Search...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1500)

2020-04-16T00:00:00

ID OPENVAS:1361412562311220201500
Type openvas
Reporter Copyright (C) 2020 Greenbone Networks GmbH
Modified 2020-04-16T00:00:00

Description

The remote host is missing an update for the Huawei EulerOS

                                        
                                            # Copyright (C) 2020 Greenbone Networks GmbH
# Some text descriptions might be excerpted from the referenced
# advisories, and are Copyright (C) by the respective right holder(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2020.1500");
  script_version("2020-04-16T05:58:56+0000");
  script_cve_id("CVE-2017-5898");
  script_tag(name:"cvss_base", value:"2.1");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2020-04-16 05:58:56 +0000 (Thu, 16 Apr 2020)");
  script_tag(name:"creation_date", value:"2020-04-16 05:58:56 +0000 (Thu, 16 Apr 2020)");
  script_name("Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1500)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT-3\.0\.2\.2");

  script_xref(name:"EulerOS-SA", value:"2020-1500");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1500");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS
  'qemu-kvm' package(s) announced via the EulerOS-SA-2020-1500 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.(CVE-2017-5898)");

  script_tag(name:"affected", value:"'qemu-kvm' package(s) on Huawei EulerOS Virtualization 3.0.2.2.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROSVIRT-3.0.2.2") {

  if(!isnull(res = isrpmvuln(pkg:"qemu-gpu-specs", rpm:"qemu-gpu-specs~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-guest-agent", rpm:"qemu-guest-agent~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-kvm-common", rpm:"qemu-kvm-common~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-kvm-tools", rpm:"qemu-kvm-tools~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-seabios", rpm:"qemu-seabios~2.8.1~30.079", rls:"EULEROSVIRT-3.0.2.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562311220201500", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1500)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-04-16T00:00:00", "modified": "2020-04-16T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201500", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1500", "2020-1500"], "cvelist": ["CVE-2017-5898"], "lastseen": "2020-04-17T17:01:01", "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-5898", "CVE-2020-1500"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-842.NASL", "EULEROS_SA-2017-1223.NASL", "EULEROS_SA-2020-1500.NASL", "ORACLELINUX_ELSA-2017-1856.NASL", "REDHAT-RHSA-2017-1856.NASL", "EULEROS_SA-2020-1266.NASL", "SL_20170801_QEMU_KVM_ON_SL7_X.NASL", "DEBIAN_DLA-845.NASL", "CENTOS_RHSA-2017-1856.NASL", "EULEROS_SA-2017-1224.NASL"]}, {"type": "centos", "idList": ["CESA-2017:1856"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310890842", "OPENVAS:1361412562310872501", "OPENVAS:1361412562311220201266", "OPENVAS:1361412562310843132", "OPENVAS:1361412562310890845", "OPENVAS:1361412562311220171223", "OPENVAS:1361412562310872516", "OPENVAS:1361412562311220171224", "OPENVAS:1361412562310851524", "OPENVAS:1361412562310871866"]}, {"type": "redhat", "idList": ["RHSA-2017:2392", "RHSA-2017:1856"]}, {"type": "debian", "idList": ["DEBIAN:DLA-842-1:6B5AC", "DEBIAN:DLA-845-1:D7636"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1856"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1135-1", "SUSE-SU-2017:0625-1", "SUSE-SU-2017:0582-1", "SUSE-SU-2017:3084-1", "SUSE-SU-2017:0570-1", "OPENSUSE-SU-2017:0707-1", "SUSE-SU-2017:0661-1", "SUSE-SU-2017:0647-1", "SUSE-SU-2017:1241-1", "SUSE-SU-2018:0678-1"]}, {"type": "gentoo", "idList": ["GLSA-201702-28"]}, {"type": "ubuntu", "idList": ["USN-3261-1"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1500"]}], "modified": "2020-04-17T17:01:01", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-04-17T17:01:01", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "1361412562311220201500", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1500\");\n script_version(\"2020-04-16T05:58:56+0000\");\n script_cve_id(\"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:58:56 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:58:56 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1500)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1500\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1500\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2020-1500 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.(CVE-2017-5898)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-gpu-specs\", rpm:\"qemu-gpu-specs~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~2.8.1~30.079\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T20:13:34", "description": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-03-15T19:59:00", "title": "CVE-2017-5898", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5898"], "modified": "2020-11-10T18:55:00", "cpe": ["cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:suse:linux_enterprise_server_for_sap:12", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/a:qemu:qemu:2.8.1.1", "cpe:/o:suse:linux_enterprise_server:12"], "id": "CVE-2017-5898", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5898", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T09:04:01", "description": "According to the version of the qemu-kvm packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Integer overflow in the emulated_apdu_from_guest\n function in usb/dev-smartcard-reader.c in Quick\n Emulator (Qemu), when built with the CCID Card device\n emulator support, allows local users to cause a denial\n of service (application crash) via a large Application\n Protocol Data Units (APDU) unit.(CVE-2017-5898)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-04-16T00:00:00", "title": "EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2020-1500)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898"], "modified": "2020-04-16T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-guest-agent", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-gpu-specs", "p-cpe:/a:huawei:euleros:qemu-kvm-tools", "p-cpe:/a:huawei:euleros:qemu-seabios"], "id": "EULEROS_SA-2020-1500.NASL", "href": "https://www.tenable.com/plugins/nessus/135662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135662);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5898\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2020-1500)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the qemu-kvm packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Integer overflow in the emulated_apdu_from_guest\n function in usb/dev-smartcard-reader.c in Quick\n Emulator (Qemu), when built with the CCID Card device\n emulator support, allows local users to cause a denial\n of service (application crash) via a large Application\n Protocol Data Units (APDU) unit.(CVE-2017-5898)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1500\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a66f0ccd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-gpu-specs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-gpu-specs-2.8.1-30.079\",\n \"qemu-guest-agent-2.8.1-30.079\",\n \"qemu-img-2.8.1-30.079\",\n \"qemu-kvm-2.8.1-30.079\",\n \"qemu-kvm-common-2.8.1-30.079\",\n \"qemu-kvm-tools-2.8.1-30.079\",\n \"qemu-seabios-2.8.1-30.079\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:50:06", "description": "Security Fix(es) :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside a\n guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick Emulator\n (QEMU) in Task Priority Register (TPR) optimizations for\n 32-bit Windows guests. The flaw could occur while\n accessing TPR. A privileged user inside a guest could\n use this issue to read portions of the host memory.\n (CVE-2016-4020)", "edition": 16, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-08-22T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170801)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "modified": "2017-08-22T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo"], "id": "SL_20170801_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102655);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170801)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside a\n guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick Emulator\n (QEMU) in Task Priority Register (TPR) optimizations for\n 32-bit Windows guests. The flaw could occur while\n accessing TPR. A privileged user inside a guest could\n use this issue to read portions of the host memory.\n (CVE-2016-4020)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=12131\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76fa9882\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:51:39", "description": "From Red Hat Security Advisory 2017:1856 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.", "edition": 26, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-08-09T00:00:00", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2017-1856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "modified": "2017-08-09T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-kvm-tools", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-img", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:qemu-kvm"], "id": "ORACLELINUX_ELSA-2017-1856.NASL", "href": "https://www.tenable.com/plugins/nessus/102284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1856 and \n# Oracle Linux Security Advisory ELSA-2017-1856 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102284);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_xref(name:\"RHSA\", value:\"2017:1856\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2017-1856)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:1856 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007084.