:00:00 +0100 (Sun, 11 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4338.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u5.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/qemu\");\n script_tag(name:\"summary\", value:\"Integer overflows in the processing of packets in network cards emulated\nby QEMU, a fast processor emulator, could result in denial of service.\n\nIn addition this update backports support to passthrough the new CPU\nfeatures added in the intel-microcode update shipped in DSA 4273 to\nx86-based guests.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-19489", "CVE-2018-10839", "CVE-2018-16867", "CVE-2018-17963", "CVE-2019-6778", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2019-3812", "CVE-2018-17958"], "description": "The remote host is missing an update for the ", "modified": "2019-05-15T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875896", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2019-88a98ce795", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875896\");\n script_version(\"2019-05-15T14:58:59+0000\");\n script_cve_id(\"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-16867\", \"CVE-2018-16872\", \"CVE-2018-20191\", \"CVE-2019-6778\", \"CVE-2019-3812\", \"CVE-2018-15746\", \"CVE-2018-10839\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\", \"CVE-2018-18954\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-15 14:58:59 +0000 (Wed, 15 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:26:29 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-88a98ce795\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-88a98ce795\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the FEDORA-2019-88a98ce795 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor emulator which achieves a good\nemulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.0.0~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-19489", "CVE-2018-12126", "CVE-2018-10839", "CVE-2018-16867", "CVE-2018-12127", "CVE-2018-17963", "CVE-2019-6778", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2019-3812", "CVE-2018-17958", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the\n ", "modified": "2019-05-22T00:00:00", "published": "2019-05-19T00:00:00", "id": "OPENVAS:1361412562310876381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876381", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2019-0332a96d31", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876381\");\n script_version(\"2019-05-22T11:13:26+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\",\n \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-16867\", \"CVE-2018-16872\",\n \"CVE-2018-20191\", \"CVE-2019-6778\", \"CVE-2019-3812\", \"CVE-2018-15746\",\n \"CVE-2018-10839\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\",\n \"CVE-2018-18849\", \"CVE-2018-18954\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 11:13:26 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-19 02:09:54 +0000 (Sun, 19 May 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-0332a96d31\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0332a96d31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXIWXOVTTCSMNDRMYLHIRAWVBD27HJ7F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'qemu' package(s) announced via the FEDORA-2019-0332a96d31 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor\n emulator which achieves a good emulation speed by using dynamic translation.\n QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.0.1~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-12T14:46:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15746", "CVE-2018-19489", "CVE-2018-12126", "CVE-2018-10839", "CVE-2018-16867", "CVE-2018-12127", "CVE-2018-17963", "CVE-2019-6778", "CVE-2018-18849", "CVE-2018-20815", "CVE-2018-18954", "CVE-2019-5008", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2019-3812", "CVE-2019-12155", "CVE-2018-17958", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-07-11T00:00:00", "published": "2019-07-11T00:00:00", "id": "OPENVAS:1361412562310876567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876567", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2019-e9de40d53f", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876567\");\n script_version(\"2019-07-11T11:32:19+0000\");\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-5008\", \"CVE-2018-20815\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2018-16867\", \"CVE-2018-16872\", \"CVE-2018-20191\", \"CVE-2019-6778\", \"CVE-2019-3812\", \"CVE-2018-15746\", \"CVE-2018-10839\", \"CVE-2018-17958\", \"CVE-2018-17962\", \"CVE-2018-17963\", \"CVE-2018-18849\", \"CVE-2018-18954\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-11 11:32:19 +0000 (Thu, 11 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-11 02:15:52 +0000 (Thu, 11 Jul 2019)\");\n script_name(\"Fedora Update for qemu FEDORA-2019-e9de40d53f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e9de40d53f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the FEDORA-2019-e9de40d53f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QEMU is a generic and open source processor emulator which achieves a good\nemulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherals. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\");\n\n script_tag(name:\"affected\", value:\"'qemu' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~3.0.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:43:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11806", "CVE-2018-10839", "CVE-2019-6778", "CVE-2018-17962", "CVE-2019-12155"], "description": "The remote host is missing an update for the ", "modified": "2019-10-01T00:00:00", "published": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310883114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883114", "type": "openvas", "title": "CentOS Update for qemu-guest-agent CESA-2019:2892 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883114\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2018-10839\", \"CVE-2018-11806\", \"CVE-2018-17962\", \"CVE-2019-6778\", \"CVE-2019-12155\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:00:49 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2019:2892 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:2892\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-September/023454.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-guest-agent'\n package(s) announced via the CESA-2019:2892 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams\n(CVE-2018-11806)\n\n * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)\n\n * QEMU: ne2000: integer overflow leads to buffer overflow issue\n(CVE-2018-10839)\n\n * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)\n\n * QEMU: qxl: null pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'qemu-guest-agent' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.506.el6_10.5\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.506.el6_10.5\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.506.el6_10.5\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.506.el6_10.5\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16847"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-18T00:00:00", "id": "OPENVAS:1361412562310814564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814564", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4135-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814564\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16847\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-18 07:39:06 +0100 (Tue, 18 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4135-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4135-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the openSUSE-SU-2018:4135-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb\n operations (bsc#1114529).\n\n Non-security issue fixed:\n\n - Fixed serial console issue that triggered a qemu-kvm bug (bsc#1108474).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1551=1\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster\", rpm:\"qemu-block-gluster~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-gluster-debuginfo\", rpm:\"qemu-block-gluster-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debuginfo\", rpm:\"qemu-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.11.2~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0+~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.11.0~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.11.0~lp150.7.