Description
Updates of ['linux-aws', 'linux-secure', 'cloud-init', 'linux-esx', 'libvirt', 'linux'] packages of Photon OS have been released.
Affected Package
Related
{"id": "PHSA-2020-0214", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2020-0214", "description": "Updates of ['linux-aws', 'linux-secure', 'cloud-init', 'linux-esx', 'libvirt', 'linux'] packages of Photon OS have been released.\n", "published": "2020-02-12T00:00:00", "modified": "2020-02-12T00:00:00", "epss": [{"cve": "CVE-2019-10161", "epss": 0.00045, "percentile": 0.12187, "modified": "2023-12-02"}, {"cve": "CVE-2019-10167", "epss": 0.00043, "percentile": 0.05932, "modified": "2023-12-02"}, {"cve": "CVE-2019-16234", "epss": 0.00045, "percentile": 0.12187, "modified": "2023-12-02"}, {"cve": "CVE-2020-8631", "epss": 0.00045, "percentile": 0.12058, "modified": "2023-12-02"}, {"cve": "CVE-2020-8632", "epss": 0.00045, "percentile": 0.12058, "modified": "2023-12-02"}, {"cve": "CVE-2023-34060", "epss": 0.00225, "percentile": 0.60617, "modified": "2023-11-30"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}, "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-214", "reporter": "Photon", "references": [], "cvelist": ["CVE-2019-10161", "CVE-2019-10167", "CVE-2019-16234", "CVE-2020-8631", "CVE-2020-8632", "CVE-2023-34060"], "immutableFields": [], "lastseen": "2023-12-02T18:42:19", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-10161", "ALPINE:CVE-2019-10167"]}, {"type": "amazon", "idList": ["ALAS-2021-1486", "ALAS2-2019-1274", "ALAS2-2021-1576"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:1887", "CBLMARINER:1888"]}, {"type": "centos", "idList": ["CESA-2019:1578", "CESA-2019:1579", "CESA-2020:3898"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1"]}, {"type": "cve", "idList": ["CVE-2019-10161", "CVE-2019-10167", "CVE-2019-16234", "CVE-2020-8631", "CVE-2020-8632", "CVE-2023-34060"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1832-1:19266", "DEBIAN:DLA-1832-1:B9789", "DEBIAN:DLA-2113-1:6D037", "DEBIAN:DLA-2113-1:B82D0", "DEBIAN:DSA-4469-1:052EF", "DEBIAN:DSA-4469-1:B9B08"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10161", "DEBIANCVE:CVE-2019-10167", "DEBIANCVE:CVE-2019-16234", "DEBIANCVE:CVE-2020-8631", "DEBIANCVE:CVE-2020-8632"]}, {"type": "f5", "idList": ["F5:K33846344"]}, {"type": "fedora", "idList": ["FEDORA:761BC607A42A", "FEDORA:B550461845B3"]}, {"type": "gentoo", "idList": ["GLSA-202003-18"]}, {"type": "hivepro", "idList": ["HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2"]}, {"type": "ibm", "idList": ["4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "6517637B347832011498E765C65BE043EF0D9A173ACF512B0AC29DE0F5B7280C"]}, {"type": "mageia", "idList": ["MGASA-2019-0390", "MGASA-2020-0295"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1274.NASL", "AL2_ALAS-2021-1576.NASL", "ALA_ALAS-2021-1486.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS8_RHSA-2020-4650.NASL", "CENTOS_RHSA-2019-1578.NASL", "CENTOS_RHSA-2019-1579.NASL", "CENTOS_RHSA-2020-3898.NASL", "DEBIAN_DLA-1832.NASL", "DEBIAN_DLA-2113.NASL", "DEBIAN_DSA-4469.NASL", "EULEROS_SA-2019-1724.NASL", "EULEROS_SA-2019-1774.NASL", "EULEROS_SA-2019-1796.NASL", "EULEROS_SA-2019-1957.NASL", "EULEROS_SA-2019-2020.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1286.NASL", "EULEROS_SA-2020-1304.NASL", "EULEROS_SA-2020-1356.NASL", "EULEROS_SA-2020-1373.NASL", "EULEROS_SA-2020-1519.NASL", "EULEROS_SA-2020-1751.NASL", "EULEROS_SA-2020-2209.NASL", "EULEROS_SA-2020-2333.NASL", "FEDORA_2019-9210998AAA.NASL", "FEDORA_2019-B2DFB13DAF.NASL", "GENTOO_GLSA-202003-18.NASL", "NEWSTART_CGSL_NS-SA-2019-0166_LIBVIRT.NASL", "NEWSTART_CGSL_NS-SA-2019-0173_LIBVIRT.NASL", "NEWSTART_CGSL_NS-SA-2021-0016_CLOUD-INIT.NASL", "NEWSTART_CGSL_NS-SA-2021-0062_CLOUD-INIT.NASL", "NEWSTART_CGSL_NS-SA-2021-0151_CLOUD-INIT.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2019-1672.NASL", "OPENSUSE-2019-1753.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2020-400.NASL", "ORACLELINUX_ELSA-2019-1578.NASL", "ORACLELINUX_ELSA-2019-1579.NASL", "ORACLELINUX_ELSA-2019-1580.NASL", "ORACLELINUX_ELSA-2019-4714.NASL", "ORACLELINUX_ELSA-2020-3898.NASL", "ORACLELINUX_ELSA-2020-4650.NASL", "ORACLELINUX_ELSA-2020-5804.NASL", "PHOTONOS_PHSA-2019-3_0-0032_LIBVIRT.NASL", "PHOTONOS_PHSA-2020-1_0-0276_LIBVIRT.NASL", "PHOTONOS_PHSA-2020-2_0-0214_LIBVIRT.NASL", "PHOTONOS_PHSA-2020-3_0-0058_CLOUD.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LIBVIRT.NASL", "REDHAT-RHSA-2019-1578.NASL", "REDHAT-RHSA-2019-1579.NASL", "REDHAT-RHSA-2019-1580.NASL", "REDHAT-RHSA-2019-1699.NASL", "REDHAT-RHSA-2019-1762.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-3898.NASL", "REDHAT-RHSA-2020-4650.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SL_20190620_LIBVIRT_ON_SL6_X.NASL", "SL_20190620_LIBVIRT_ON_SL7_X.NASL", "SL_20201001_CLOUD_INIT_ON_SL7_X.NASL", "SUSE_SU-2019-14097-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1599-1.NASL", "SUSE_SU-2019-1637-1.NASL", "SUSE_SU-2019-1643-1.NASL", "SUSE_SU-2019-1686-1.NASL", "SUSE_SU-2019-1690-1.NASL", "SUSE_SU-2019-2105-1.NASL", "SUSE_SU-2019-2227-1.NASL", "SUSE_SU-2019-2227-2.