Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201812951HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2018:1295-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.975 High
EPSS
Percentile
100.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2018.1295.1");
script_cve_id("CVE-2017-5715", "CVE-2018-1064", "CVE-2018-5748");
script_tag(name:"creation_date", value:"2021-06-09 14:57:44 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-02-12 18:42:52 +0000 (Mon, 12 Feb 2018)");
script_name("SUSE: Security Advisory (SUSE-SU-2018:1295-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:1295-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20181295-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libvirt' package(s) announced via the SUSE-SU-2018:1295-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147,
bsc#1087887).
- CVE-2018-1064: Avoid denial of service reading from QEMU guest agent
(bsc#1083625).
- CVE-2018-5748: Avoid denial of service reading from QEMU monitor
(bsc#1076500).
Bug fixes:
- bsc#1025340: Use xend for nodeGetFreeMemory API.
- bsc#960742: Allow read access to script directories in libvirtd AppArmor
profile.
- bsc#936233: Introduce qemuDomainDefCheckABIStability.");
script_tag(name:"affected", value:"'libvirt' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libvirt", rpm:"libvirt~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvirt-client", rpm:"libvirt-client~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvirt-client-32bit", rpm:"libvirt-client-32bit~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvirt-doc", rpm:"libvirt-doc~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvirt-lock-sanlock", rpm:"libvirt-lock-sanlock~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libvirt-python", rpm:"libvirt-python~1.0.5.9~21.5.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:0838-1) (Spectre)
2018-03-30 00:00:00
SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1295-1) (Spectre)
2018-05-16 00:00:00
Scientific Linux Security Update : libvirt on SL7.x x86_64 (20180515)
2018-05-16 00:00:00
suse
suse
Security update for libvirt (important)
2018-03-29 12:11:46
Security update for libvirt (important)
2018-04-13 00:09:16
Security update for libvirt (important)
2018-04-03 21:08:15
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:0838-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2082-1)
2021-04-19 00:00:00
CentOS Update for libvirt CESA-2018:1396 centos7
2018-06-05 00:00:00
osv
osv
libvirt - security update
2018-03-24 00:00:00
libvirt - security update
2018-03-14 00:00:00
amd64-microcode - security update
2021-08-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libvirt affect PowerKVM
2018-07-06 23:39:30
ubuntucve
ubuntucve
CVE-2018-1064
2018-03-28 00:00:00
CVE-2018-5748
2018-01-25 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2018-05-14 00:00:00
libvirt security update
2018-06-25 00:00:00
microcode_ctl security update
2018-01-17 00:00:00
cve
cve
CVE-2018-1064
2018-03-28 18:29:00
CVE-2018-5748
2018-01-25 16:29:00
centos
centos
libvirt security update
2018-05-30 18:24:07
libvirt security update
2018-06-21 11:55:48
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:06
Denial Of Service (DoS)
2018-05-03 05:13:55
debian
debian
[SECURITY] [DLA 1315-1] libvirt security update
2018-03-24 16:24:47
[SECURITY] [DSA 4137-1] libvirt security update
2018-03-14 21:50:24
[SECURITY] [DSA 4179-1] linux-tools security update
2018-04-24 13:15:06
redhat
redhat
(RHSA-2018:1929) Low: libvirt security update
2018-06-19 02:12:46
(RHSA-2018:1396) Low: libvirt security and bug fix update
2018-05-14 12:57:03
(RHSA-2018:0035) Important: microcode_ctl security update
2018-01-04 18:28:43
redhatcve
redhatcve
CVE-2018-1064
2019-10-08 22:28:17
CVE-2018-5748
2018-01-18 06:19:50
debiancve
debiancve
CVE-2018-1064
2018-03-28 18:29:00
CVE-2018-5748
2018-01-25 16:29:00
prion
prion
Code injection
2018-03-28 18:29:00
Design/Logic Flaw
2018-01-25 16:29:00
Information disclosure
2018-01-04 13:29:00
amazon
amazon
Important: libvirt
2018-07-24 16:05:00
Important: qemu-kvm
2018-02-07 18:49:00
mageia
mageia
Updated libvirt packages fix security vulnerabilities
2018-03-02 00:27:52
Updated libvirt packages fix CVE-2018-1064
2018-03-30 00:00:32
fedora
fedora
[SECURITY] Fedora 27 Update: libvirt-3.7.0-6.fc27
2018-08-01 17:55:42
paloalto
paloalto
Meltdown and Spectre update for WildFire-500 Appliance
2018-05-15 21:35:00
ubuntu
ubuntu
libvirt update
2018-02-07 00:00:00
Intel Microcode update
2018-01-11 00:00:00
intel-microcode update
2018-03-29 00:00:00
cloudfoundry
cloudfoundry
USN-3690-2: AMD Microcode regression | Cloud Foundry
2018-07-19 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-07 06:34:12
virtuozzo
virtuozzo
threatpost
threatpost
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
2018-04-04 15:18:47
thn
thn
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.975 High
EPSS
Percentile
100.0%
Related for OPENVAS:13614125623114201812951