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-15746", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2018-12-04T03:05:00", "published": "2018-12-04T03:05:00", "id": "FEDORA:5D8CE608ED0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-15746", "CVE-2018-16867", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20191", "CVE-2019-3812", "CVE-2019-6778"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-03-25T06:10:52", "published": "2019-03-25T06:10:52", "id": "FEDORA:A833A6076D01", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-15746", "CVE-2018-16867", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20191", "CVE-2019-11091", "CVE-2019-3812", "CVE-2019-6778"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-05-17T03:18:08", "published": "2019-05-17T03:18:08", "id": "FEDORA:E51F7608C00A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.1-3.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-15746", "CVE-2018-16867", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20191", "CVE-2018-20815", "CVE-2019-11091", "CVE-2019-12155", "CVE-2019-3812", "CVE-2019-5008", "CVE-2019-6778"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-07-09T02:25:09", "published": "2019-07-09T02:25:09", "id": "FEDORA:5EFCA61845B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:25:37", "description": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-11-02T22:29:00", "title": "CVE-2018-16847", "type": "cve", "cwe": ["CWE-125", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16847"], "modified": "2020-05-14T15:01:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:qemu:qemu:3.1.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:qemu:qemu:3.0.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-16847", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16847", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:38", "description": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-10-09T22:29:00", "title": "CVE-2018-17958", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17958"], "modified": "2020-09-10T17:11:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:redhat:virtualization_manager:4.3", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:qemu:qemu:3.0.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17958", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:16", "description": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-09T22:29:00", "title": "CVE-2018-17962", "type": "cve", "cwe": ["CWE-119", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17962"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:linux:6.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:qemu:qemu:2.8.0", "cpe:/o:suse:linux_enterprise_server:15", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:qemu:qemu:2.12.0", "cpe:/a:qemu:qemu:2.1.0", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:oracle:linux:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17962", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:38", "description": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.", "edition": 10, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-10-09T22:29:00", "title": "CVE-2018-17963", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17963"], "modified": "2020-05-14T15:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:qemu:qemu:3.1.0", "cpe:/a:redhat:openstack:14", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:redhat:virtualization_manager:4.3", "cpe:/a:qemu:qemu:3.0.0", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:redhat:openstack:13.0", "cpe:/a:redhat:openstack:10", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17963", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:36", "description": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-08-29T19:29:00", "title": "CVE-2018-15746", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15746"], "modified": "2020-09-10T17:12:00", "cpe": ["cpe:/a:qemu:qemu:3.0.1"], "id": "CVE-2018-15746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15746", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:3.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:17", "description": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-03-21T16:00:00", "title": "CVE-2018-18849", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18849"], "modified": "2019-05-31T14:29:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:qemu:qemu:3.0.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-18849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18849", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:31", "description": "Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-16T14:29:00", "title": "CVE-2018-10839", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10839"], "modified": "2019-09-24T16:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:qemu:qemu:3.0.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10839", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2018-12617", "CVE-2018-10839", "CVE-2018-16847", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-17958"], "description": "Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nNE2000 device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)\n\nIt was discovered that QEMU incorrectly handled the Slirp networking \nback-end. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu \n18.04 LTS. (CVE-2018-11806)\n\nFakhri Zulkifli discovered that the QEMU guest agent incorrectly handled \ncertain QMP commands. An attacker could possibly use this issue to crash \nthe QEMU guest agent, resulting in a denial of service. (CVE-2018-12617)\n\nLi Qiang discovered that QEMU incorrectly handled NVM Express Controller \nemulation. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. This \nissue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nRTL8139 device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958)\n\nDaniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled \nPCNET device emulation. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962)\n\nDaniel Shapira discovered that QEMU incorrectly handled large packet sizes. \nAn attacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2018-17963)\n\nIt was discovered that QEMU incorrectly handled LSI53C895A device \nemulation. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2018-18849)\n\nMoguofang discovered that QEMU incorrectly handled the IPowerNV LPC \ncontroller. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. This issue only affected Ubuntu \n18.04 LTS and Ubuntu 18.10. (CVE-2018-18954)\n\nZhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System \nsupport. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2018-19364)", "edition": 3, "modified": "2018-11-26T00:00:00", "published": "2018-11-26T00:00:00", "id": "USN-3826-1", "href": "https://ubuntu.com/security/notices/USN-3826-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:10:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-17963", "CVE-2018-17962"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4338-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 11, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2018-10839 CVE-2018-17962 CVE-2018-17963\nDebian Bug : 908682 910431 911468 911469\n\nInteger overflows in the processing of packets in network cards emulated\nby QEMU, a fast processor emulator, could result in denial of service.\n\nIn addition this update backports support to passthrough the new CPU\nfeatures added in the intel-microcode update shipped in DSA 4273 to\nx86-based guests.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u5.\n\nWe recommend that you upgrade your qemu packages.\n\nFor the detailed security status of qemu please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qemu\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2018-11-11T18:00:13", "published": "2018-11-11T18:00:13", "id": "DEBIAN:DSA-4338-1:E879D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00270.html", "title": "[SECURITY] [DSA 4338-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-19364", "CVE-2018-17958"], "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u9\nCVE ID : CVE-2018-17958 CVE-2018-19364 CVE-2018-19489\n\nSeveral vulnerabilities were found in QEMU, a fast processor emulator:\n\nCVE-2018-17958\n\n The rtl8139 emulator is affected by an integer overflow and subsequent\n buffer overflow. This vulnerability might be triggered by remote\n attackers with crafted packets to perform denial of service (via OOB\n stack buffer access).\n\nCVE-2018-19364\n\n The 9pfs subsystem is affected by a race condition allowing threads to\n modify an fid path while it is being accessed by another thread,\n leading to (for example) a use-after-free outcome. This vulnerability\n might be triggered by local attackers to perform denial of service.