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0585-1.NASL", "SUSE_SU-2020-0751-1.NASL", "UBUNTU_USN-4047-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "VIRTUOZZO_VZLSA-2019-1578.NASL", "VMWARE_CLOUD_DIRECTOR_VMSA-2023-0026.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704469", "OPENVAS:1361412562310844084", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852601", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310852869", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310853087", "OPENVAS:1361412562310876563", "OPENVAS:1361412562310876565", "OPENVAS:1361412562310883069", "OPENVAS:1361412562310883070", "OPENVAS:1361412562310891832", "OPENVAS:1361412562310892113", "OPENVAS:1361412562311220191724", "OPENVAS:1361412562311220191774", "OPENVAS:1361412562311220191796", "OPENVAS:1361412562311220191957", "OPENVAS:1361412562311220192020", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201286", "OPENVAS:1361412562311220201304", "OPENVAS:1361412562311220201356", "OPENVAS:1361412562311220201373", "OPENVAS:1361412562311220201519", "OPENVAS:1361412562311220201751"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1578", "ELSA-2019-1579", "ELSA-2019-1580", "ELSA-2019-2294", "ELSA-2019-4714", "ELSA-2020-0279", "ELSA-2020-3898", "ELSA-2020-4650", "ELSA-2020-5804"]}, {"type": "osv", "idList": ["OSV:DLA-1832-1", "OSV:DLA-2113-1", "OSV:DSA-4469-1"]}, {"type": "photon", "idList": ["PHSA-2016-0006", "PHSA-2016-0007", "PHSA-2017-0001", "PHSA-2017-0002", "PHSA-2017-0003", "PHSA-2017-0004", "PHSA-2017-0005", "PHSA-2017-0006", "PHSA-2017-0007", "PHSA-2017-0008", "PHSA-2017-0010", "PHSA-2017-0016", "PHSA-2017-0022", "PHSA-2017-0026", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2017-0037", "PHSA-2017-0038", "PHSA-2017-0040", "PHSA-2017-0041", "PHSA-2017-0042", "PHSA-2017-0044", "PHSA-2017-0048", "PHSA-2017-0049", "PHSA-2017-0051", "PHSA-2017-0052", "PHSA-2017-0053", "PHSA-2017-0054", "PHSA-2017-0055", "PHSA-2017-0057", "PHSA-2017-0061", "PHSA-2017-0062", "PHSA-2017-0063", "PHSA-2017-0065", "PHSA-2017-0066", "PHSA-2017-0067", "PHSA-2017-0070", "PHSA-2017-0074", "PHSA-2017-0075", "PHSA-2017-0076", "PHSA-2017-0077", "PHSA-2017-0078", "PHSA-2017-0079", "PHSA-2017-0080", "PHSA-2017-0082", "PHSA-2017-0083", "PHSA-2017-0084", "PHSA-2017-0087", "PHSA-2017-0088", "PHSA-2017-0090", "PHSA-2017-0091", "PHSA-2017-0093", "PHSA-2017-0095", "PHSA-2018-0009", "PHSA-2018-0010", "PHSA-2018-0011", "PHSA-2018-0012", "PHSA-2018-0013", "PHSA-2018-0014", "PHSA-2018-0015", "PHSA-2018-0016", "PHSA-2018-0017", "PHSA-2018-0018", "PHSA-2018-0020", "PHSA-2018-0021", "PHSA-2018-0026", "PHSA-2018-0028", "PHSA-2018-0029", "PHSA-2018-0031", "PHSA-2018-0033", "PHSA-2018-0034", "PHSA-2018-0037", "PHSA-2018-0039", "PHSA-2018-0040", "PHSA-2018-0041", "PHSA-2018-0042", "PHSA-2018-0043", "PHSA-2018-0044", "PHSA-2018-0048", "PHSA-2018-0049", "PHSA-2018-0050", "PHSA-2018-0052", "PHSA-2018-0053", "PHSA-2018-0058", "PHSA-2018-0060", "PHSA-2018-0062", "PHSA-2018-0064", "PHSA-2018-0065", "PHSA-2018-0066", "PHSA-2018-0067", "PHSA-2018-0068", "PHSA-2018-0070", "PHSA-2018-0072", "PHSA-2018-0073", "PHSA-2018-0074", "PHSA-2018-0075", "PHSA-2018-0076", "PHSA-2018-0077", "PHSA-2018-0078", "PHSA-2018-0079", "PHSA-2018-0080", "PHSA-2018-0082", "PHSA-2018-0083", "PHSA-2018-0084", "PHSA-2018-0086", "PHSA-2018-0087", "PHSA-2018-0088", "PHSA-2018-0089", "PHSA-2018-0091", "PHSA-2018-0093", "PHSA-2018-0096", "PHSA-2018-0097", "PHSA-2018-0098", "PHSA-2018-0099", "PHSA-2018-0100", "PHSA-2018-0101", "PHSA-2018-0102", "PHSA-2018-0103", "PHSA-2018-0104", "PHSA-2018-0105", "PHSA-2018-0106", "PHSA-2018-0107", "PHSA-2018-0108", "PHSA-2018-0109", "PHSA-2018-0110", "PHSA-2018-0111", "PHSA-2018-0112", "PHSA-2018-0113", "PHSA-2018-0116", "PHSA-2018-0117", "PHSA-2018-0119", "PHSA-2018-0122", "PHSA-2018-0123", "PHSA-2018-0124", "PHSA-2018-0125", "PHSA-2018-0126", "PHSA-2018-0129", "PHSA-2018-0130", "PHSA-2018-0132", "PHSA-2018-0133", "PHSA-2018-0134", "PHSA-2018-0135", "PHSA-2018-0140", "PHSA-2018-0142", "PHSA-2018-0144", "PHSA-2018-0145", "PHSA-2018-0148", "PHSA-2018-0149", "PHSA-2018-0150", "PHSA-2018-0151", "PHSA-2018-0153", "PHSA-2018-0154", "PHSA-2018-0155", "PHSA-2018-0156", "PHSA-2018-0158", "PHSA-2018-0159", "PHSA-2018-0160", "PHSA-2018-0161", "PHSA-2018-0164", "PHSA-2018-0165", "PHSA-2018-0167", "PHSA-2018-0169", "PHSA-2018-0170", "PHSA-2018-0171", "PHSA-2018-0173", "PHSA-2018-0174", "PHSA-2018-0175", "PHSA-2018-0176", "PHSA-2018-0177", "PHSA-2018-0178", "PHSA-2018-0180", "PHSA-2018-0181", "PHSA-2018-0182", "PHSA-2018-0184", "PHSA-2018-0185", "PHSA-2018-0186", "PHSA-2018-0189", "PHSA-2018-0190", "PHSA-2018-0192", "PHSA-2018-0193", "PHSA-2018-0194", "PHSA-2018-0196", "PHSA-2018-0198", "PHSA-2018-0199", "PHSA-2018-0201", "PHSA-2019-0032", "PHSA-2019-0117", "PHSA-2019-0118", "PHSA-2019-0119", "PHSA-2019-0120", "PHSA-2019-0121", "PHSA-2019-0122", "PHSA-2019-0124", "PHSA-2019-0125", "PHSA-2019-0126", "PHSA-2019-0128", "PHSA-2019-0130", "PHSA-2019-0131", "PHSA-2019-0132", "PHSA-2019-0134", "PHSA-2019-0135", "PHSA-2019-0136", "PHSA-2019-0137", "PHSA-2019-0138", "PHSA-2019-0139", "PHSA-2019-0140