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:08:11", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.", "edition": 30, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-08-03T00:00:00", "title": "RHEL 7 : qemu-kvm (RHSA-2017:1856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm"], "id": "REDHAT-RHSA-2017-1856.NASL", "href": "https://www.tenable.com/plugins/nessus/102145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1856. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102145);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_xref(name:\"RHSA\", value:\"2017:1856\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2017:1856)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5898\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1856\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-141.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:31:31", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.", "edition": 29, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-08-25T00:00:00", "title": "CentOS 7 : qemu-kvm (CESA-2017:1856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "modified": "2017-08-25T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-kvm-common", "p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm-tools"], "id": "CENTOS_RHSA-2017-1856.NASL", "href": "https://www.tenable.com/plugins/nessus/102737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1856 and \n# CentOS Errata and Security Advisory 2017:1856 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102737);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_xref(name:\"RHSA\", value:\"2017:1856\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2017:1856)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm package provides\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* An out-of-bounds memory access issue was found in Quick Emulator\n(QEMU) in the VNC display driver. This flaw could occur while\nrefreshing the VNC display surface area in the\n'vnc_refresh_server_surface'. A user inside a guest could use this\nflaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the\nCCID Card device support. The flaw could occur while passing messages\nvia command/response packets to and from the host. A privileged user\ninside a guest could use this flaw to crash the QEMU process.\n(CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in\nTask Priority Register (TPR) optimizations for 32-bit Windows guests.\nThe flaw could occur while accessing TPR. A privileged user inside a\nguest could use this issue to read portions of the host memory.\n(CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting\nCVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\nCVE-2016-4020.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d114f6a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-141.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-141.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:52:35", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick\n Emulator (QEMU) in Task Priority Register (TPR)\n optimizations for 32-bit Windows guests. The flaw could\n occur while accessing TPR. A privileged user inside a\n guest could use this issue to read portions of the host\n memory. (CVE-2016-4020)\n\n - Quick Emulator (QEMU) built with the Network Block\n Device (NBD) Server support is vulnerable to a crash\n via a SIGPIPE signal. The crash can occur if a client\n aborts a connection due to any failure during\n negotiation or read operation. A remote user/process\n could use this flaw to crash the qemu-nbd server\n resulting in a DoS. (CVE-2017-10664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-11T00:00:00", "title": "EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1224)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2017-10664", "CVE-2016-4020"], "modified": "2017-09-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1224.NASL", "href": "https://www.tenable.com/plugins/nessus/103082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103082);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4020\",\n \"CVE-2017-10664\",\n \"CVE-2017-2633\",\n \"CVE-2017-5898\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1224)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick\n Emulator (QEMU) in Task Priority Register (TPR)\n optimizations for 32-bit Windows guests. The flaw could\n occur while accessing TPR. A privileged user inside a\n guest could use this issue to read portions of the host\n memory. (CVE-2016-4020)\n\n - Quick Emulator (QEMU) built with the Network Block\n Device (NBD) Server support is vulnerable to a crash\n via a SIGPIPE signal. The crash can occur if a client\n aborts a connection due to any failure during\n negotiation or read operation. A remote user/process\n could use this flaw to crash the qemu-nbd server\n resulting in a DoS. (CVE-2017-10664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1224\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2246a61\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-141.h1\",\n \"qemu-kvm-1.5.3-141.h1\",\n \"qemu-kvm-common-1.5.3-141.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:52:35", "description": "According to the versions of the qemu-kvm package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick\n Emulator (QEMU) in Task Priority Register (TPR)\n optimizations for 32-bit Windows guests. The flaw could\n occur while accessing TPR. A privileged user inside a\n guest could use this issue to read portions of the host\n memory. (CVE-2016-4020)\n\n - Quick Emulator (QEMU) built with the Network Block\n Device (NBD) Server support is vulnerable to a crash\n via a SIGPIPE signal. The crash can occur if a client\n aborts a connection due to any failure during\n negotiation or read operation. A remote user/process\n could use this flaw to crash the qemu-nbd server\n resulting in a DoS. (CVE-2017-10664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-11T00:00:00", "title": "EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2017-10664", "CVE-2016-4020"], "modified": "2017-09-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-img", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1223.NASL", "href": "https://www.tenable.com/plugins/nessus/103081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103081);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4020\",\n \"CVE-2017-10664\",\n \"CVE-2017-2633\",\n \"CVE-2017-5898\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw\n could occur while refreshing the VNC display surface\n area in the 'vnc_refresh_server_surface'. A user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU process.\n (CVE-2017-5898)\n\n - An information exposure flaw was found in Quick\n Emulator (QEMU) in Task Priority Register (TPR)\n optimizations for 32-bit Windows guests. The flaw could\n occur while accessing TPR. A privileged user inside a\n guest could use this issue to read portions of the host\n memory. (CVE-2016-4020)\n\n - Quick Emulator (QEMU) built with the Network Block\n Device (NBD) Server support is vulnerable to a crash\n via a SIGPIPE signal. The crash can occur if a client\n aborts a connection due to any failure during\n negotiation or read operation. A remote user/process\n could use this flaw to crash the qemu-nbd server\n resulting in a DoS. (CVE-2017-10664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1223\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f0bf336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-141.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:44:18", "description": "Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86\nguests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data via\nbitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of qemu-kvm\nprocess on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data in\ncirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of qemu-kvm\nprocess on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash\nthe qemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian\nbut we apply the patch to the sources to stay in sync with\nthe qemu package.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable to\nan infinite loop issue. It could occur while processing control\ntransfer descriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash\nthe qemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 26, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-01T00:00:00", "title": "Debian DLA-842-1 : qemu-kvm security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "modified": "2017-03-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:kvm", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:qemu-kvm-dbg"], "id": "DEBIAN_DLA-842.NASL", "href": "https://www.tenable.com/plugins/nessus/97439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-842-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97439);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Debian DLA-842-1 : qemu-kvm security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86\nguests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data via\nbitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of qemu-kvm\nprocess on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data in\ncirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of qemu-kvm\nprocess on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash\nthe qemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian\nbut we apply the patch to the sources to stay in sync with\nthe qemu package.