Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SUSE: Security Advisory (SUSE-SU-2019:0471-1)

🗓️ 19 Apr 2021 00:00:00Reported by Copyright (C) 2021 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 18 Views

Security update for the 'qemu' package in SUSE Linux Enterprise Server 12-SP

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0471-1)
25 Feb 201900:00
nessus
Tenable Nessus		SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:0435-1)
20 Feb 201900:00
nessus
Tenable Nessus		SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0457-1)
22 Feb 201900:00
nessus
Tenable Nessus		openSUSE Security Update : qemu (openSUSE-2019-254)
28 Feb 201900:00
nessus
Tenable Nessus		EulerOS Virtualization for ARM 64 3.0.3.0 : qemu-kvm (EulerOS-SA-2019-2352)
3 Dec 201900:00
nessus
Tenable Nessus		SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:0423-1)
19 Feb 201900:00
nessus
Tenable Nessus		SUSE SLES11 Security Update : kvm (SUSE-SU-2019:13962-1)
19 Feb 201900:00
nessus
Tenable Nessus		EulerOS 2.0 SP8 : qemu-kvm (EulerOS-SA-2019-1815)
27 Aug 201900:00
nessus
Tenable Nessus		SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0489-1)
27 Feb 201900:00
nessus
Tenable Nessus		Fedora 29 : 2:qemu (2019-88a98ce795)
26 Mar 201900:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2019.0471.1");
  script_cve_id("CVE-2018-16872", "CVE-2018-19364", "CVE-2018-19489", "CVE-2019-6778");
  script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
  script_version("2025-02-14T08:35:37+0000");
  script_tag(name:"last_modification", value:"2025-02-14 08:35:37 +0000 (Fri, 14 Feb 2025)");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-03-22 15:15:38 +0000 (Fri, 22 Mar 2019)");

  script_name("SUSE: Security Advisory (SUSE-SU-2019:0471-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP1)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2019:0471-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2019/suse-su-20190471-1/");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1116717");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1117275");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1119493");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1123156");
  script_xref(name:"URL", value:"https://lists.suse.com/pipermail/sle-security-updates/2019-February/005146.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'qemu' package(s) announced via the SUSE-SU-2019:0471-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for qemu fixes the following issues:

Security issue fixed:

- CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).
- CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).
- CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).
- CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).");

  script_tag(name:"affected", value:"'qemu' package(s) on SUSE Linux Enterprise Server 12-SP1.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP1") {

  if(!isnull(res = isrpmvuln(pkg:"qemu", rpm:"qemu~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-block-curl", rpm:"qemu-block-curl~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-block-rbd", rpm:"qemu-block-rbd~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-guest-agent", rpm:"qemu-guest-agent~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-ipxe", rpm:"qemu-ipxe~1.0.0~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-lang", rpm:"qemu-lang~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-ppc", rpm:"qemu-ppc~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-s390", rpm:"qemu-s390~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-seabios", rpm:"qemu-seabios~1.8.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-sgabios", rpm:"qemu-sgabios~8~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-tools", rpm:"qemu-tools~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-vgabios", rpm:"qemu-vgabios~1.8.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-x86", rpm:"qemu-x86~2.3.1~33.20.1", rls:"SLES12.0SP1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
19 Apr 2021 00:00Current
7High risk
Vulners AI Score7
CVSS24.6
CVSS35 - 7.8
EPSS0.0016
qemusecuritybuffer overflowdenial of serviceupdatesuse linux enterprise server 12-sp1
18
.json
Report