", "PHSA-2019-0141", "PHSA-2019-0142", "PHSA-2019-0145", "PHSA-2019-0146", "PHSA-2019-0147", "PHSA-2019-0148", "PHSA-2019-0149", "PHSA-2019-0150", "PHSA-2019-0151", "PHSA-2019-0152", "PHSA-2019-0153", "PHSA-2019-0154", "PHSA-2019-0155", "PHSA-2019-0157", "PHSA-2019-0159", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0162", "PHSA-2019-0163", "PHSA-2019-0164", "PHSA-2019-0165", "PHSA-2019-0166", "PHSA-2019-0167", "PHSA-2019-0168", "PHSA-2019-0171", "PHSA-2019-0172", "PHSA-2019-0173", "PHSA-2019-0175", "PHSA-2019-0176", "PHSA-2019-0177", "PHSA-2019-0178", "PHSA-2019-0181", "PHSA-2019-0182", "PHSA-2019-0183", "PHSA-2019-0184", "PHSA-2019-0185", "PHSA-2019-0186", "PHSA-2019-0187", "PHSA-2019-0189", "PHSA-2019-0190", "PHSA-2019-0191", "PHSA-2019-0192", "PHSA-2019-0193", "PHSA-2019-0194", "PHSA-2019-0195", "PHSA-2019-0196", "PHSA-2019-0197", "PHSA-2019-0198", "PHSA-2019-0199", "PHSA-2019-0202", "PHSA-2019-0203", "PHSA-2019-0204", "PHSA-2019-0205", "PHSA-2019-0206", "PHSA-2019-0207", "PHSA-2019-0208", "PHSA-2019-0209", "PHSA-2019-0211", "PHSA-2019-0212", "PHSA-2019-0213", "PHSA-2019-0214", "PHSA-2019-0215", "PHSA-2019-0216", "PHSA-2019-0218", "PHSA-2019-0220", "PHSA-2019-0221", "PHSA-2019-0222", "PHSA-2019-0223", "PHSA-2019-0224", "PHSA-2019-0225", "PHSA-2019-0226", "PHSA-2019-0227", "PHSA-2019-0228", "PHSA-2019-0229", "PHSA-2019-0230", "PHSA-2019-0231", "PHSA-2019-0232", "PHSA-2019-0234", "PHSA-2019-0235", "PHSA-2019-0236", "PHSA-2019-0237", "PHSA-2019-0239", "PHSA-2019-0240", "PHSA-2019-0241", "PHSA-2019-0242", "PHSA-2019-0243", "PHSA-2019-0244", "PHSA-2019-0245", "PHSA-2019-0246", "PHSA-2019-0247", "PHSA-2019-0248", "PHSA-2019-0249", "PHSA-2019-0250", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0253", "PHSA-2019-0254", "PHSA-2019-0255", "PHSA-2019-0256", "PHSA-2019-0257", "PHSA-2019-0259", "PHSA-2019-0260", "PHSA-2019-0261", "PHSA-2019-0262", "PHSA-2019-0263", "PHSA-2019-3.0-0001", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0004", "PHSA-2019-3.0-0006", "PHSA-2019-3.0-0007", "PHSA-2019-3.0-0008", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0010", "PHSA-2019-3.0-0011", "PHSA-2019-3.0-0012", "PHSA-2019-3.0-0013", "PHSA-2019-3.0-0014", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0016", "PHSA-2019-3.0-0017", "PHSA-2019-3.0-0018", "PHSA-2019-3.0-0019", "PHSA-2019-3.0-0020", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0022", "PHSA-2019-3.0-0023", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0025", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0027", "PHSA-2019-3.0-0028", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0032", "PHSA-2019-3.0-0033", "PHSA-2019-3.0-0034", "PHSA-2019-3.0-0035", "PHSA-2019-3.0-0036", "PHSA-2019-3.0-0037", "PHSA-2019-3.0-0038", "PHSA-2019-3.0-0039", "PHSA-2019-3.0-0041", "PHSA-2019-3.0-0043", "PHSA-2019-3.0-0044", "PHSA-2019-3.0-0045", "PHSA-2019-3.0-0046", "PHSA-2020-0058", "PHSA-2020-0065", "PHSA-2020-0200", "PHSA-2020-0201", "PHSA-2020-0202", "PHSA-2020-0203", "PHSA-2020-0204", "PHSA-2020-0205", "PHSA-2020-0207", "PHSA-2020-0208", "PHSA-2020-0209", "PHSA-2020-0210", "PHSA-2020-0211", "PHSA-2020-0212", "PHSA-2020-0213", "PHSA-2020-0216", "PHSA-2020-0217", "PHSA-2020-0218", "PHSA-2020-0219", "PHSA-2020-0220", "PHSA-2020-0221", "PHSA-2020-0222", "PHSA-2020-0223", "PHSA-2020-0224", "PHSA-2020-0225", "PHSA-2020-0226", "PHSA-2020-0227", "PHSA-2020-0228", "PHSA-2020-0229", "PHSA-2020-0230", "PHSA-2020-0231", "PHSA-2020-0233", "PHSA-2020-0234", "PHSA-2020-0235", "PHSA-2020-0236", "PHSA-2020-0237", "PHSA-2020-0238", "PHSA-2020-0239", "PHSA-2020-0240", "PHSA-2020-0241", "PHSA-2020-0242", "PHSA-2020-0243", "PHSA-2020-0244", "PHSA-2020-0245", "PHSA-2020-0246", "PHSA-2020-0247", "PHSA-2020-0248", "PHSA-2020-0249", "PHSA-2020-0251", "PHSA-2020-0252", "PHSA-2020-0253", "PHSA-2020-0254", "PHSA-2020-0255", "PHSA-2020-0256", "PHSA-2020-0257", "PHSA-2020-0258", "PHSA-2020-0259", "PHSA-2020-0260", "PHSA-2020-0261", "PHSA-2020-0262", "PHSA-2020-0263", "PHSA-2020-0264", "PHSA-2020-0265", "PHSA-2020-0266", "PHSA-2020-0267", "PHSA-2020-0268", "PHSA-2020-0269", "PHSA-2020-0270", "PHSA-2020-0271", "PHSA-2020-0272", "PHSA-2020-0273", "PHSA-2020-0274", "PHSA-2020-0275", "PHSA-2020-0276", "PHSA-2020-0277", "PHSA-2020-0278", "PHSA-2020-0279", "PHSA-2020-0280", "PHSA-2020-0281", "PHSA-2020-0282", "PHSA-2020-0283", "PHSA-2020-0284", "PHSA-2020-0285", "PHSA-2020-0286", "PHSA-2020-0287", "PHSA-2020-0288", "PHSA-2020-0289", "PHSA-2020-0290", "PHSA-2020-0291", "PHSA-2020-0292", "PHSA-2020-0293", "PHSA-2020-0294", "PHSA-2020-0295", "PHSA-2020-0296", "PHSA-2020-0297", "PHSA-2020-0298", "PHSA-2020-0299", "PHSA-2020-0300", "PHSA-2020-0301", "PHSA-2020-0302", "PHSA-2020-0303", "PHSA-2020-0304", "PHSA-2020-0305", "PHSA-2020-0306", "PHSA-2020-0307", "PHSA-2020-0308", "PHSA-2020-0309", "PHSA-2020-0310", "PHSA-2020-0311", "PHSA-2020-0312", "PHSA-2020-0313", "PHSA-2020-0314", "PHSA-2020-0315", "PHSA-2020-0316", "PHSA-2020-0318", "PHSA-2020-0319", "PHSA-2020-0320", "PHSA-2020-0321", "PHSA-2020-0322", "PHSA-2020-0323", "PHSA-2020-0324", "PHSA-2020-0325", "PHSA-2020-0326", "PHSA-2020-0327", "PHSA-2020-0328", "PHSA-