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable to\nan infinite loop issue. It could occur while processing control\ntransfer descriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash\nthe qemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected kvm, qemu-kvm, and qemu-kvm-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kvm\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-kvm-dbg\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:44:19", "description": "Several vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data via\nbitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of Qemu process\non the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data in\ncirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of Qemu process\non the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process on host resulting in DoS.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu is vulnerable to an\ninfinite loop issue. It could occur while processing control transfer\ndescriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 26, "cvss3": {"score": 9.9, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-02T00:00:00", "title": "Debian DLA-845-1 : qemu security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "modified": "2017-03-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu-utils", "p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-keymaps", "p-cpe:/a:debian:debian_linux:qemu-user", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:qemu-user-static"], "id": "DEBIAN_DLA-845.NASL", "href": "https://www.tenable.com/plugins/nessus/97473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-845-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97473);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024\");\n\n script_name(english:\"Debian DLA-845-1 : qemu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data via\nbitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of Qemu process\non the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data in\ncirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS OR potentially execute\narbitrary code on the host with privileges of Qemu process\non the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process on host resulting in DoS.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu is vulnerable to an\ninfinite loop issue. It could occur while processing control transfer\ndescriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash\nthe Qemu process resulting in DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-keymaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"qemu\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-keymaps\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-system\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-user-static\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"qemu-utils\", reference:\"1.1.2+dfsg-6+deb7u20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T09:03:12", "description": "According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a\n heap-based buffer overflow.(CVE-2019-6778)\n\n - A flaw was found in QEMU's Media Transfer Protocol\n (MTP). The code opening files in usb_mtp_get_object and\n usb_mtp_get_partial_object and directories in\n usb_mtp_object_readdir doesn't consider that the\n underlying filesystem may have changed since the time\n lstat(2) was called in usb_mtp_object_alloc, a\n classical TOCTTOU problem. An attacker with write\n access to the host filesystem, shared with a guest, can\n use this property to navigate the host filesystem in\n the context of the QEMU process and read any file the\n QEMU process has access to. Access to the filesystem\n may be local or via a network share protocol such as\n CIFS.(CVE-2018-16872)\n\n - hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an\n fid path while it is being accessed by a second thread,\n leading to (for example) a use-after-free\n outcome.(CVE-2018-19364)\n\n - v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS\n users to cause a denial of service (crash) because of a\n race condition during file renaming.(CVE-2018-19489)\n\n - QEMU, through version 2.10 and through version 3.1.0,\n is vulnerable to an out-of-bounds read of up to 128\n bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A\n local attacker with permission to execute i2c commands\n could exploit this to read stack memory of the qemu\n process on the host.(CVE-2019-3812)\n\n - Memory leak in hw/audio/ac97.c in QEMU (aka Quick\n Emulator) allows local guest OS privileged users to\n cause a denial of service (host memory consumption and\n QEMU process crash) via a large number of device unplug\n operations.(CVE-2017-5525)\n\n - Memory leak in hw/audio/es1370.c in QEMU (aka Quick\n Emulator) allows local guest OS privileged users to\n cause a denial of service (host memory consumption and\n QEMU process crash) via a large number of device unplug\n operations.(CVE-2017-5526)\n\n - The sdhci_sdma_transfer_multi_blocks function in\n hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local\n OS guest privileged users to cause a denial of service\n (infinite loop and QEMU process crash) via vectors\n involving the transfer mode register during multi block\n transfer.(CVE-2017-5987)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU\n process.(CVE-2017-5898)\n\n - The xhci_kick_epctx function in hw/usb/hcd-xhci.c in\n QEMU (aka Quick Emulator) allows local guest OS\n privileged users to cause a denial of service (infinite\n loop and QEMU process crash) via vectors related to\n control transfer descriptor sequence.(CVE-2017-5973)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-5898", "CVE-2019-6778", "CVE-2018-19364", "CVE-2018-16872", "CVE-2019-3812"], "modified": "2020-03-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-kvm-tools"], "id": "EULEROS_SA-2020-1266.NASL", "href": "https://www.tenable.com/plugins/nessus/134555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134555);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5525\",\n \"CVE-2017-5526\",\n \"CVE-2017-5898\",\n \"CVE-2017-5973\",\n \"CVE-2017-5987\",\n \"CVE-2018-16872\",\n \"CVE-2018-19364\",\n \"CVE-2018-19489\",\n \"CVE-2019-3812\",\n \"CVE-2019-6778\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1266)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a\n heap-based buffer overflow.(CVE-2019-6778)\n\n - A flaw was found in QEMU's Media Transfer Protocol\n (MTP). The code opening files in usb_mtp_get_object and\n usb_mtp_get_partial_object and directories in\n usb_mtp_object_readdir doesn't consider that the\n underlying filesystem may have changed since the time\n lstat(2) was called in usb_mtp_object_alloc, a\n classical TOCTTOU problem. An attacker with write\n access to the host filesystem, shared with a guest, can\n use this property to navigate the host filesystem in\n the context of the QEMU process and read any file the\n QEMU process has access to. Access to the filesystem\n may be local or via a network share protocol such as\n CIFS.(CVE-2018-16872)\n\n - hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an\n fid path while it is being accessed by a second thread,\n leading to (for example) a use-after-free\n outcome.(CVE-2018-19364)\n\n - v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS\n users to cause a denial of service (crash) because of a\n race condition during file renaming.(CVE-2018-19489)\n\n - QEMU, through version 2.10 and through version 3.1.0,\n is vulnerable to an out-of-bounds read of up to 128\n bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A\n local attacker with permission to execute i2c commands\n could exploit this to read stack memory of the qemu\n process on the host.(CVE-2019-3812)\n\n - Memory leak in hw/audio/ac97.c in QEMU (aka Quick\n Emulator) allows local guest OS privileged users to\n cause a denial of service (host memory consumption and\n QEMU process crash) via a large number of device unplug\n operations.(CVE-2017-5525)\n\n - Memory leak in hw/audio/es1370.c in QEMU (aka Quick\n Emulator) allows local guest OS privileged users to\n cause a denial of service (host memory consumption and\n QEMU process crash) via a large number of device unplug\n operations.(CVE-2017-5526)\n\n - The sdhci_sdma_transfer_multi_blocks function in\n hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local\n OS guest privileged users to cause a denial of service\n (infinite loop and QEMU process crash) via vectors\n involving the transfer mode register during multi block\n transfer.(CVE-2017-5987)\n\n - An integer overflow flaw was found in Quick Emulator\n (QEMU) in the CCID Card device support. The flaw could\n occur while passing messages via command/response\n packets to and from the host. A privileged user inside\n a guest could use this flaw to crash the QEMU\n process.(CVE-2017-5898)\n\n - The xhci_kick_epctx function in hw/usb/hcd-xhci.c in\n QEMU (aka Quick Emulator) allows local guest OS\n privileged users to cause a denial of service (infinite\n loop and QEMU process crash) via vectors related to\n control transfer descriptor sequence.(CVE-2017-5973)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1266\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70651d73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6778\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-2.8.1-30.100\",\n \"qemu-kvm-2.8.1-30.100\",\n \"qemu-kvm-common-2.8.1-30.100\",\n \"qemu-kvm-tools-2.8.1-30.100\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1856\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting CVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004489.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-08-24T01:40:58", "published": "2017-08-24T01:40:58", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004489.html", "id": "CESA-2017:1856", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310871866", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871866", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2017:1856-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_1856-01_qemu-kvm.