\n\nCVE-2018-19489\n\n The 9pfs subsystem is affected by a race condition during file\n renaming. This vulnerability might be triggered by local attackers to\n perform denial of service.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.1+dfsg-12+deb8u9.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 6, "modified": "2019-01-29T17:32:34", "published": "2019-01-29T17:32:34", "id": "DEBIAN:DLA-1646-1:B874E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201901/msg00023.html", "title": "[SECURITY] [DLA 1646-1] qemu security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T00:58:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-11806", "CVE-2018-12617", "CVE-2019-6778", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-16872", "CVE-2019-3812", "CVE-2019-12155", "CVE-2018-17958"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4454-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 30, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2018-11806 CVE-2018-12617 CVE-2018-16872 CVE-2018-17958 \n CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 \n CVE-2019-3812 CVE-2019-6778 CVE-2019-9824 CVE-2019-12155\n\nMultiple security issues were discovered in QEMU, a fast processor\nemulator, which could result in denial of service, the execution of\narbitrary code or information disclosure.\n\nIn addition this update backports support to passthrough the new\nmd-clear CPU flag added in the intel-microcode update shipped in DSA 4447\nto x86-based guests.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u6.\n\nWe recommend that you upgrade your qemu packages.\n\nFor the detailed security status of qemu please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qemu\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2019-05-30T18:06:35", "published": "2019-05-30T18:06:35", "id": "DEBIAN:DSA-4454-1:F5C49", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00099.html", "title": "[SECURITY] [DSA 4454-1] qemu security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:56:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815"], "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u11\nCVE ID : CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824\nDebian Bug : 901017 912535\n\nSeveral vulnerabilities were found in QEMU, a fast processor emulator:\n\nCVE-2018-11806\n\n It was found that the SLiRP networking implementation could use a wrong\n size when reallocating its buffers, which can be exploited by a\n priviledged user on a guest to cause denial of service or possibly\n arbitrary code execution on the host system.\n\nCVE-2018-18849\n\n It was found that the LSI53C895A SCSI Host Bus Adapter emulation was\n susceptible to an out of bounds memory access, which could be leveraged\n by a malicious guest user to crash the QEMU process.\n\nCVE-2018-20815\n\n A heap buffer overflow was found in the load_device_tree function,\n which could be used by a malicious user to potentially execute\n arbitrary code with the priviledges of the QEMU process.\n\nCVE-2019-9824\n\n William Bowling discovered that the SLiRP networking implementation did\n not handle some messages properly, which could be triggered to leak\n memory via crafted messages.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.1+dfsg-12+deb8u11.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-05-09T18:42:34", "published": "2019-05-09T18:42:34", "id": "DEBIAN:DLA-1781-1:BE52E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00010.html", "title": "[SECURITY] [DLA 1781-1] qemu security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-11806", "CVE-2018-12617", "CVE-2018-10839", "CVE-2017-2630", "CVE-2018-17963", "CVE-2017-7471", "CVE-2017-2633", "CVE-2018-17962", "CVE-2018-17958"], "description": "[12:2.9.0-17.el7]\n- i386: Remove generic SMT thread check (Babu Moger) [Orabug: 28676425]\n- pc: Fix typo on PC_COMPAT_2_12 (Eduardo Habkost) [Orabug: 28676425]\n- i386: Enable TOPOEXT feature on AMD EPYC CPU (Babu Moger) [Orabug: 28676425]\n- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28762625] {CVE-2018-17963}\n- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28762617] {CVE-2018-17962}\n- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28762613] {CVE-2018-17958}\n- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28733338] {CVE-2018-10839}\n- seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28576303] {CVE-2018-15746}\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Venu Busireddy) [Orabug: 28497003]\n- virtio-net: use 64-bit values for feature flags (Jason Baron) [Orabug: 28497003]\n- qga: check bytes count read by guest-file-read (Prasad J Pandit) [Orabug: 28312939] {CVE-2018-12617}\n- CVE-2017-2630: Qemu: nbd: oob stack write in client routine drop_sync (Mark Kanda) [Orabug: 28424694] {CVE-2017-2630}\n- CVE-2017-2633: Qemu: VNC: memory corruption due to unchecked resolution limit (Mark Kanda) [Orabug: 28424697] {CVE-2017-2633}\n- CVE-2017-7471: Qemu: 9p: virtfs allows guest to change filesystem attributes (Mark Kanda) [Orabug: 28407849] {CVE-2017-7471}\n- slirp: correct size computation while concatenating mbuf (Prasad J Pandit) [Orabug: 28263244] {CVE-2018-11806}", "edition": 3, "modified": "2018-10-29T00:00:00", "published": "2018-10-29T00:00:00", "id": "ELSA-2018-4262", "href": "http://linux.oracle.com/errata/ELSA-2018-4262.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[12:2.9.0-19.el7]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 28205376]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626490]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873208] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971701] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28949917] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885514] {CVE-2018-16847}\n- x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature (Jingqi Liu) [Orabug: 28985301]\n- i386: Define AMD's no SSB mitigation needed. (Konrad Rzeszutek Wilk) [Orabug: 28951578]\n- i386: define the AMD 'amd-ssbd' CPUID feature bit (Konrad Rzeszutek Wilk) [Orabug: 28951578]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 28897545]\n- hw/i386: Fix IVHD entry length for AMD IOMMU (Jan Kiszka) [Orabug: 28891184]\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891188]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886306]\n- i386: Add Intel Processor Trace feature support (Chao Peng) [Orabug: 28886306]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu)", "edition": 3, "modified": "2019-01-28T00:00:00", "published": "2019-01-28T00:00:00", "id": "ELSA-2019-4520", "href": "http://linux.oracle.com/errata/ELSA-2019-4520.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16867", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[15:3.0.0-3.el7]\n- monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]\n- monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]\n- Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480]\n- usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}\n[15:3.0.0-2.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921]\n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]\n- configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]", "edition": 4, "modified": "2018-12-21T00:00:00", "published": "2018-12-21T00:00:00", "id": "ELSA-2018-4313", "href": "http://linux.oracle.com/errata/ELSA-2018-4313.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:12:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19489", "CVE-2018-16867", "CVE-2018-16847", "CVE-2018-18849", "CVE-2018-19364"], "description": "[15:3.0.0-3.el7]\n- monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]\n- monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]\n- Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480]\n- usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}\n[15:3.0.0-2.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921]\n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]\n- configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]\n- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]\n- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]\n- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}\n- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}\n- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}\n- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}\n- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]\n- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]\n- i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]", "edition": 5, "modified": "2018-12-21T00:00:00", "published": "2018-12-21T00:00:00", "id": "ELSA-2018-4312", "href": "http://linux.oracle.com/errata/ELSA-2018-4312.