2020-0329", "PHSA-2020-0330", "PHSA-2020-0331", "PHSA-2020-0332", "PHSA-2020-0333", "PHSA-2020-0334", "PHSA-2020-0335", "PHSA-2020-0338", "PHSA-2020-0339", "PHSA-2020-0340", "PHSA-2020-0343", "PHSA-2020-0345", "PHSA-2020-0346", "PHSA-2020-0348", "PHSA-2020-0349", "PHSA-2020-0350", "PHSA-2020-1.0-0276", "PHSA-2020-2.0-0214", "PHSA-2020-3.0-0047", "PHSA-2020-3.0-0048", "PHSA-2020-3.0-0049", "PHSA-2020-3.0-0051", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0053", "PHSA-2020-3.0-0054", "PHSA-2020-3.0-0055", "PHSA-2020-3.0-0057", "PHSA-2020-3.0-0058", "PHSA-2020-3.0-0059", "PHSA-2020-3.0-0060", "PHSA-2020-3.0-0063", "PHSA-2020-3.0-0065", "PHSA-2020-3.0-0067", "PHSA-2020-3.0-0068", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0072", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0077", "PHSA-2020-3.0-0078", "PHSA-2020-3.0-0079", "PHSA-2020-3.0-0080", "PHSA-2020-3.0-0081", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0083", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0085", "PHSA-2020-3.0-0086", "PHSA-2020-3.0-0087", "PHSA-2020-3.0-0088", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0090", "PHSA-2020-3.0-0091", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0096", "PHSA-2020-3.0-0097", "PHSA-2020-3.0-0098", "PHSA-2020-3.0-0099", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0102", "PHSA-2020-3.0-0103", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0105", "PHSA-2020-3.0-0106", "PHSA-2020-3.0-0108", "PHSA-2020-3.0-0109", "PHSA-2020-3.0-0111", "PHSA-2020-3.0-0113", "PHSA-2020-3.0-0114", "PHSA-2020-3.0-0115", "PHSA-2020-3.0-0116", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0120", "PHSA-2020-3.0-0123", "PHSA-2020-3.0-0125", "PHSA-2020-3.0-0126", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0129", "PHSA-2020-3.0-0130", "PHSA-2020-3.0-0131", "PHSA-2020-3.0-0133", "PHSA-2020-3.0-0134", "PHSA-2020-3.0-0135", "PHSA-2020-3.0-0137", "PHSA-2020-3.0-0138", "PHSA-2020-3.0-0139", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0141", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0145", "PHSA-2020-3.0-0146", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0150", "PHSA-2020-3.0-0151", "PHSA-2020-3.0-0152", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0158", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0161", "PHSA-2020-3.0-0162", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0164", "PHSA-2020-3.0-0165", "PHSA-2020-3.0-0166", "PHSA-2020-3.0-0168", "PHSA-2020-3.0-0171", "PHSA-2020-3.0-0172", "PHSA-2020-3.0-0173", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0175", "PHSA-2020-3.0-0176", "PHSA-2020-3.0-0177", "PHSA-2020-3.0-0179", "PHSA-2020-3.0-0180", "PHSA-2021-0007", "PHSA-2021-0261", "PHSA-2021-0308", "PHSA-2021-0310", "PHSA-2021-0312", "PHSA-2021-0313", "PHSA-2021-0314", "PHSA-2021-0315", "PHSA-2021-0317", "PHSA-2021-0318", "PHSA-2021-0319", "PHSA-2021-0320", "PHSA-2021-0321", "PHSA-2021-0322", "PHSA-2021-0323", "PHSA-2021-0325", "PHSA-2021-0326", "PHSA-2021-0327", "PHSA-2021-0328", "PHSA-2021-0329", "PHSA-2021-0330", "PHSA-2021-0331", "PHSA-2021-0332", "PHSA-2021-0333", "PHSA-2021-0334", "PHSA-2021-0335", "PHSA-2021-0336", "PHSA-2021-0337", "PHSA-2021-0338", "PHSA-2021-0339", "PHSA-2021-0340", "PHSA-2021-0341", "PHSA-2021-0342", "PHSA-2021-0343", "PHSA-2021-0344", "PHSA-2021-0347", "PHSA-2021-0348", "PHSA-2021-0349", "PHSA-2021-0350", "PHSA-2021-0351", "PHSA-2021-0352", "PHSA-2021-0353", "PHSA-2021-0354", "PHSA-2021-0355", "PHSA-2021-0356", "PHSA-2021-0357", "PHSA-2021-0358", "PHSA-2021-0359", "PHSA-2021-0360", "PHSA-2021-0361", "PHSA-2021-0362", "PHSA-2021-0363", "PHSA-2021-0364", "PHSA-2021-0365", "PHSA-2021-0366", "PHSA-2021-0367", "PHSA-2021-0368", "PHSA-2021-0369", "PHSA-2021-0370", "PHSA-2021-0371", "PHSA-2021-0372", "PHSA-2021-0373", "PHSA-2021-0374", "PHSA-2021-0375", "PHSA-2021-0376", "PHSA-2021-0377", "PHSA-2021-0378", "PHSA-2021-0379", "PHSA-2021-0380", "PHSA-2021-0381", "PHSA-2021-0382", "PHSA-2021-0383", "PHSA-2021-0384", "PHSA-2021-0385", "PHSA-2021-0386", "PHSA-2021-0387", "PHSA-2021-0388", "PHSA-2021-0390", "PHSA-2021-0391", "PHSA-2021-0392", "PHSA-2021-0393", "PHSA-2021-0394", "PHSA-2021-0395", "PHSA-2021-0396", "PHSA-2021-0397", "PHSA-2021-0398", "PHSA-2021-0399", "PHSA-2021-0400", "PHSA-2021-0401", "PHSA-2021-0402", "PHSA-2021-0403", "PHSA-2021-0404", "PHSA-2021-0405", "PHSA-2021-0406", "PHSA-2021-0407", "PHSA-2021-0408", "PHSA-2021-0409", "PHSA-2021-0410", "PHSA-2021-0412", "PHSA-2021-0413", "PHSA-2021-0414", "PHSA-2021-0415", "PHSA-2021-0416", "PHSA-2021-0417", "PHSA-2021-0418", "PHSA-2021-0419", "PHSA-2021-0420", "PHSA-2021-0421", "PHSA-2021-0422", "PHSA-2021-0423", "PHSA-2021-0424", "PHSA-2021-0426", "PHSA-2021-0427", "PHSA-2021-0428", "PHSA-2021-0429", "PHSA-2021-0430", "PHSA-2021-0431", "PHSA-2021-0432", "PHSA-2021-0433", "PHSA-2021-0434", "PHSA-2021-0435", "PHSA-2021-0436", "PHSA-2021-0437", "PHSA-2021-0438", "PHSA-2021-0439", "PHSA-2021-0440", "PHSA-2021-0442", "PHSA-2021-0443", "PHSA-2021-0444", "PHSA-2021-0445", "PHSA-2021-0446", "PHSA-2021-0447", "PHSA-2021-0448", "PHSA-2021-0449", "PHSA-2021-0452", "PHSA-2021-0454", "PHSA-2021