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for qemu-kvm RHSA-2017:1856-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871866\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:53 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2017:1856-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kernel-based Virtual Machine (KVM) is a full\n virtualization solution for Linux on a variety of architectures. The qemu-kvm\n package provides the user-space component for running virtual machines that use\n KVM. Security Fix(es): * An out-of-bounds memory access issue was found in Quick\n Emulator (QEMU) in the VNC display driver. This flaw could occur while\n refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A\n user inside a guest could use this flaw to crash the QEMU process.\n (CVE-2017-2633) * An integer overflow flaw was found in Quick Emulator (QEMU) in\n the CCID Card device support. The flaw could occur while passing messages via\n command/response packets to and from the host. A privileged user inside a guest\n could use this flaw to crash the QEMU process. (CVE-2017-5898) * An information\n exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR)\n optimizations for 32-bit Windows guests. The flaw could occur while accessing\n TPR. A privileged user inside a guest could use this issue to read portions of\n the host memory. (CVE-2016-4020) Red Hat would like to thank Li Qiang (360.cn\n Inc.) for reporting CVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting\n CVE-2016-4020. Additional Changes: For detailed information on changes in this\n release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the\n References section.\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1856-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~141.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~141.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~1.5.3~141.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~1.5.3~141.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2017-10664", "CVE-2016-4020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171223", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1223)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1223\");\n script_version(\"2020-01-23T10:59:46+0000\");\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-10664\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:59:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:59:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1223)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1223\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1223\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1223 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633)\n\nAn integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)\n\nAn information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)\n\nQuick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5898", "CVE-2017-2633", "CVE-2017-10664", "CVE-2016-4020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171224", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1224)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1224\");\n script_version(\"2020-01-23T10:59:49+0000\");\n script_cve_id(\"CVE-2016-4020\", \"CVE-2017-10664\", \"CVE-2017-2633\", \"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:59:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:59:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1224)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1224\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1224\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1224 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633)\n\nAn integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)\n\nAn information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)\n\nQuick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~1.5.3~141.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~1.5.3~141.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~1.5.3~141.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:11:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Several vulnerabilities were discovered in qemu, a fast processor emulator.", "modified": "2020-01-29T00:00:00", "published": "2018-01-12T00:00:00", "id": "OPENVAS:1361412562310890845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890845", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-845-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890845\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9921\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-845-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in qemu, a fast processor emulator.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nvia bitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nin cirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian but we\napply the patch to the sources to stay in sync with the qemu\npackage.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable\nto an infinite loop issue. It could occur while processing control\ntransfer descriptors", "modified": "2020-01-29T00:00:00", "published": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310890842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890842", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu-kvm (DLA-842-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890842\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9921\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5898\", \"CVE-2017-5973\");\n script_name(\"Debian LTS: Security Advisory for qemu-kvm (DLA-842-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"qemu-kvm on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nvia bitblt copy in backward mode.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\nThe Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\nout-of-bounds access issue. It could occur while copying VGA data\nin cirrus_bitblt_cputovideo.\n\nA privileged user inside guest could use this flaw to crash the\nQemu process resulting in DoS OR potentially execute arbitrary\ncode on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\nThe CCID Card device emulator support is vulnerable to an integer\noverflow flaw. It could occur while passing message via\ncommand/responses packets to and from the host.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process on the host resulting in a DoS.\n\nThis issue does not affect the qemu-kvm binaries in Debian but we\napply the patch to the sources to stay in sync with the qemu\npackage.\n\nCVE-2017-5973\n\nThe USB xHCI controller emulator support in qemu-kvm is vulnerable\nto an infinite loop issue. It could occur while processing control\ntransfer descriptors' sequence in xhci_kick_epctx.\n\nA privileged user inside guest could use this flaw to crash the\nqemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"kvm\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"1.1.2+dfsg-6+deb7u20\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T16:50:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19489", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-5898", "CVE-2019-6778", "CVE-2018-19364", "CVE-2018-16872", "CVE-2019-3812"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201266", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1266)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1266\");\n script_version(\"2020-03-13T07:19:02+0000\");\n script_cve_id(\"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5898\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2018-16872\", \"CVE-2018-19364\", \"CVE-2018-19489\", \"CVE-2019-3812\", \"CVE-2019-6778\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:19:02 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:19:02 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1266)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1266\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1266\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qemu-kvm' package(s) announced via the EulerOS-SA-2020-1266 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.(CVE-2019-6778)\n\nA flaw was found in QEMU's Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem, shared with a guest, can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.(CVE-2018-16872)\n\nhw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.(CVE-2018-19364)\n\nv9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.(CVE-2018-19489)\n\nQEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.(CVE-2019-3812)\n\nMemory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.(CVE-2017-5525)\n\nMemory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.(CVE-2017-5526)\n\nThe sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.(CVE-2017-5987)\n\nAn integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process.(CVE-2017-5898)\n\nThe xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.(CVE-2017-5973)\");\n\n script_tag(name:\"affected\", value:\"'qemu-kvm' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~2.8.1~30.100\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.8.1~30.100\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-common\", rpm:\"qemu-kvm-common~2.8.1~30.100\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~2.8.1~30.100\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310872516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872516", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-62ac1230f7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-62ac1230f7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872516\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:53:52 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2016-10155\", \"CVE-2017-5552\",\n \"CVE-2017-5667\", \"CVE-2017-5857\", \"CVE-2017-5856\", \"CVE-2017-5898\",\n \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-62ac1230f7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-62ac1230f7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3M6HH35GUTRSIKPUWQYKAFUOT25GJXE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~7.