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-25T00:38:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2018-10839", "CVE-2019-6778", "CVE-2018-17962", "CVE-2019-12155"], "description": "[0.12.1.2-2.506.el6_10.5]\n- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669066]\n- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669066]\n- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669066]\n- kvm-qxl-check-release-info-object.patch [bz#1712728]\n- kvm-net-Use-iov-helper-functions.patch [bz#1636415]\n- kvm-net-increase-buffer-size-to-accommodate-Jumbo-frame-.patch [bz#1636415]\n- kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636415]\n- kvm-net-drop-too-large-packet-early.patch [bz#1636415]\n- kvm-PATCH-slirp-fix-buffer-overrun.patch [bz#1586251]\n- kvm-Fix-build-from-previous-commit.patch [bz#1586251]\n- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586251]\n- kvm-slirp-Convert-mbufs-to-use-g_malloc-and-g_free.patch [bz#1586251]\n- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586251]\n- kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636774]\n- Resolves: bz#1586251\n (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-6.10.z])\n- Resolves: bz#1636415\n (CVE-2018-10839 qemu-kvm: Qemu: ne2000: integer overflow leads to buffer overflow issue [rhel-6])\n- Resolves: bz#1636774\n (CVE-2018-17962 qemu-kvm: Qemu: pcnet: integer overflow leads to buffer overflow [rhel-6])\n- Resolves: bz#1669066\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-6.10.z])\n- Resolves: bz#1712728\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-6])", "edition": 1, "modified": "2019-09-24T00:00:00", "published": "2019-09-24T00:00:00", "id": "ELSA-2019-2892", "href": "http://linux.oracle.com/errata/ELSA-2019-2892.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T06:53:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2020-8608", "CVE-2019-20382"], "description": "[1.5.3-175.el7]\n- kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408]\n- Resolves: bz#1810408\n (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7])\n[1.5.3-174.el7]\n- kvm-util-add-slirp_fmt-helpers2.patch [bz#1800515]\n- kvm-tcp_emu-fix-unsafe-snprintf-usages2.patch [bz#1800515]\n- kvm-slirp-disable-tcp_emu.patch [bz#1791679]\n- kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1802215]\n- kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1802215]\n- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]\n- Resolves: bz#1618503\n (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])\n- Resolves: bz#1791679\n (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7])\n- Resolves: bz#1800515\n (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.9])\n- Resolves: bz#1802215\n (Add support for newer glusterfs)", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-3906", "href": "http://linux.oracle.com/errata/ELSA-2020-3906.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:08:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2018-19489", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2018-16867", "CVE-2017-15038", "CVE-2018-20125", "CVE-2018-16847", "CVE-2018-20126", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2018-20216", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2018-18849", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858", "CVE-2018-20124"], "description": "[15:3.1.0-1.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 29216704]\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]\n- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]\n- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]\n- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}\n- pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}\n- pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}\n- pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}\n- pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}\n- rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- i386: Add 'stibp' flag name (Eduardo Habkost) \n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]\n- Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)", "edition": 3, "modified": "2019-03-15T00:00:00", "published": "2019-03-15T00:00:00", "id": "ELSA-2019-4585", "href": "http://linux.oracle.com/errata/ELSA-2019-4585.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-17962", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858"], "description": "[15:3.0.0-1.el7]\n- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963}\n- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962}\n- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958}\n- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839}\n- seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746}\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724]\n- kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) \n- Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) \n- Update version for v3.0.0 release (Peter Maydell) \n- Update version for v3.0.0-rc4 release (Peter Maydell) \n- virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) \n- slirp: Correct size check in m_inc() (Peter Maydell) \n- target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) \n- hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) \n- hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) \n- target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) \n- hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) \n- hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) \n- tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) \n- tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) \n- pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) \n- tests/acpi-test: update ACPI tables test blobs (Dou Liyang) \n- hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) \n- vhost: check region type before casting (Tiwei Bie) \n- sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) \n- hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) \n- Update version for v3.0.0-rc3 release (Peter Maydell) \n- monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) \n- linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) \n- tests: add check_invalid_maps to test-mmap (Alex Bennee) \n- linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) \n- s390x/sclp: fix maxram calculation (Christian Borntraeger) \n- target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) \n- hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) \n- hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) \n- armv7m_nvic: Fix m-security subsection name (Peter Maydell) \n- hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) \n- arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) \n- qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) \n- block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) \n- block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) \n- file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) \n- block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) \n- iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) \n- qemu-img: Add -C option for convert with copy offloading (Fam Zheng) \n- Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) \n- iotests: Dont lock /dev/null in 226 (Fam Zheng) \n- docs: Describe using images in writing iotests (Fam Zheng) \n- file-posix: Handle EINTR in preallocation=full write (Fam Zheng) \n- qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) \n- qcow: fix a reference leak (KONRAD Frederic) \n- backends/cryptodev: remove dead code (Jay Zhou) \n- timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) \n- i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) \n- i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) \n- qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) \n- qstring: Assert size calculations dont overflow (Markus Armbruster) \n- qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) \n- Update version for v3.0.0-rc2 release (Peter Maydell) \n- tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) \n- tests: use error_abort in places expecting errors (Daniel P. Berrange) \n- tests: dont silence error reporting for all tests (Daniel P. Berrange) \n- tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) \n- migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) \n- tests: only update last_byte when at the edge (Peter Xu) \n- migration: disallow recovery for release-ram (Peter Xu) \n- migration: update recv bitmap only on dest vm (Peter Xu) \n- audio/hda: Fix migration (Dr. David Alan Gilbert) \n- migrate: Fix cancelling state warning (Dr. David Alan Gilbert) \n- migration: fix potential overflow in multifd send (Peter Xu) \n- block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) \n- tests/tcg: remove runcom test (Alex Bennee) \n- docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) \n- docker: ignore distro versioning of debootstrap (Alex Bennee) \n- docker: add commentary to debian-bootstrap.docker (Alex Bennee) \n- docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) \n- docker: report hint when docker.py check fails (Alex Bennee) \n- docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) \n- docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) \n- docker: add test-unit runner (Alex Bennee) \n- docker: Makefile.include dont include partial images (Alex Bennee) \n- docker: gracefully skip check_qemu (Alex Bennee) \n- docker: move make check into check_qemu helper (Alex Bennee) \n- docker: split configure_qemu from build_qemu (Alex Bennee) \n- docker: fail more gracefully on docker.py check (Alex Bennee) \n- docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) \n- docker: base debian-tricore on qemu:debian9 (Alex Bennee) \n- tests/.gitignore: dont ignore docker tests (Alex Bennee) \n- target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) \n- hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) \n- ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) \n- qga: process_event() simplification and leak fix (Marc-Andre Lureau) \n- qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) \n- tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) \n- i386: Rename enum CacheType members (Eduardo Habkost) \n- block/vvfat: Disable debug message by default (Thomas Huth) \n- iotests: Disallow compat=0.10 in 223 (Max Reitz) \n- iotest: Fix filtering order in 226 (Max Reitz) \n- iotests: remove LUKS support from test 226 (John Snow) \n- qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) \n- block: Fix typos in comments (found by codespell) (Stefan Weil) \n- qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) \n- hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) \n- hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) \n- target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) \n- hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) \n- hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) \n- monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) \n- qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) \n- po: Dont include comments with location (Stefan Weil) \n- linux-user/ppc: Implement swapcontext syscall (Richard Henderson) \n- linux-user: fix ELF load alignment error (Laurent Vivier) \n- tap: fix memory leak on success to create a tap device (Yunjian Wang) \n- e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) \n- tcg/aarch64: limit mul_vec size (Alex Bennee) \n- spike: Fix crash when introspecting the device (Alistair Francis) \n- riscv_hart: Fix crash when introspecting the device (Alistair Francis) \n- virt: Fix crash when introspecting the device (Alistair Francis) \n- sifive_u: Fix crash when introspecting the device (Alistair Francis) \n- sifive_e: Fix crash when introspecting the device (Alistair Francis) \n- tracing: Use double-dash spelling for trace option (Yaowei Bai) \n- throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) \n- s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) \n- Update version for v3.0.0-rc1 release (Peter Maydell) \n- Document command line options with single dash (BALATON Zoltan) \n- opts: remove redundant check for NULL parameter (Daniel P. Berrange) \n- i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) \n- i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) \n- hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) \n- hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) \n- hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) \n- hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) \n- hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) \n- hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) \n- hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) \n- hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) \n- hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) \n- hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) \n- hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) \n- hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) \n- hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) \n- hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) \n- hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) \n- hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) \n- qom/object: Add a new function object_initialize_child() (Thomas Huth) \n- qga: fix file descriptor leak (Paolo Bonzini) \n- qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) \n- accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) \n- accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) \n- bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) \n- hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) \n- hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) \n- hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) \n- aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) \n- target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) \n- virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) \n- qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) \n- hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) \n- PC Chipset: Improve serial divisor calculation (Calvin Lee) \n- vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) \n- hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) \n- hyperv: rename vcpu_id to vp_index (Roman Kagan) \n- accel: Fix typo and grammar in comment (Stefan Weil) \n- dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) \n- monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) \n- MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) \n- qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) \n- cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) \n- qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) \n- sm501: Fix warning about unreachable code (BALATON Zoltan) \n- sam460ex: Correct use after free error (BALATON Zoltan) \n- etsec: fix IRQ (un)masking (Michael Davidsaver) \n- ppc/xics: fix ICP reset path (Greg Kurz) \n- spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) \n- sm501: Update screen on frame buffer address change (BALATON Zoltan) \n- Zero out the hosts 'msg_control' buffer (Jonas Schievink) \n- linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) \n- linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) \n- linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) \n- docs: Grammar and spelling fixes (Ville Skytte) \n- qemu-img: align result of is_allocated_sectors (Peter Lieven) \n- scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) \n- iotests: add test 226 for file driver types (John Snow) \n- file-posix: specify expected filetypes (John Snow) \n- iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) \n- iotests: 153: Fix dead code (Fam Zheng) \n- ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) \n- seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) \n- vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) \n- monitor: fix double-free of request error (Marc-Andre Lureau) \n- error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) \n- s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda)\n[12:2.11.1-2.el7]\n- hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753]\n- qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753]\n- pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753]\n- block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106]\n- Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106]\n- block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106]\n- block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106]\n- block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106]\n- aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106]\n- qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300]\n- multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550}\n- CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030}\n- vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858}\n- keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795]\n- qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337]\n[12:2.11.1-1.el7]\n- BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04\n- Update qemu.spec version for 2.11.1", "edition": 69, "modified": "2018-11-28T00:00:00", "published": "2018-11-28T00:00:00", "id": "ELSA-2018-4289", "href": "http://linux.oracle.com/errata/ELSA-2018-4289.