-0455", "PHSA-2021-0458", "PHSA-2021-0459", "PHSA-2021-0461", "PHSA-2021-3.0-0181", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0185", "PHSA-2021-3.0-0186", "PHSA-2021-3.0-0188", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0190", "PHSA-2021-3.0-0192", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0196", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0200", "PHSA-2021-3.0-0201", "PHSA-2021-3.0-0202", "PHSA-2021-3.0-0203", "PHSA-2021-3.0-0204", "PHSA-2021-3.0-0207", "PHSA-2021-3.0-0208", "PHSA-2021-3.0-0209", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0213", "PHSA-2021-3.0-0214", "PHSA-2021-3.0-0215", "PHSA-2021-3.0-0219", "PHSA-2021-3.0-0220", "PHSA-2021-3.0-0221", "PHSA-2021-3.0-0223", "PHSA-2021-3.0-0226", "PHSA-2021-3.0-0227", "PHSA-2021-3.0-0228", "PHSA-2021-3.0-0229", "PHSA-2021-3.0-0230", "PHSA-2021-3.0-0231", "PHSA-2021-3.0-0232", "PHSA-2021-3.0-0233", "PHSA-2021-3.0-0234", "PHSA-2021-3.0-0235", "PHSA-2021-3.0-0236", "PHSA-2021-3.0-0237", "PHSA-2021-3.0-0239", "PHSA-2021-3.0-0240", "PHSA-2021-3.0-0241", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0244", "PHSA-2021-3.0-0246", "PHSA-2021-3.0-0247", "PHSA-2021-3.0-0248", "PHSA-2021-3.0-0249", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0253", "PHSA-2021-3.0-0254", "PHSA-2021-3.0-0255", "PHSA-2021-3.0-0257", "PHSA-2021-3.0-0258", "PHSA-2021-3.0-0259", "PHSA-2021-3.0-0261", "PHSA-2021-3.0-0262", "PHSA-2021-3.0-0263", "PHSA-2021-3.0-0265", "PHSA-2021-3.0-0266", "PHSA-2021-3.0-0268", "PHSA-2021-3.0-0269", "PHSA-2021-3.0-0270", "PHSA-2021-3.0-0272", "PHSA-2021-3.0-0273", "PHSA-2021-3.0-0274", "PHSA-2021-3.0-0276", "PHSA-2021-3.0-0277", "PHSA-2021-3.0-0278", "PHSA-2021-3.0-0279", "PHSA-2021-3.0-0280", "PHSA-2021-3.0-0281", "PHSA-2021-3.0-0282", "PHSA-2021-3.0-0283", "PHSA-2021-3.0-0286", "PHSA-2021-3.0-0288", "PHSA-2021-3.0-0290", "PHSA-2021-3.0-0292", "PHSA-2021-3.0-0293", "PHSA-2021-3.0-0294", "PHSA-2021-3.0-0295", "PHSA-2021-3.0-0298", "PHSA-2021-3.0-0299", "PHSA-2021-3.0-0300", "PHSA-2021-3.0-0301", "PHSA-2021-3.0-0302", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0305", "PHSA-2021-3.0-0308", "PHSA-2021-3.0-0309", "PHSA-2021-3.0-0311", "PHSA-2021-3.0-0312", "PHSA-2021-3.0-0313", "PHSA-2021-3.0-0314", "PHSA-2021-3.0-0316", "PHSA-2021-3.0-0320", "PHSA-2021-3.0-0321", "PHSA-2021-3.0-0322", "PHSA-2021-3.0-0324", "PHSA-2021-3.0-0325", "PHSA-2021-3.0-0327", "PHSA-2021-3.0-0334", "PHSA-2021-3.0-0336", "PHSA-2021-3.0-0337", "PHSA-2021-3.0-0338", "PHSA-2021-3.0-0341", "PHSA-2021-3.0-0342", "PHSA-2021-3.0-0344", "PHSA-2021-3.0-0345", "PHSA-2021-3.0-0346", "PHSA-2021-4.0-0001", "PHSA-2021-4.0-0003", "PHSA-2021-4.0-0004", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0008", "PHSA-2021-4.0-0009", "PHSA-2021-4.0-0010", "PHSA-2021-4.0-0011", "PHSA-2021-4.0-0012", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0014", "PHSA-2021-4.0-0015", "PHSA-2021-4.0-0016", "PHSA-2021-4.0-0017", "PHSA-2021-4.0-0018", "PHSA-2021-4.0-0019", "PHSA-2021-4.0-0022", "PHSA-2021-4.0-0023", "PHSA-2021-4.0-0024", "PHSA-2021-4.0-0026", "PHSA-2021-4.0-0027", "PHSA-2021-4.0-0028", "PHSA-2021-4.0-0029", "PHSA-2021-4.0-0030", "PHSA-2021-4.0-0031", "PHSA-2021-4.0-0032", "PHSA-2021-4.0-0033", "PHSA-2021-4.0-0034", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0036", "PHSA-2021-4.0-0037", "PHSA-2021-4.0-0038", "PHSA-2021-4.0-0039", "PHSA-2021-4.0-0041", "PHSA-2021-4.0-0043", "PHSA-2021-4.0-0046", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0048", "PHSA-2021-4.0-0050", "PHSA-2021-4.0-0051", "PHSA-2021-4.0-0052", "PHSA-2021-4.0-0054", "PHSA-2021-4.0-0055", "PHSA-2021-4.0-0058", "PHSA-2021-4.0-0059", "PHSA-2021-4.0-0060", "PHSA-2021-4.0-0062", "PHSA-2021-4.0-0063", "PHSA-2021-4.0-0064", "PHSA-2021-4.0-0065", "PHSA-2021-4.0-0066", "PHSA-2021-4.0-0068", "PHSA-2021-4.0-0069", "PHSA-2021-4.0-0072", "PHSA-2021-4.0-0073", "PHSA-2021-4.0-0074", "PHSA-2021-4.0-0075", "PHSA-2021-4.0-0076", "PHSA-2021-4.0-0077", "PHSA-2021-4.0-0078", "PHSA-2021-4.0-0079", "PHSA-2021-4.0-0081", "PHSA-2021-4.0-0083", "PHSA-2021-4.0-0084", "PHSA-2021-4.0-0085", "PHSA-2021-4.0-0086", "PHSA-2021-4.0-0090", "PHSA-2021-4.0-0091", "PHSA-2021-4.0-0092", "PHSA-2021-4.0-0093", "PHSA-2021-4.0-0094", "PHSA-2021-4.0-0095", "PHSA-2021-4.0-0096", "PHSA-2021-4.0-0099", "PHSA-2021-4.0-0100", "PHSA-2021-4.0-0101", "PHSA-2021-4.0-0102", "PHSA-2021-4.0-0104", "PHSA-2021-4.0-0105", "PHSA-2021-4.0-0109", "PHSA-2021-4.0-0110", "PHSA-2021-4.0-0112", "PHSA-2021-4.0-0113", "PHSA-2021-4.0-0115", "PHSA-2021-4.0-0116", "PHSA-2021-4.0-0118", "PHSA-2021-4.0-0119", "PHSA-2021-4.0-0121", "PHSA-2021-4.0-0122", "PHSA-2021-4.0-0123", "PHSA-2021-4.0-0124", "PHSA-2021-4.0-0126", "PHSA-2021-4.0-0127", "PHSA-2021-4.0-0129", "PHSA-2021-4.0-0130", "PHSA-2021-4.0-0135", "PHSA-2021-4.0-0138", "PHSA-2021-4.0-0139", "PHSA-2021-4.0-0140", "PHSA-2021-4.0-0141", "PHSA-2022-0429", "PHSA-2022-0431", "PHSA-2022-0432", "PHSA-2022-0433", "PHSA-2022-0434", "PHSA-2022-0435", "PHSA-2022-0436", "PHSA-2022-0437", "PHSA-2022-0439", "PHSA-2022-0440", "PHSA-2022-0441", "PHSA-2022-0442", "PHSA-2022-0443", "PHSA-2022-0444", "PHSA-2022-0445", "PHSA-2022-0446