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2017-5525", "CVE-2016-7907", "CVE-2017-5987", "CVE-2017-5898", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-6058", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-19T00:00:00", "id": "OPENVAS:1361412562310872501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872501", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-31b976672b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-31b976672b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872501\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-19 05:54:12 +0100 (Sun, 19 Mar 2017)\");\n script_cve_id(\"CVE-2016-7907\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2016-10155\",\n\t\t\"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\", \"CVE-2017-5856\",\n\t\t\"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5987\", \"CVE-2017-6058\",\n \t\"CVE-2017-6505\", \"CVE-2017-2615\", \"CVE-2017-2620\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-31b976672b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-31b976672b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYFUMFAMU5GEQUVDAYGEUWAHFPUP2DN6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:49:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310851524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851524", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0707-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851524\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 06:32:47 +0100 (Fri, 17 Mar 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-9921\",\n \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\",\n \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5667\",\n \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:0707-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure\n or privilege escalation (bsc#1023004)\n\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0707-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~29.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~29.8\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~29.4\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-21T00:00:00", "id": "OPENVAS:1361412562310843132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843132", "type": "openvas", "title": "Ubuntu Update for qemu USN-3261-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qemu USN-3261-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843132\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-21 06:43:11 +0200 (Fri, 21 Apr 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-7907\",\n \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9381\", \"CVE-2016-9602\",\n \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9908\",\n \"CVE-2016-9846\", \"CVE-2016-9912\", \"CVE-2017-5552\", \"CVE-2017-5578\",\n \"CVE-2017-5857\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9913\",\n \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\",\n \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-2633\",\n \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\",\n \"CVE-2017-5856\", \"CVE-2017-5898\", \"CVE-2017-5973\", \"CVE-2017-5987\",\n \"CVE-2017-6505\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3261-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Zhenhao Hong discovered that QEMU\nincorrectly handled the Virtio GPU device. An attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used\nwith Xen. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue to\naccess files on the host file system outside of the shared directory and\npossibly escalate their privileges. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the host. In the\ndefault installation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this iss ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3261-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/USN-3261-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4020", "CVE-2017-2633", "CVE-2017-5898"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)\n\nRed Hat would like to thank Li Qiang (360.cn Inc.) for reporting CVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-04-12T03:32:38", "published": "2017-08-01T09:55:25", "id": "RHSA-2017:1856", "href": "https://access.redhat.com/errata/RHSA-2017:1856", "type": "redhat", "title": "(RHSA-2017:1856) Moderate: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10155", "CVE-2016-4020", "CVE-2016-6835", "CVE-2016-6888", "CVE-2016-7422", "CVE-2016-7466", "CVE-2016-8576", "CVE-2016-8669", "CVE-2016-8909", "CVE-2016-8910", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-2630", "CVE-2017-5579", "CVE-2017-5898", "CVE-2017-5973", "CVE-2017-9310", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nThe following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.9.0). (BZ#1387372, BZ#1387600, BZ#1400962)\n\nSecurity Fix(es):\n\n* A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. (CVE-2017-2630)\n\n* An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898)\n\n* An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)\n\n* A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, affecting other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance. (CVE-2016-7466)\n\n* Multiple CVEs(CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375) were fixed as result of rebase to QEMU version 2.9.0.\n\nRed Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6835 and CVE-2016-6888; Li Qiang (360.cn Inc.) for reporting CVE-2017-5898, CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, and CVE-2017-5973; Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020; Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn Inc.) for reporting CVE-2016-7422; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, and CVE-2017-9375.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "modified": "2018-03-19T16:29:42", "published": "2017-08-01T19:48:43", "id": "RHSA-2017:2392", "href": "https://access.redhat.com/errata/RHSA-2017:2392", "type": "redhat", "title": "(RHSA-2017:2392) Important: qemu-kvm-rhev security, bug fix, and enhancement update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Package : qemu-kvm\nVersion : 1.1.2+dfsg-6+deb7u20\nCVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973\n\n\nSeveral vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution for Linux hosts on x86 hardware with x86 guests.\n\nCVE-2017-2615\n\n The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n via bitblt copy in backward mode.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-2620\n\n The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n in cirrus_bitblt_cputovideo.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of qemu-kvm process on the host.\n\nCVE-2017-5898\n\n The CCID Card device emulator support is vulnerable to an integer\n overflow flaw. It could occur while passing message via\n command/responses packets to and from the host.\n\n A privileged user inside guest could use this flaw to crash the\n qemu-kvm process on the host resulting in a DoS.\n\n This issue does not affect the qemu-kvm binaries in Debian but we\n apply the patch to the sources to stay in sync with the qemu\n package.\n\nCVE-2017-5973\n\n The USB xHCI controller emulator support in qemu-kvm is vulnerable\n to an infinite loop issue. It could occur while processing control\n transfer descriptors' sequence in xhci_kick_epctx.\n\n A privileged user inside guest could use this flaw to crash the\n qemu-kvm process resulting in a DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-02-28T22:10:25", "published": "2017-02-28T22:10:25", "id": "DEBIAN:DLA-842-1:6B5AC", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201702/msg00033.html", "title": "[SECURITY] [DLA 842-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620"], "description": "Package : qemu\nVersion : 1.1.2+dfsg-6+deb7u20\nCVE ID : CVE-2017-2615 CVE-2017-2620 CVE-2017-5898 CVE-2017-5973\nDebian Bug : \n\nSeveral vulnerabilities were discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2017-2615\n\n The Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n via bitblt copy in backward mode.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of Qemu process on the host.\n\nCVE-2017-2620\n\n The Cirrus CLGD 54xx VGA Emulator in qemu is vulnerable to an\n out-of-bounds access issue. It could occur while copying VGA data\n in cirrus_bitblt_cputovideo.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS OR potentially execute arbitrary\n code on the host with privileges of Qemu process on the host.\n\nCVE-2017-5898\n\n The CCID Card device emulator support is vulnerable to an integer\n overflow flaw. It could occur while passing message via\n command/responses packets to and from the host.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process on host resulting in DoS.\n\nCVE-2017-5973\n\n The USB xHCI controller emulator support in qemu is vulnerable\n to an infinite loop issue. It could occur while processing control\n transfer descriptors' sequence in xhci_kick_epctx.\n\n A privileged user inside guest could use this flaw to crash the\n Qemu process resulting in DoS.\n\nThis update also updates the fix CVE-2016-9921 since it was too strict\nand broke certain guests.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.1.2+dfsg-6+deb7u20.