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-15T23:10:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2017-10806", "CVE-2017-13672", "CVE-2018-17962", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2018-3639", "CVE-2018-7858"], "description": "[15:3.0.0-1.el7]\n- net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963}\n- pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962}\n- rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958}\n- ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839}\n- seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746}\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724]\n- kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) \n- Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) \n- Update version for v3.0.0 release (Peter Maydell) \n- Update version for v3.0.0-rc4 release (Peter Maydell) \n- virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) \n- slirp: Correct size check in m_inc() (Peter Maydell) \n- target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) \n- hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) \n- hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) \n- target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) \n- hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) \n- hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) \n- tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) \n- tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) \n- pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) \n- tests/acpi-test: update ACPI tables test blobs (Dou Liyang) \n- hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) \n- vhost: check region type before casting (Tiwei Bie) \n- sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) \n- hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) \n- Update version for v3.0.0-rc3 release (Peter Maydell) \n- monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) \n- linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) \n- tests: add check_invalid_maps to test-mmap (Alex Bennee) \n- linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) \n- s390x/sclp: fix maxram calculation (Christian Borntraeger) \n- target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) \n- hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) \n- hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) \n- armv7m_nvic: Fix m-security subsection name (Peter Maydell) \n- hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) \n- arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) \n- qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) \n- block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) \n- block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) \n- file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) \n- block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) \n- iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) \n- qemu-img: Add -C option for convert with copy offloading (Fam Zheng) \n- Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) \n- iotests: Dont lock /dev/null in 226 (Fam Zheng) \n- docs: Describe using images in writing iotests (Fam Zheng) \n- file-posix: Handle EINTR in preallocation=full write (Fam Zheng) \n- qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) \n- qcow: fix a reference leak (KONRAD Frederic) \n- backends/cryptodev: remove dead code (Jay Zhou) \n- timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) \n- i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) \n- i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) \n- qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) \n- qstring: Assert size calculations dont overflow (Markus Armbruster) \n- qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) \n- Update version for v3.0.0-rc2 release (Peter Maydell) \n- tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) \n- tests: use error_abort in places expecting errors (Daniel P. Berrange) \n- tests: dont silence error reporting for all tests (Daniel P. Berrange) \n- tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) \n- migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) \n- tests: only update last_byte when at the edge (Peter Xu) \n- migration: disallow recovery for release-ram (Peter Xu) \n- migration: update recv bitmap only on dest vm (Peter Xu) \n- audio/hda: Fix migration (Dr. David Alan Gilbert) \n- migrate: Fix cancelling state warning (Dr. David Alan Gilbert) \n- migration: fix potential overflow in multifd send (Peter Xu) \n- block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) \n- tests/tcg: remove runcom test (Alex Bennee) \n- docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) \n- docker: ignore distro versioning of debootstrap (Alex Bennee) \n- docker: add commentary to debian-bootstrap.docker (Alex Bennee) \n- docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) \n- docker: report hint when docker.py check fails (Alex Bennee) \n- docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) \n- docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) \n- docker: add test-unit runner (Alex Bennee) \n- docker: Makefile.include dont include partial images (Alex Bennee) \n- docker: gracefully skip check_qemu (Alex Bennee) \n- docker: move make check into check_qemu helper (Alex Bennee) \n- docker: split configure_qemu from build_qemu (Alex Bennee) \n- docker: fail more gracefully on docker.py check (Alex Bennee) \n- docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) \n- docker: base debian-tricore on qemu:debian9 (Alex Bennee) \n- tests/.gitignore: dont ignore docker tests (Alex Bennee) \n- target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) \n- hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) \n- ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) \n- qga: process_event() simplification and leak fix (Marc-Andre Lureau) \n- qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) \n- tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) \n- i386: Rename enum CacheType members (Eduardo Habkost) \n- block/vvfat: Disable debug message by default (Thomas Huth) \n- iotests: Disallow compat=0.10 in 223 (Max Reitz) \n- iotest: Fix filtering order in 226 (Max Reitz) \n- iotests: remove LUKS support from test 226 (John Snow) \n- qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) \n- block: Fix typos in comments (found by codespell) (Stefan Weil) \n- qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) \n- hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) \n- hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) \n- target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) \n- hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) \n- hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) \n- monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) \n- qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) \n- po: Dont include comments with location (Stefan Weil) \n- linux-user/ppc: Implement swapcontext syscall (Richard Henderson) \n- linux-user: fix ELF load alignment error (Laurent Vivier) \n- tap: fix memory leak on success to create a tap device (Yunjian Wang) \n- e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) \n- tcg/aarch64: limit mul_vec size (Alex Bennee) \n- spike: Fix crash when introspecting the device (Alistair Francis) \n- riscv_hart: Fix crash when introspecting the device (Alistair Francis) \n- virt: Fix crash when introspecting the device (Alistair Francis) \n- sifive_u: Fix crash when introspecting the device (Alistair Francis) \n- sifive_e: Fix crash when introspecting the device (Alistair Francis) \n- tracing: Use double-dash spelling for trace option (Yaowei Bai) \n- throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) \n- s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) \n- Update version for v3.0.0-rc1 release (Peter Maydell) \n- Document command line options with single dash (BALATON Zoltan) \n- opts: remove redundant check for NULL parameter (Daniel P. Berrange) \n- i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) \n- i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) \n- hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) \n- hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) \n- hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) \n- hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) \n- hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) \n- hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) \n- hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) \n- hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) \n- hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) \n- hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) \n- hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) \n- hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) \n- hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) \n- hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) \n- hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) \n- hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) \n- qom/object: Add a new function object_initialize_child() (Thomas Huth) \n- qga: fix file descriptor leak (Paolo Bonzini) \n- qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) \n- accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) \n- accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) \n- bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) \n- hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) \n- hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) \n- hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) \n- aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) \n- target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) \n- virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) \n- qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) \n- hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) \n- PC Chipset: Improve serial divisor calculation (Calvin Lee) \n- vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) \n- hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) \n- hyperv: rename vcpu_id to vp_index (Roman Kagan) \n- accel: Fix typo and grammar in comment (Stefan Weil) \n- dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) \n- monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) \n- MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) \n- qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) \n- cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) \n- qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) \n- sm501: Fix warning about unreachable code (BALATON Zoltan) \n- sam460ex: Correct use after free error (BALATON Zoltan) \n- etsec: fix IRQ (un)masking (Michael Davidsaver) \n- ppc/xics: fix ICP reset path (Greg Kurz) \n- spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) \n- sm501: Update screen on frame buffer address change (BALATON Zoltan) \n- Zero out the hosts 'msg_control' buffer (Jonas Schievink) \n- linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) \n- linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) \n- linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) \n- docs: Grammar and spelling fixes (Ville Skytte) \n- qemu-img: align result of is_allocated_sectors (Peter Lieven) \n- scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) \n- iotests: add test 226 for file driver types (John Snow) \n- file-posix: specify expected filetypes (John Snow) \n- iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) \n- iotests: 153: Fix dead code (Fam Zheng) \n- ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) \n- seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) \n- vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) \n- monitor: fix double-free of request error (Marc-Andre Lureau) \n- error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) \n- s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda)\n[12:2.11.1-2.el7]\n- hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753]\n- qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753]\n- pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753]\n- nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753]\n- block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106]\n- Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106]\n- block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106]\n- block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106]\n- block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106]\n- aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106]\n- qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300]\n- multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550}\n- CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030}\n- vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858}\n- keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795]\n- qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337]\n[12:2.11.1-1.el7]\n- BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04\n- Update qemu.spec version for 2.11.1", "edition": 70, "modified": "2018-11-20T00:00:00", "published": "2018-11-20T00:00:00", "id": "ELSA-2018-4285", "href": "http://linux.oracle.com/errata/ELSA-2018-4285.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-22T17:15:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16845", "CVE-2017-15124", "CVE-2017-15268", "CVE-2018-5683", "CVE-2018-15746", "CVE-2017-9503", "CVE-2018-19489", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-8112", "CVE-2017-7493", "CVE-2018-11806", "CVE-2018-12126", "CVE-2017-11334", "CVE-2018-12617", "CVE-2017-15119", "CVE-2018-10839", "CVE-2017-8379", "CVE-2018-16867", "CVE-2017-15038", "CVE-2018-20125", "CVE-2018-16847", "CVE-2018-20126", "CVE-2017-14167", "CVE-2017-13673", "CVE-2017-15289", "CVE-2019-8934", "CVE-2018-12127", "CVE-2017-8380", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-5715", "CVE-2017-2630", "CVE-2017-18030", "CVE-2018-17963", "CVE-2018-20216", "CVE-2019-6778", "CVE-2017-17381", "CVE-2017-7471", "CVE-2017-2633", "CVE-2019-9824", "CVE-2018-18849", "CVE-2018-20815", "CVE-2017-10806", "CVE-2019-5008", "CVE-2017-13672", "CVE-2018-19364", "CVE-2018-17962", "CVE-2018-16872", "CVE-2018-20191", "CVE-2019-3812", "CVE-2018-7550", "CVE-2017-18043", "CVE-2018-17958", "CVE-2019-6501", "CVE-2018-3639", "CVE-2019-11091", "CVE-2018-7858", "CVE-2018-20124", "CVE-2018-12130"], "description": "[15:3.1.0-3.el7]\n- x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as\n fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}\n {CVE-2018-12130} {CVE-2019-11091}\n[15:3.1.0-2.el7]\n- x86: Add mds feature (Karl Heubaum) \n- e1000: Never increment the RX undersize count register (Chris Kenna) \n- qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562]\n- parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548]\n- parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548]\n- parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548]\n- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]\n- Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}\n- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815}\n- slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824}\n- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}\n- scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501}\n- slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}\n[15:3.1.0-1.el7]\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized\n- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]\n- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]\n- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 29216704]\n- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]\n- i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]\n- i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]\n- usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}\n- pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}\n- pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}\n- pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}\n- pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}\n- rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}\n- i386: Add 'stibp' flag name (Eduardo Habkost) \n- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]\n- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]\n- Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}\n- qemu.spec: Initial qemu.spec (Mark Kanda) \n- virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) \n- qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) \n- qmp-regdump: Initial qmp-regdump (Mark Kanda) \n- bridge.conf: Initial bridge.conf (Mark Kanda) \n- kvm.conf: Initial kvm.conf (Mark Kanda) \n- 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)", "edition": 3, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-4630", "href": "http://linux.oracle.com/errata/ELSA-2019-4630.