", "PHSA-2022-0447", "PHSA-2022-0448", "PHSA-2022-0449", "PHSA-2022-0450", "PHSA-2022-0451", "PHSA-2022-0452", "PHSA-2022-0453", "PHSA-2022-0454", "PHSA-2022-0455", "PHSA-2022-0456", "PHSA-2022-0457", "PHSA-2022-0458", "PHSA-2022-0459", "PHSA-2022-0460", "PHSA-2022-0461", "PHSA-2022-0462", "PHSA-2022-0463", "PHSA-2022-0464", "PHSA-2022-0465", "PHSA-2022-0466", "PHSA-2022-0467", "PHSA-2022-0468", "PHSA-2022-0469", "PHSA-2022-0470", "PHSA-2022-0471", "PHSA-2022-0472", "PHSA-2022-0473", "PHSA-2022-0474", "PHSA-2022-0475", "PHSA-2022-0476", "PHSA-2022-0477", "PHSA-2022-0478", "PHSA-2022-0479", "PHSA-2022-0480", "PHSA-2022-0481", "PHSA-2022-0482", "PHSA-2022-0483", "PHSA-2022-0484", "PHSA-2022-0485", "PHSA-2022-0486", "PHSA-2022-0487", "PHSA-2022-0488", "PHSA-2022-0489", "PHSA-2022-0490", "PHSA-2022-0491", "PHSA-2022-0492", "PHSA-2022-0493", "PHSA-2022-0494", "PHSA-2022-0495", "PHSA-2022-0496", "PHSA-2022-0497", "PHSA-2022-0498", "PHSA-2022-0499", "PHSA-2022-0501", "PHSA-2022-0502", "PHSA-2022-0503", "PHSA-2022-0504", "PHSA-2022-0506", "PHSA-2022-0508", "PHSA-2022-0509", "PHSA-2022-0510", "PHSA-2022-0511", "PHSA-2022-0512", "PHSA-2022-0513", "PHSA-2022-0514", "PHSA-2022-0515", "PHSA-2022-0516", "PHSA-2022-0517", "PHSA-2022-0518", "PHSA-2022-0519", "PHSA-2022-0520", "PHSA-2022-0522", "PHSA-2022-0523", "PHSA-2022-0524", "PHSA-2022-0525", "PHSA-2022-0526", "PHSA-2022-0527", "PHSA-2022-0528", "PHSA-2022-0529", "PHSA-2022-0530", "PHSA-2022-0531", "PHSA-2022-0532", "PHSA-2022-0533", "PHSA-2022-0534", "PHSA-2022-0536", "PHSA-2022-0538", "PHSA-2022-0540", "PHSA-2022-0541", "PHSA-2022-0542", "PHSA-2022-0543", "PHSA-2022-0546", "PHSA-2022-0547", "PHSA-2022-0550", "PHSA-2022-0551", "PHSA-2022-3.0-0347", "PHSA-2022-3.0-0348", "PHSA-2022-3.0-0349", "PHSA-2022-3.0-0350", "PHSA-2022-3.0-0351", "PHSA-2022-3.0-0352", "PHSA-2022-3.0-0353", "PHSA-2022-3.0-0354", "PHSA-2022-3.0-0356", "PHSA-2022-3.0-0358", "PHSA-2022-3.0-0359", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0362", "PHSA-2022-3.0-0363", "PHSA-2022-3.0-0364", "PHSA-2022-3.0-0365", "PHSA-2022-3.0-0366", "PHSA-2022-3.0-0367", "PHSA-2022-3.0-0368", "PHSA-2022-3.0-0369", "PHSA-2022-3.0-0370", "PHSA-2022-3.0-0371", "PHSA-2022-3.0-0372", "PHSA-2022-3.0-0373", "PHSA-2022-3.0-0374", "PHSA-2022-3.0-0375", "PHSA-2022-3.0-0376", "PHSA-2022-3.0-0377", "PHSA-2022-3.0-0379", "PHSA-2022-3.0-0380", "PHSA-2022-3.0-0381", "PHSA-2022-3.0-0382", "PHSA-2022-3.0-0383", "PHSA-2022-3.0-0386", "PHSA-2022-3.0-0388", "PHSA-2022-3.0-0389", "PHSA-2022-3.0-0390", "PHSA-2022-3.0-0391", "PHSA-2022-3.0-0392", "PHSA-2022-3.0-0393", "PHSA-2022-3.0-0394", "PHSA-2022-3.0-0395", "PHSA-2022-3.0-0396", "PHSA-2022-3.0-0397", "PHSA-2022-3.0-0398", "PHSA-2022-3.0-0399", "PHSA-2022-3.0-0400", "PHSA-2022-3.0-0402", "PHSA-2022-3.0-0404", "PHSA-2022-3.0-0405", "PHSA-2022-3.0-0406", "PHSA-2022-3.0-0408", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0411", "PHSA-2022-3.0-0412", "PHSA-2022-3.0-0415", "PHSA-2022-3.0-0418", "PHSA-2022-3.0-0421", "PHSA-2022-3.0-0422", "PHSA-2022-3.0-0424", "PHSA-2022-3.0-0425", "PHSA-2022-3.0-0426", "PHSA-2022-3.0-0428", "PHSA-2022-3.0-0429", "PHSA-2022-3.0-0430", "PHSA-2022-3.0-0431", "PHSA-2022-3.0-0433", "PHSA-2022-3.0-0434", "PHSA-2022-3.0-0436", "PHSA-2022-3.0-0437", "PHSA-2022-3.0-0440", "PHSA-2022-3.0-0441", "PHSA-2022-3.0-0442", "PHSA-2022-3.0-0443", "PHSA-2022-3.0-0444", "PHSA-2022-3.0-0445", "PHSA-2022-3.0-0446", "PHSA-2022-3.0-0447", "PHSA-2022-3.0-0449", "PHSA-2022-3.0-0450", "PHSA-2022-3.0-0451", "PHSA-2022-3.0-0452", "PHSA-2022-3.0-0453", "PHSA-2022-3.0-0455", "PHSA-2022-3.0-0456", "PHSA-2022-3.0-0458", "PHSA-2022-3.0-0459", "PHSA-2022-3.0-0461", "PHSA-2022-3.0-0462", "PHSA-2022-3.0-0463", "PHSA-2022-3.0-0464", "PHSA-2022-3.0-0465", "PHSA-2022-3.0-0470", "PHSA-2022-3.0-0471", "PHSA-2022-3.0-0473", "PHSA-2022-3.0-0474", "PHSA-2022-3.0-0476", "PHSA-2022-3.0-0477", "PHSA-2022-3.0-0478", "PHSA-2022-3.0-0479", "PHSA-2022-3.0-0480", "PHSA-2022-3.0-0481", "PHSA-2022-3.0-0483", "PHSA-2022-3.0-0485", "PHSA-2022-3.0-0486", "PHSA-2022-3.0-0487", "PHSA-2022-3.0-0488", "PHSA-2022-3.0-0489", "PHSA-2022-3.0-0491", "PHSA-2022-3.0-0493", "PHSA-2022-3.0-0499", "PHSA-2022-3.0-0500", "PHSA-2022-3.0-0502", "PHSA-2022-3.0-0504", "PHSA-2022-3.0-0505", "PHSA-2022-3.0-0507", "PHSA-2022-3.0-0508", "PHSA-2022-3.0-0509", "PHSA-2022-4.0-0142", "PHSA-2022-4.0-0143", "PHSA-2022-4.0-0144", "PHSA-2022-4.0-0145", "PHSA-2022-4.0-0146", "PHSA-2022-4.0-0147", "PHSA-2022-4.0-0148", "PHSA-2022-4.0-0149", "PHSA-2022-4.0-0151", "PHSA-2022-4.0-0152", "PHSA-2022-4.0-0153", "PHSA-2022-4.0-0154", "PHSA-2022-4.0-0155", "PHSA-2022-4.0-0156", "PHSA-2022-4.0-0157", "PHSA-2022-4.0-0158", "PHSA-2022-4.0-0159", "PHSA-2022-4.0-0160", "PHSA-2022-4.0-0161", "PHSA-2022-4.0-0162", "PHSA-2022-4.0-0163", "PHSA-2022-4.0-0164", "PHSA-2022-4.0-0165", "PHSA-2022-4.0-0166", "PHSA-2022-4.0-0167", "PHSA-2022-4.0-0168", "PHSA-2022-4.0-0169", "PHSA-2022-4.0-0170", "PHSA-2022-4.0-0171", "PHSA-2022-4.0-0172", "PHSA-2022-4.0-0173", "PHSA-2022-4.0-0176", "PHSA-2022-4.0-0178", "PHSA-2022-4.0-0182", "PHSA-2022-4.0-0183", "PHSA-2022-4.0-0184", "PHSA-2022-4.0-0185", "PHSA-2