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-03-01T19:52:31", "published": "2017-03-01T19:52:31", "id": "DEBIAN:DLA-845-1:D7636", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00001.html", "title": "[SECURITY] [DLA 845-1] qemu security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2615", "CVE-2015-5225", "CVE-2017-5898", "CVE-2017-2633", "CVE-2016-4020", "CVE-2017-2620", "CVE-2016-2857", "CVE-2017-9524", "CVE-2016-9603"], "description": "[1.5.3-141.el7]\n- kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch [bz#1455745]\n- kvm-Do-not-hang-on-full-PTY.patch [bz#1452067]\n- kvm-serial-fixing-vmstate-for-save-restore.patch [bz#1452067]\n- kvm-serial-reinstate-watch-after-migration.patch [bz#1452067]\n- kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1451614]\n- kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1451614]\n- Resolves: bz#1451614\n (CVE-2017-9524 qemu-kvm: segment fault when private user nmap qemu-nbd server [rhel-7.4])\n- Resolves: bz#1452067\n (migration can confuse serial port user)\n- Resolves: bz#1455745\n (Backport fix for broken logic thats supposed to ensure memory slots are page aligned)\n[1.5.3-140.el7]\n- kvm-spice-fix-spice_chr_add_watch-pre-condition.patch [bz#1456983]\n- Resolves: bz#1456983\n (Character device regression due to missing patch)\n[1.5.3-139.el7]\n- kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch [bz#1451470]\n- Resolves: bz#1451470\n (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop)\n[1.5.3-138.el7]\n- kvm-char-serial-cosmetic-fixes.patch [bz#1451470]\n- kvm-char-serial-Use-generic-Fifo8.patch [bz#1451470]\n- kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch [bz#1451470]\n- kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch [bz#1451470]\n- kvm-char-serial-Fix-emptyness-check.patch [bz#1451470]\n- kvm-char-serial-Fix-emptyness-handling.patch [bz#1451470]\n- kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch [bz#1451470]\n- kvm-serial-change-retry-logic-to-avoid-concurrency.patch [bz#1451470]\n- kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch [bz#1451470]\n- kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch [bz#1451470]\n- kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch [bz#1451470]\n- kvm-serial-clean-up-THRE-TEMT-handling.patch [bz#1451470]\n- kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch [bz#1451470]\n- kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch [bz#1451470]\n- kvm-serial-make-tsr_retry-unsigned.patch [bz#1451470]\n- kvm-serial-simplify-tsr_retry-reset.patch [bz#1451470]\n- kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch [bz#1451470]\n- kvm-serial-remove-watch-on-reset.patch [bz#1451470]\n- Resolves: bz#1451470\n (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop)\n[1.5.3-137.el7]\n- kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1299875]\n- Resolves: bz#1299875\n (system_reset should clear pending request for error (IDE))\n[1.5.3-136.el7]\n- kvm-target-i386-get-set-migrate-XSAVES-state.patch [bz#1327593]\n- kvm-Removing-texi2html-from-build-requirements.patch [bz#1440987]\n- kvm-Disable-build-of-32bit-packages.patch [bz#1441778]\n- kvm-Add-sample-images-to-srpm.patch [bz#1436280]\n- Resolves: bz#1327593\n ([Intel 7.4 FEAT] KVM Enable the XSAVEC, XSAVES and XRSTORS instructions)\n- Resolves: bz#1436280\n (sample images for qemu-iotests are missing in the SRPM)\n- Resolves: bz#1440987\n (Remove texi2html build dependancy from RPM)\n- Resolves: bz#1441778\n (Stop building qemu-img for 32bit architectures.)\n[1.5.3-135.el7]\n- kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430060]\n- kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430060]\n- kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430060]\n- kvm-cirrus-fix-cirrus_invalidate_region.patch [bz#1430060]\n- kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1430060]\n- kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1430060]\n- kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1430060]\n- Resolves: bz#1430060\n (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-7.4])\n[1.5.3-134.el7]\n- kvm-ui-vnc-introduce-VNC_DIRTY_PIXELS_PER_BIT-macro.patch [bz#1377977]\n- kvm-ui-vnc-derive-cmp_bytes-from-VNC_DIRTY_PIXELS_PER_BI.patch [bz#1377977]\n- kvm-ui-vnc-optimize-dirty-bitmap-tracking.patch [bz#1377977]\n- kvm-ui-vnc-optimize-setting-in-vnc_dpy_update.patch [bz#1377977]\n- kvm-ui-vnc-fix-vmware-VGA-incompatiblities.patch [bz#1377977]\n- kvm-ui-vnc-fix-potential-memory-corruption-issues.patch [bz#1377977]\n- kvm-vnc-fix-memory-corruption-CVE-2015-5225.patch [bz#1377977]\n- kvm-vnc-fix-overflow-in-vnc_update_stats.patch [bz#1377977]\n- kvm-i386-kvmvapic-initialise-imm32-variable.patch [bz#1335751]\n- kvm-qemu-iotests-Filter-out-actual-image-size-in-067.patch [bz#1427176]\n- vm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_ref2.patch [bz#1427176]\n- kvm-qemu-iotests-Fix-core-dump-suppression-in-test-039.patch [bz#1427176]\n- kvm-qemu-io-Add-sigraise-command.patch [bz#1427176]\n- kvm-iotests-Filter-for-Killed-in-qemu-io-output.patch [bz#1427176]\n- kvm-iotests-Fix-test-039.patch [bz#1427176]\n- kvm-blkdebug-Add-bdrv_truncate.patch [bz#1427176]\n- kvm-vhdx-Fix-zero-fill-iov-length.patch [bz#1427176]\n- kvm-qemu-iotests-Disable-030-040-041.patch [bz#1427176]\n- kvm-x86-add-AVX512_VPOPCNTDQ-features.patch [bz#1415830]\n- kvm-usb-ccid-check-ccid-apdu-length.patch [bz#1419818]\n- kvm-usb-ccid-better-bulk_out-error-handling.patch [bz#1419818]\n- kvm-usb-ccid-move-header-size-check.patch [bz#1419818]\n- kvm-usb-ccid-add-check-message-size-checks.patch [bz#1419818]\n- kvm-spec-Update-rdma-build-dependency.patch [bz#1433920]\n- Resolves: bz#1335751\n (CVE-2016-4020 qemu-kvm: Qemu: i386: leakage of stack memory to guest in kvmvapic.c [rhel-7.4])\n- Resolves: bz#1377977\n (qemu-kvm coredump in vnc_raw_send_framebuffer_update [rhel-7.4])\n- Resolves: bz#1415830\n ([Intel 7.4 FEAT] Enable vpopcntdq for KNM - qemu/kvm)\n- Resolves: bz#1419818\n (CVE-2017-5898 qemu-kvm: Qemu: usb: integer overflow in emulated_apdu_from_guest [rhel-7.4])\n- Resolves: bz#1427176\n (test cases of qemu-iotests failed)\n- Resolves: bz#1433920\n (Switch from librdmacm-devel to rdma-core-devel)\n[1.5.3-133.el7]\n- kvm-target-i386-add-Ivy-Bridge-CPU-model.patch [bz#1368375]\n- kvm-x86-add-AVX512_4VNNIW-and-AVX512_4FMAPS-features.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Kill-unused-code.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-level.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-CPU-v.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-xleve.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Set-all-feature-words-.patch [bz#1382122]\n- kvm-target-i386-kvm_cpu_fill_host-Fill-feature-words-in-.patch [bz#1382122]\n- kvm-target-i386-kvm_check_features_against_host-Kill-fea.patch [bz#1382122]\n- kvm-target-i386-Make-TCG-feature-filtering-more-readable.patch [bz#1382122]\n- kvm-target-i386-Filter-FEAT_7_0_EBX-TCG-features-too.patch [bz#1382122]\n- kvm-target-i386-Filter-KVM-and-0xC0000001-features-on-TC.patch [bz#1382122]\n- kvm-target-i386-Define-TCG_-_FEATURES-earlier-in-cpu.c.patch [bz#1382122]\n- kvm-target-i386-Loop-based-copying-and-setting-unsetting.patch [bz#1382122]\n- kvm-target-i386-Loop-based-feature-word-filtering-in-TCG.patch [bz#1382122]\n- kvm-spice-remove-spice-experimental.h-include.patch [bz#1430606]\n- kvm-spice-replace-use-of-deprecated-API.patch [bz#1430606]\n- Resolves: bz#1368375\n ([Intel 7.4 Bug] qemu-kvm does not support '-cpu IvyBridge')\n- Resolves: bz#1382122\n ([Intel 7.4 FEAT] KVM Enable the avx512_4vnniw, avx512_4fmaps instructions in qemu)\n- Resolves: bz#1430606\n (Cant build qemu-kvm with newer spice packages)\n[1.5.3-132.el7]\n- kvm-cirrus-fix-patterncopy-checks.patch [bz#1420492]\n- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420492]\n- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420492]\n- Resolves: bz#1420492\n (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.4])\n[1.5.3-131.el7]\n- kvm-memory-Allow-access-only-upto-the-maximum-alignment-.patch [bz#1342768]\n- kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1361488]\n- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418233]\n- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418233]\n- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418233]\n- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418233]\n- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418233]\n- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418233]\n- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418233]\n- kvm-HMP-Fix-user-manual-typo-of-__com.redhat_qxl_screend.patch [bz#1419898]\n- kvm-HMP-Fix-documentation-of-__com.redhat.drive_add.patch [bz#1419898]\n- Resolves: bz#1342768\n ([Intel 7.4 Bug] qemu-kvm crashes with Linux kernel 4.6.0 or above)\n- Resolves: bz#1361488\n (system_reset should clear pending request for error (virtio-blk))\n- Resolves: bz#1418233\n (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-7.4])\n- Resolves: bz#1419898\n (Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add)\n[1.5.3-130.el7]\n- kvm-gluster-correctly-propagate-errors.patch [bz#1151859]\n- kvm-gluster-Correctly-propagate-errors-when-volume-isn-t.patch [bz#1151859]\n- kvm-block-gluster-add-support-for-selecting-debug-loggin.patch [bz#1151859]\n- Resolves: bz#1151859\n ([RFE] Allow the libgfapi logging level to be controlled.)