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2018-17958", "CVE-2018-17963", "CVE-2019-6501", "CVE-2019-6778", "CVE-2019-9824"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)\n\n* QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)\n\n* QEMU: net: ignore packets with large size (CVE-2018-17963)\n\n* QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)\n\n* QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-14] (BZ#1728358)\n\n* Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-13] (BZ#1728359)\n\n* Update qemu-kvm-rhev for RHEL 7.7 compatibility [OSP-10] (BZ#1728360)", "modified": "2019-08-09T04:44:15", "published": "2019-08-09T04:35:44", "id": "RHSA-2019:2425", "href": "https://access.redhat.com/errata/RHSA-2019:2425", "type": "redhat", "title": "(RHSA-2019:2425) Important: qemu-kvm-rhev security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-24T13:28:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10839", "CVE-2018-11806", "CVE-2018-17962", "CVE-2019-12155", "CVE-2019-6778"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)\n\n* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)\n\n* QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839)\n\n* QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-24T17:08:59", "published": "2019-09-24T16:48:33", "id": "RHSA-2019:2892", "href": "https://access.redhat.com/errata/RHSA-2019:2892", "type": "redhat", "title": "(RHSA-2019:2892) Important: qemu-kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T18:04:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2019-20382"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)\n\n* QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:41:17", "published": "2020-09-29T11:42:27", "id": "RHSA-2020:3906", "href": "https://access.redhat.com/errata/RHSA-2020:3906", "type": "redhat", "title": "(RHSA-2020:3906) Low: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-09-29T11:44:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2019-20382"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es):\n\n* QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)\n\n* QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:41:16", "published": "2020-09-29T11:42:34", "id": "RHSA-2020:3907", "href": "https://access.redhat.com/errata/RHSA-2020:3907", "type": "redhat", "title": "(RHSA-2020:3907) Low: qemu-kvm-ma security update", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T00:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17963", "CVE-2019-6501"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es):\n\n* QEMU: net: ignore packets with large size (CVE-2018-17963)\n\n* QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:43:58", "published": "2019-08-06T12:09:06", "id": "RHSA-2019:2166", "href": "https://access.redhat.com/errata/RHSA-2019:2166", "type": "redhat", "title": "(RHSA-2019:2166) Moderate: qemu-kvm-ma security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-22T10:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-17958", "CVE-2018-17963", "CVE-2018-20815", "CVE-2019-11091", "CVE-2019-6501", "CVE-2019-9824"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\n* QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)\n\n* QEMU: net: ignore packets with large size (CVE-2018-17963)\n\n* QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "modified": "2019-08-22T13:12:17", "published": "2019-08-22T13:08:03", "id": "RHSA-2019:2553", "href": "https://access.redhat.com/errata/RHSA-2019:2553", "type": "redhat", "title": "(RHSA-2019:2553) Important: qemu-kvm-rhev security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:33:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11806", "CVE-2018-10839", "CVE-2019-6778", "CVE-2018-17962", "CVE-2019-12155"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2892\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)\n\n* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)\n\n* QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839)\n\n* QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-September/035492.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-09-27T12:14:41", "published": "2019-09-27T12:14:41", "id": "CESA-2019:2892", "href": "http://lists.centos.org/pipermail/centos-announce/2019-September/035492.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-20T23:07:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2019-20382"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3906\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746)\n\n* QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012818.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T18:50:16", "published": "2020-10-20T18:50:16", "id": "CESA-2020:3906", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012818.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "citrix": [{"lastseen": "2021-01-19T22:28:24", "bulletinFamily": "software", "cvelist": ["CVE-2018-17958", "CVE-2020-14364"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<h2> Description of Problem</h2>\n<div>\n<div>\n<div>\n<p>Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host.</p>\n<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8.2 LTSR.</p>\n<p>These issues have the following identifiers:</p>\n<ul>\n<li>CVE-2020-14364</li>\n<li>CVE-2018-17958</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Mitigating Factors</h2>\n<div>\n<div>\n<div>\n<p>For customers who have not assigned PCI passthrough devices to untrustworthy guests (using the PCI-passthrough functionality of Citrix Hypervisor) the vulnerability is reduced to executing code within a deprivileged environment within the control domain.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Customers Should Do</h2>\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as soon as practicable. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix Hypervisor 8.2 LTSR: CTX280214 \u2013 <a href=\"https://support.citrix.com/article/CTX280214\">https://support.citrix.com/article/CTX280214</a></p>\n<p>Citrix Hypervisor 8.1: CTX280213 \u2013 <a href=\"https://support.citrix.com/article/CTX280213\">https://support.citrix.com/article/CTX280213</a></p>\n<p>Citrix Hypervisor 8.0: CTX280212 \u2013 <a href=\"https://support.citrix.com/article/CTX280212\">https://support.citrix.com/article/CTX280212</a></p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX280211 \u2013 <a href=\"https://support.citrix.com/article/CTX280211\">https://support.citrix.com/article/CTX280211</a></p>\n<p>Citrix XenServer 7.0: CTX280210 \u2013 <a href=\"https://support.citrix.com/article/CTX280210\">https://support.citrix.com/article/CTX280210</a></p>\n<p>Once the hotfix has been applied, the affected guest HVM VMs will need to be restarted or migrated to an updated host to make the remediation effective.</p>\n<p>Customers on Citrix Hypervisor 8.0 should be aware that this version will become End of Life on 31<sup>st</sup> August 2020 and that Citrix recommends that customers upgrade to a newer version.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Acknowledgements</h2>\n<div>\n<div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Citrix Is Doing</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Obtaining Support on This Issue</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Reporting Security Vulnerabilities</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">Date </td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-08-24</td>\n<td colspan=\"1\" rowspan=\"1\">Initial Publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "modified": "2020-08-24T04:00:00", "published": "2020-11-09T09:09:02", "id": "CTX280451", "href": "https://support.citrix.com/article/CTX280451", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-18T07:21:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15746", "CVE-2020-14364", "CVE-2020-1983", "CVE-2019-14378"], "description": "**Issue Overview:**\n\nqemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. ([CVE-2018-15746 __](<https://access.redhat.com/security/cve/CVE-2018-15746>))\n\nA heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process. ([CVE-2019-14378 __](<https://access.redhat.com/security/cve/CVE-2019-14378>))\n\nAn out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. ([CVE-2020-14364 __](<https://access.redhat.com/security/cve/CVE-2020-14364>))\n\nA use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service. ([CVE-2020-1983 __](<https://access.redhat.com/security/cve/CVE-2020-1983>))\n\n \n**Affected Packages:** \n\n\nqemu-kvm\n\n \n**Issue Correction:** \nRun _yum update qemu-kvm_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n src: \n qemu-kvm-1.5.3-156.24.amzn1.src \n \n x86_64: \n qemu-kvm-1.5.3-156.24.amzn1.x86_64 \n qemu-kvm-tools-1.5.3-156.24.amzn1.x86_64 \n qemu-kvm-common-1.5.3-156.24.amzn1.x86_64 \n qemu-img-1.5.3-156.24.amzn1.x86_64 \n qemu-kvm-debuginfo-1.5.3-156.24.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2020-11-14T01:23:00", "published": "2020-11-14T01:23:00", "id": "ALAS-2020-1449", "href": "https://alas.aws.amazon.com/ALAS-2020-1449.html", "title": "Important: qemu-kvm", "type": "amazon", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