022-4.0-0187", "PHSA-2022-4.0-0188", "PHSA-2022-4.0-0189", "PHSA-2022-4.0-0192", "PHSA-2022-4.0-0194", "PHSA-2022-4.0-0195", "PHSA-2022-4.0-0198", "PHSA-2022-4.0-0199", "PHSA-2022-4.0-0201", "PHSA-2022-4.0-0202", "PHSA-2022-4.0-0205", "PHSA-2022-4.0-0207", "PHSA-2022-4.0-0208", "PHSA-2022-4.0-0209", "PHSA-2022-4.0-0213", "PHSA-2022-4.0-0214", "PHSA-2022-4.0-0216", "PHSA-2022-4.0-0218", "PHSA-2022-4.0-0220", "PHSA-2022-4.0-0221", "PHSA-2022-4.0-0223", "PHSA-2022-4.0-0224", "PHSA-2022-4.0-0226", "PHSA-2022-4.0-0227", "PHSA-2022-4.0-0230", "PHSA-2022-4.0-0231", "PHSA-2022-4.0-0232", "PHSA-2022-4.0-0234", "PHSA-2022-4.0-0235", "PHSA-2022-4.0-0236", "PHSA-2022-4.0-0237", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0240", "PHSA-2022-4.0-0242", "PHSA-2022-4.0-0243", "PHSA-2022-4.0-0244", "PHSA-2022-4.0-0245", "PHSA-2022-4.0-0246", "PHSA-2022-4.0-0247", "PHSA-2022-4.0-0248", "PHSA-2022-4.0-0249", "PHSA-2022-4.0-0250", "PHSA-2022-4.0-0251", "PHSA-2022-4.0-0252", "PHSA-2022-4.0-0253", "PHSA-2022-4.0-0256", "PHSA-2022-4.0-0257", "PHSA-2022-4.0-0259", "PHSA-2022-4.0-0262", "PHSA-2022-4.0-0263", "PHSA-2022-4.0-0266", "PHSA-2022-4.0-0267", "PHSA-2022-4.0-0269", "PHSA-2022-4.0-0270", "PHSA-2022-4.0-0271", "PHSA-2022-4.0-0272", "PHSA-2022-4.0-0273", "PHSA-2022-4.0-0274", "PHSA-2022-4.0-0275", "PHSA-2022-4.0-0276", "PHSA-2022-4.0-0279", "PHSA-2022-4.0-0280", "PHSA-2022-4.0-0282", "PHSA-2022-4.0-0283", "PHSA-2022-4.0-0285", "PHSA-2022-4.0-0286", "PHSA-2022-4.0-0288", "PHSA-2022-4.0-0289", "PHSA-2022-4.0-0290", "PHSA-2022-4.0-0293", "PHSA-2022-4.0-0294", "PHSA-2022-4.0-0297", "PHSA-2022-4.0-0298", "PHSA-2022-4.0-0299", "PHSA-2022-4.0-0300", "PHSA-2022-4.0-0303", "PHSA-2022-4.0-0304", "PHSA-2022-4.0-0305", "PHSA-2023-0552", "PHSA-2023-3.0-0510", "PHSA-2023-3.0-0511", "PHSA-2023-3.0-0513", "PHSA-2023-3.0-0516", "PHSA-2023-3.0-0518", "PHSA-2023-3.0-0519", "PHSA-2023-3.0-0520", "PHSA-2023-3.0-0521", "PHSA-2023-3.0-0522", "PHSA-2023-3.0-0523", "PHSA-2023-3.0-0526", "PHSA-2023-3.0-0527", "PHSA-2023-3.0-0528", "PHSA-2023-3.0-0529", "PHSA-2023-3.0-0530", "PHSA-2023-3.0-0531", "PHSA-2023-3.0-0532", "PHSA-2023-3.0-0533", "PHSA-2023-3.0-0538", "PHSA-2023-3.0-0541", "PHSA-2023-3.0-0544", "PHSA-2023-3.0-0545", "PHSA-2023-3.0-0547", "PHSA-2023-3.0-0549", "PHSA-2023-3.0-0552", "PHSA-2023-3.0-0554", "PHSA-2023-3.0-0556", "PHSA-2023-3.0-0559", "PHSA-2023-3.0-0562", "PHSA-2023-3.0-0563", "PHSA-2023-3.0-0564", "PHSA-2023-3.0-0566", "PHSA-2023-3.0-0568", "PHSA-2023-3.0-0569", "PHSA-2023-3.0-0570", "PHSA-2023-3.0-0573", "PHSA-2023-3.0-0574", "PHSA-2023-3.0-0575", "PHSA-2023-3.0-0576", "PHSA-2023-3.0-0578", "PHSA-2023-3.0-0579", "PHSA-2023-3.0-0580", "PHSA-2023-3.0-0581", "PHSA-2023-3.0-0583", "PHSA-2023-3.0-0584", "PHSA-2023-3.0-0585", "PHSA-2023-3.0-0586", "PHSA-2023-3.0-0587", "PHSA-2023-3.0-0588", "PHSA-2023-3.0-0589", "PHSA-2023-3.0-0590", "PHSA-2023-3.0-0591", "PHSA-2023-3.0-0593", "PHSA-2023-3.0-0594", "PHSA-2023-3.0-0595", "PHSA-2023-3.0-0597", "PHSA-2023-3.0-0598", "PHSA-2023-3.0-0599", "PHSA-2023-3.0-0601", "PHSA-2023-3.0-0602", "PHSA-2023-3.0-0603", "PHSA-2023-3.0-0604", "PHSA-2023-3.0-0605", "PHSA-2023-3.0-0606", "PHSA-2023-3.0-0607", "PHSA-2023-3.0-0608", "PHSA-2023-3.0-0610", "PHSA-2023-3.0-0611", "PHSA-2023-3.0-0612", "PHSA-2023-3.0-0613", "PHSA-2023-3.0-0614", "PHSA-2023-3.0-0615", "PHSA-2023-3.0-0616", "PHSA-2023-3.0-0617", "PHSA-2023-3.0-0618", "PHSA-2023-3.0-0619", "PHSA-2023-3.0-0620", "PHSA-2023-3.0-0621", "PHSA-2023-3.0-0623", "PHSA-2023-3.0-0624", "PHSA-2023-3.0-0625", "PHSA-2023-3.0-0626", "PHSA-2023-3.0-0627", "PHSA-2023-3.0-0628", "PHSA-2023-3.0-0629", "PHSA-2023-3.0-0631", "PHSA-2023-3.0-0632", "PHSA-2023-3.0-0637", "PHSA-2023-3.0-0640", "PHSA-2023-3.0-0642", "PHSA-2023-3.0-0643", "PHSA-2023-3.0-0644", "PHSA-2023-3.0-0645", "PHSA-2023-3.0-0646", "PHSA-2023-3.0-0647", "PHSA-2023-3.0-0649", "PHSA-2023-3.0-0650", "PHSA-2023-3.0-0651", "PHSA-2023-3.0-0652", "PHSA-2023-3.0-0653", "PHSA-2023-3.0-0655", "PHSA-2023-3.0-0656", "PHSA-2023-3.0-0657", "PHSA-2023-3.0-0661", "PHSA-2023-3.0-0663", "PHSA-2023-3.0-0665", "PHSA-2023-3.0-0667", "PHSA-2023-3.0-0668", "PHSA-2023-3.0-0670", "PHSA-2023-3.0-0671", "PHSA-2023-3.0-0672", "PHSA-2023-3.0-0673", "PHSA-2023-3.0-0674", "PHSA-2023-3.0-0675", "PHSA-2023-3.0-0676", "PHSA-2023-3.0-0678", "PHSA-2023-3.0-0680", "PHSA-2023-3.0-0681", "PHSA-2023-3.0-0682", "PHSA-2023-3.0-0683", "PHSA-2023-3.0-0684", "PHSA-2023-3.0-0685", "PHSA-2023-3.0-0686", "PHSA-2023-3.0-0687", "PHSA-2023-3.0-0689", "PHSA-2023-3.0-0690", "PHSA-2023-3.0-0692", "PHSA-2023-3.0-0693", "PHSA-2023-3.0-0694", "PHSA-2023-4.0-0306", "PHSA-2023-4.0-0307", "PHSA-2023-4.0-0308", "PHSA-2023-4.0-0309", "PHSA-2023-4.0-0310", "PHSA-2023-4.0-0314", "PHSA-2023-4.0-0315", "PHSA-2023-4.0-0316", "PHSA-2023-4.0-0318", "PHSA-2023-4.0-0319", "PHSA-2023-4.0-0320", "PHSA-2023-4.0-0321", "PHSA-2023-4.0-0322", "PHSA-2023-4.0-0323", "PHSA-2023-4.0-0324", "PHSA-2023-4.0-0325", "PHSA-2023-4.0-0326", "PHSA-2023-4.0-0327", "PHSA-2023-4.0-0328", "PHSA-2023-4.0-0329", "PHSA-2023-4.0-0330", "PHSA-2023-4.0-0331", "PHSA-2023-4.0-0332", "PHSA-2023-4.0-0333", "PHSA-2023-4.0-0334", "PHSA-2023-4.0