\n[1.5.3-129.el7]\n- kvm-Update-qemu-kvm-package-Summary-and-Description.patch [bz#1378541]\n- kvm-vl-Don-t-silently-change-topology-when-all-smp-optio.patch [bz#1375507]\n- kvm-net-check-packet-payload-length.patch [bz#1398218]\n- kvm-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch [bz#1342489]\n- Resolves: bz#1342489\n (Flickering Fedora 24 Login Screen on RHEL 7)\n- Resolves: bz#1375507\n ('threads' option is overwritten if both 'sockets' and 'cores' is set on -smp)\n- Resolves: bz#1378541\n (QEMU: update package summary and description)\n- Resolves: bz#1398218\n (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-7.4])\n[1.5.3-128.el7]\n- kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1377968]\n- kvm-virtio-introduce-virtqueue_discard.patch [bz#1377968]\n- kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1377968]\n- kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1377968]\n- kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1377968]\n- kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1377968]\n- kvm-virtio-add-virtqueue_rewind.patch [bz#1377968]\n- kvm-virtio-balloon-fix-stats-vq-migration.patch [bz#1377968]\n- Resolves: bz#1377968\n ([RHEL7.3] KVM guest shuts itself down after 128th reboot)\n[1.5.3-127.el7]\n- kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch [bz#1377087]\n- kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1377087]\n- Resolves: bz#1377087\n (shutdown rhel 5.11 guest failed and stop at 'system halted')", "edition": 5, "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-1856", "href": "http://linux.oracle.com/errata/ELSA-2017-1856.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-04-28T19:19:08", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "description": "This update for kvm fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "edition": 1, "modified": "2017-04-28T21:11:21", "published": "2017-04-28T21:11:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00035.html", "id": "SUSE-SU-2017:1135-1", "title": "Security update for kvm (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-03-10T21:11:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The i6300esb watchdog emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n leak memory on the host resulting in DoS (bnc#1021129)\n\n These non-security issues were fixed:\n\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "modified": "2017-03-10T21:09:01", "published": "2017-03-10T21:09:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00007.html", "id": "SUSE-SU-2017:0661-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-02-27T19:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host\n (bsc#1024183).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307).\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host\n (bsc#1022627).\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668).\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-02-27T18:10:46", "published": "2017-02-27T18:10:46", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html", "id": "SUSE-SU-2017:0570-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-05-11T13:19:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9911"], "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589)\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491)\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix post script for qemu-guest-agent rpm to actually activate the guest\n agent at rpm install time\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed virtio interface failure (bsc#1015048)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n - Fixed uint64 property parsing and add regression tests (bsc#937125)\n\n", "edition": 1, "modified": "2017-05-11T15:09:39", "published": "2017-05-11T15:09:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00021.html", "id": "SUSE-SU-2017:1241-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-03-01T01:11:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805).\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n\n", "modified": "2017-03-01T00:33:56", "published": "2017-03-01T00:33:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html", "id": "SUSE-SU-2017:0582-1", "type": "suse", "title": "Security update for xen (important)", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-09T23:11:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9101", "CVE-2016-9776", "CVE-2016-10155", "CVE-2016-9922", "CVE-2014-8106", "CVE-2017-2615", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2016-9907", "CVE-2016-9911"], "edition": 1, "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025188)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1024186)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator\n allowed local guest users to execute arbitrary code via vectors related\n to blit regions (bsc#907805)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1022627)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014490)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014507)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1015169)\n - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS\n administrators to cause a denial of service (memory consumption and QEMU\n process crash) by repeatedly unplugging an i8255x (PRO100) NIC device\n (bsc#1013668)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013657)\n - A malicious guest could have, by frequently rebooting over extended\n periods of time, run the host system out of memory, resulting in a\n Denial of Service (DoS) (bsc#1022871)\n\n These non-security issues were fixed:\n\n - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3\n - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV\n to SP4\n\n", "modified": "2017-03-10T00:07:36", "published": "2017-03-10T00:07:36", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00006.html", "id": "SUSE-SU-2017:0647-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-15T02:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5683", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17564", "CVE-2017-11334", "CVE-2017-17565", "CVE-2017-17563", "CVE-2017-5715", "CVE-2017-18030", "CVE-2017-5898", "CVE-2018-7541", "CVE-2017-17566", "CVE-2017-15595"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks\n via side effects of speculative execution, aka "Spectre" and "Meltdown"\n attacks (bsc#1074562, bsc#1068032)\n - CVE-2018-5683: The vga_draw_text function allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) by leveraging improper memory address validation\n (bsc#1076116).\n - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS\n guest privileged users to cause a denial of service (out-of-bounds array\n access and QEMU process crash) via vectors related to negative pitch\n (bsc#1076180).\n - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS\n (unbounded recursion, stack consumption, and hypervisor crash) or\n possibly gain privileges via crafted page-table stacking (bsc#1061081)\n - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges in shadow mode by mapping a\n certain auxiliary page (bsc#1070158).\n - CVE-2017-17563: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging an incorrect\n mask for reference-count overflow checking in shadow mode (bsc#1070159).\n - CVE-2017-17564: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging incorrect error\n handling for reference counting in shadow mode (bsc#1070160).\n - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service\n (host OS crash) if shadow mode and log-dirty mode are in place, because\n of an incorrect assertion related to M2P (bsc#1070163).\n - Added missing intermediate preemption checks for guest requesting\n removal of memory. This allowed malicious guest administrator to cause\n denial of service due to the high cost of this operation (bsc#1080635).\n - Because of XEN not returning the proper error messages when\n transitioning grant tables from v2 to v1 a malicious guest was able to\n cause DoS or potentially allowed for privilege escalation as well as\n information leaks (bsc#1080662).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - Unprivileged domains could have issued well-timed writes to xenstore\n which conflict with transactions to stall progress of the control domain\n or driver domain, possibly leading to DoS (bsc#1030144, XSA-206).\n\n", "edition": 1, "modified": "2018-03-15T00:08:50", "published": "2018-03-15T00:08:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html", "id": "SUSE-SU-2018:0678-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-03-07T19:11:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481).\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589).\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491).\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix name of s390x specific sysctl configuration file to end with .conf\n (bsc#1026583)\n - XHCI fixes (bsc#977027)\n - Fixed rare race during s390x guest reboot\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n", "modified": "2017-03-07T18:10:16", "published": "2017-03-07T18:10:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00005.html", "id": "SUSE-SU-2017:0625-1", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-03-16T17:16:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-5525", "CVE-2016-10028", "CVE-2017-5898", "CVE-2016-9921", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5857"], "edition": 1, "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1023907).\n - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to\n a host memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1023073).\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure\n or privilege escalation (bsc#1023004)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to\n an OOB read issue allowing a guest user to crash the Qemu process\n instance resulting in Dos (bsc#1017081).\n - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to\n an out of bounds memory access issue allowing a guest user to crash the\n Qemu process instance on a host, resulting in DoS (bsc#1017084).\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021195).\n - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to\n a memory leakage issue allowing a guest user to leak host memory\n resulting in DoS (bsc#1021481).\n - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable\n to a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020589).\n - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to\n a memory leakage issue allowing a privileged user inside the guest to\n cause a DoS and/or potentially crash the Qemu process on the host\n (bsc#1020491).\n - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an\n OOB heap access issue allowing a privileged user inside the guest to\n crash the Qemu process resulting in DoS or potentially execute arbitrary\n code with privileges of the Qemu process on the host (bsc#1022541).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n\n These non-security issues were fixed:\n\n - Fix name of s390x specific sysctl configuration file to end with .conf\n (bsc#1026583)\n - XHCI fixes (bsc#977027)\n - Fixed rare race during s390x guest reboot\n - Fixed various inaccuracies in cirrus vga device emulation\n - Fixed cause of infrequent migration failures from bad virtio device\n state (bsc#1020928)\n - Fixed graphical update errors introduced by previous security fix\n (bsc#1016779)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-03-16T18:08:06", "published": "2017-03-16T18:08:06", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html", "id": "OPENSUSE-SU-2017:0707-1", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-24T23:20:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9503", "CVE-2016-9776", "CVE-2017-9375", "CVE-2017-7493", "CVE-2017-11334", "CVE-2017-7718", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-2615", "CVE-2017-8086", "CVE-2017-6505", "CVE-2017-14167", "CVE-2017-9330", "CVE-2017-15289", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-5898", "CVE-2017-7471", "CVE-2017-10664", "CVE-2017-10806", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-13672", "CVE-2016-9907", "CVE-2016-9911", "CVE-2017-11434", "CVE-2017-9373", "CVE-2016-9603"], "description": "This update for kvm fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n cirrus_bitblt_cputovideo failed to check the memory region, allowing for\n an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n - CVE-2017-2615: An error in the bitblt copy operation could have allowed\n a malicious guest administrator to cause an out of bounds memory access,\n possibly leading to information disclosure or privilege escalation\n (bsc#1023004)\n - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support\n was vulnerable to an infinite loop issue while receiving packets in\n 'mcf_fec_receive'. A privileged user/process inside guest could have\n used this issue to crash the Qemu process on the host leading to DoS\n (bsc#1013285)\n - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory\n leakage issue while processing packet data in 'ehci_init_transfer'. A\n guest user/process could have used this issue to leak host memory,\n resulting in DoS for the host (bsc#1014111)\n - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a\n memory leakage flaw when destroying the USB redirector in\n 'usbredir_handle_destroy'. A guest user/process could have used this\n issue to leak host memory, resulting in DoS for a host (bsc#1014109)\n - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable\n to a divide by zero issue while copying VGA data. A privileged user\n inside guest could have used this flaw to crash the process instance on\n the host, resulting in DoS (bsc#1014702)\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow allowing a privileged user inside the guest to crash\n the Qemu process resulting in DoS (bnc#1023907)\n - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a memory leakage issue allowing a privileged\n user to leak host memory resulting in DoS (bsc#1023053)\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper link following issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1020427)\n - CVE-2016-9603: A privileged user within the guest VM could have caused a\n heap overflow in the device model process, potentially escalating their\n privileges to that of the device model process (bsc#1028656)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025109)\n - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS\n users to cause a denial of service (infinite loop) via vectors involving\n the number of link endpoint list descriptors (bsc#1028184)\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper access control issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1034866)\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File\n System(9pfs) support, was vulnerable to an improper access control\n issue. It could occur while accessing virtfs metadata files in\n mapped-file security mode. A guest user could have used this flaw to\n escalate their privileges inside guest (bsc#1039495)\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions\n (bsc#1034908)\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD\n 54xx VGA Emulator support allowed privileged user inside guest to use\n this flaw to crash the Qemu process resulting in DoS or potentially\n execute arbitrary code on a host with privileges of Qemu process on the\n host (bsc#1035406)\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in\n hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a\n denial of service (memory consumption) via vectors involving the\n orig_value variable (bsc#1035950)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037242)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042159)\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host\n memory leakage issue, which allowed a privileged user inside guest to\n leak host memory resulting in DoS (bsc#1042801)\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable\n to an infinite recursive call loop issue, which allowed a privileged\n user inside guest to crash the Qemu process resulting in DoS\n (bsc#1042800)\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043296)\n * Fix privilege escalation in TCG mode (bsc#1030624)\n\n These non-security issues were fixed:\n\n - bsc#1045035: Fixed regression introduced by previous virtfs security\n fixes\n - bsc#1038396: Fixed 12 tempest tests\n - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion\n - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun\n - bsc#1049785: Make virsh dump output readable by crash\n - bsc#1015048: Fixed virtio interface failure\n - bsc#1016779: Fixed graphical update errors introduced by previous\n security fix\n - Fixed various inaccuracies in cirrus vga device emulation\n\n", "edition": 1, "modified": "2017-11-24T21:12:29", "published": "2017-11-24T21:12:29", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00037.html", "id": "SUSE-SU-2017:3084-1", "type": "suse", "title": "Security update for kvm (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-02-21T01:00:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-10155", "CVE-2017-2615", "CVE-2017-5525", "CVE-2017-5579", "CVE-2017-5898", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5931", "CVE-2017-5857"], "edition": 1, "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could potentially execute arbitrary code with privileges of QEMU process on the host, gain privileges on the host system, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.8.0-r1\"", "modified": "2017-02-21T00:00:00", "published": "2017-02-21T00:00:00", "id": "GLSA-201702-28", "href": "https://security.gentoo.org/glsa/201702-28", "title": "QEMU: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10155", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5987", "CVE-2017-6505"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2017-03-21T16:52:35", "published": "2017-03-21T16:52:35", "id": "FEDORA:D5E626091F4D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: qemu-2.6.2-7.fc24", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10155", "CVE-2016-7907", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5987", "CVE-2017-6058", "CVE-2017-6505"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2017-03-18T20:00:53", "published": "2017-03-18T20:00:53", "id": "FEDORA:1ABE36048149", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: qemu-2.7.1-4.fc25", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "description": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU \ndevice. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used \nwith Xen. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory \nsharing. A privileged attacker inside the guest could use this issue to \naccess files on the host file system outside of the shared directory and \npossibly escalate their privileges. In the default installation, when QEMU \nis used with libvirt, attackers would be isolated by the libvirt AppArmor \nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA \ndevice when being used with a VNC connection. A privileged attacker inside \nthe guest could use this issue to cause QEMU to crash, resulting in a \ndenial of service, or possibly execute arbitrary code on the host. In the \ndefault installation, when QEMU is used with libvirt, attackers would be \nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to leak \ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and \nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, \nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, \nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly \nhandled the Cirrus VGA device. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus \nVGA device. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service, or possibly execute arbitrary code \non the host. In the default installation, when QEMU is used with libvirt, \nattackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI \ndevice emulation. A privileged attacker inside the guest could use this \nissue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)", "edition": 6, "modified": "2017-04-20T00:00:00", "published": "2017-04-20T00:00:00", "id": "USN-3261-1", "href": "https://ubuntu.com/security/notices/USN-3261-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}