-0336", "PHSA-2023-4.0-0337", "PHSA-2023-4.0-0338", "PHSA-2023-4.0-0339", "PHSA-2023-4.0-0340", "PHSA-2023-4.0-0342", "PHSA-2023-4.0-0345", "PHSA-2023-4.0-0348", "PHSA-2023-4.0-0349", "PHSA-2023-4.0-0350", "PHSA-2023-4.0-0352", "PHSA-2023-4.0-0354", "PHSA-2023-4.0-0359", "PHSA-2023-4.0-0362", "PHSA-2023-4.0-0364", "PHSA-2023-4.0-0365", "PHSA-2023-4.0-0366", "PHSA-2023-4.0-0369", "PHSA-2023-4.0-0370", "PHSA-2023-4.0-0371", "PHSA-2023-4.0-0372", "PHSA-2023-4.0-0373", "PHSA-2023-4.0-0375", "PHSA-2023-4.0-0377", "PHSA-2023-4.0-0379", "PHSA-2023-4.0-0380", "PHSA-2023-4.0-0381", "PHSA-2023-4.0-0383", "PHSA-2023-4.0-0384", "PHSA-2023-4.0-0386", "PHSA-2023-4.0-0387", "PHSA-2023-4.0-0389", "PHSA-2023-4.0-0391", "PHSA-2023-4.0-0392", "PHSA-2023-4.0-0393", "PHSA-2023-4.0-0394", "PHSA-2023-4.0-0395", "PHSA-2023-4.0-0396", "PHSA-2023-4.0-0397", "PHSA-2023-4.0-0398", "PHSA-2023-4.0-0399", "PHSA-2023-4.0-0400", "PHSA-2023-4.0-0401", "PHSA-2023-4.0-0402", "PHSA-2023-4.0-0404", "PHSA-2023-4.0-0405", "PHSA-2023-4.0-0406", "PHSA-2023-4.0-0408", "PHSA-2023-4.0-0409", "PHSA-2023-4.0-0410", "PHSA-2023-4.0-0411", "PHSA-2023-4.0-0413", "PHSA-2023-4.0-0414", "PHSA-2023-4.0-0415", "PHSA-2023-4.0-0416", "PHSA-2023-4.0-0417", "PHSA-2023-4.0-0419", "PHSA-2023-4.0-0420", "PHSA-2023-4.0-0423", "PHSA-2023-4.0-0424", "PHSA-2023-4.0-0425", "PHSA-2023-4.0-0426", "PHSA-2023-4.0-0427", "PHSA-2023-4.0-0428", "PHSA-2023-4.0-0429", "PHSA-2023-4.0-0431", "PHSA-2023-4.0-0432", "PHSA-2023-4.0-0433", "PHSA-2023-4.0-0434", "PHSA-2023-4.0-0435", "PHSA-2023-4.0-0436", "PHSA-2023-4.0-0438", "PHSA-2023-4.0-0439", "PHSA-2023-4.0-0440", "PHSA-2023-4.0-0441", "PHSA-2023-4.0-0442", "PHSA-2023-4.0-0443", "PHSA-2023-4.0-0444", "PHSA-2023-4.0-0446", "PHSA-2023-4.0-0449", "PHSA-2023-4.0-0450", "PHSA-2023-4.0-0452", "PHSA-2023-4.0-0455", "PHSA-2023-4.0-0457", "PHSA-2023-4.0-0458", "PHSA-2023-4.0-0459", "PHSA-2023-4.0-0460", "PHSA-2023-4.0-0461", "PHSA-2023-4.0-0462", "PHSA-2023-4.0-0463", "PHSA-2023-4.0-0465", "PHSA-2023-4.0-0466", "PHSA-2023-4.0-0467", "PHSA-2023-4.0-0468", "PHSA-2023-4.0-0469", "PHSA-2023-4.0-0471", "PHSA-2023-4.0-0472", "PHSA-2023-4.0-0474", "PHSA-2023-4.0-0475", "PHSA-2023-4.0-0478", "PHSA-2023-4.0-0479", "PHSA-2023-4.0-0480", "PHSA-2023-4.0-0481", "PHSA-2023-4.0-0482", "PHSA-2023-4.0-0483", "PHSA-2023-4.0-0484", "PHSA-2023-4.0-0486", "PHSA-2023-4.0-0487", "PHSA-2023-4.0-0488", "PHSA-2023-4.0-0490", "PHSA-2023-4.0-0491", "PHSA-2023-4.0-0492", "PHSA-2023-4.0-0494", "PHSA-2023-4.0-0495", "PHSA-2023-4.0-0496", "PHSA-2023-4.0-0497", "PHSA-2023-4.0-0499", "PHSA-2023-4.0-0500", "PHSA-2023-4.0-0502", "PHSA-2023-4.0-0504", "PHSA-2023-4.0-0505", "PHSA-2023-4.0-0506", "PHSA-2023-4.0-0507", "PHSA-2023-4.0-0508", "PHSA-2023-4.0-0509", "PHSA-2023-4.0-0510", "PHSA-2023-4.0-0512", "PHSA-2023-4.0-0513", "PHSA-2023-4.0-0515", "PHSA-2023-4.0-0516", "PHSA-2023-4.0-0517", "PHSA-2023-4.0-0518", "PHSA-2023-4.0-0520", "PHSA-2023-4.0-0521", "PHSA-2023-4.0-0522", "PHSA-2023-4.0-0523", "PHSA-2023-5.0-0001", "PHSA-2023-5.0-0005", "PHSA-2023-5.0-0006", "PHSA-2023-5.0-0008", "PHSA-2023-5.0-0009", "PHSA-2023-5.0-0010", "PHSA-2023-5.0-0011", "PHSA-2023-5.0-0012", "PHSA-2023-5.0-0013", "PHSA-2023-5.0-0014", "PHSA-2023-5.0-0015", "PHSA-2023-5.0-0017", "PHSA-2023-5.0-0018", "PHSA-2023-5.0-0020", "PHSA-2023-5.0-0021", "PHSA-2023-5.0-0022", "PHSA-2023-5.0-0023", "PHSA-2023-5.0-0024", "PHSA-2023-5.0-0025", "PHSA-2023-5.0-0028", "PHSA-2023-5.0-0029", "PHSA-2023-5.0-0030", "PHSA-2023-5.0-0031", "PHSA-2023-5.0-0032", "PHSA-2023-5.0-0033", "PHSA-2023-5.0-0034", "PHSA-2023-5.0-0035", "PHSA-2023-5.0-0036", "PHSA-2023-5.0-0037", "PHSA-2023-5.0-0038", "PHSA-2023-5.0-0039", "PHSA-2023-5.0-0040", "PHSA-2023-5.0-0041", "PHSA-2023-5.0-0043", "PHSA-2023-5.0-0044", "PHSA-2023-5.0-0045", "PHSA-2023-5.0-0046", "PHSA-2023-5.0-0047", "PHSA-2023-5.0-0048", "PHSA-2023-5.0-0049", "PHSA-2023-5.0-0050", "PHSA-2023-5.0-0053", "PHSA-2023-5.0-0054", "PHSA-2023-5.0-0055", "PHSA-2023-5.0-0056", "PHSA-2023-5.0-0057", "PHSA-2023-5.0-0059", "PHSA-2023-5.0-0060", "PHSA-2023-5.0-0061", "PHSA-2023-5.0-0062", "PHSA-2023-5.0-0063", "PHSA-2023-5.0-0066", "PHSA-2023-5.0-0067", "PHSA-2023-5.0-0068", "PHSA-2023-5.0-0070", "PHSA-2023-5.0-0075", "PHSA-2023-5.0-0078", "PHSA-2023-5.0-0080", "PHSA-2023-5.0-0082", "PHSA-2023-5.0-0083", "PHSA-2023-5.0-0084", "PHSA-2023-5.0-0085", "PHSA-2023-5.0-0086", "PHSA-2023-5.0-0087", "PHSA-2023-5.0-0089", "PHSA-2023-5.0-0090", "PHSA-2023-5.0-0091", "PHSA-2023-5.0-0092", "PHSA-2023-5.0-0093", "PHSA-2023-5.0-0094", "PHSA-2023-5.0-0095", "PHSA-2023-5.0-0096", "PHSA-2023-5.0-0097", "PHSA-2023-5.0-0100", "PHSA-2023-5.0-0101", "PHSA-2023-5.0-0102", "PHSA-2023-5.0-0103", "PHSA-2023-5.0-0106", "PHSA-2023-5.0-0107", "PHSA-2023-5.0-0108", "PHSA-2023-5.0-0110", "PHSA-2023-5.0-0111", "PHSA-2023-5.0-0112", "PHSA-2023-5.0-0113", "PHSA-2023-5.0-0114", "PHSA-2023-5.0-0118", "PHSA-2023-5.0-0119", "PHSA-2023-5.0-0123", "PHSA-2023-5.0-0124", "PHSA-2023-5.0-0125", "PHSA-2023-5.0-0126", "PHSA-2023-5.0-0127", "PHSA-2023-5.0-0130", "PHSA-2023-5.0-0131", "PHSA-2023-5.0-0132", "PHSA-2023-5.0-0134", "PHSA-2023-5.0-0135", "PHSA-2023-5.0-0137", "PHSA-2023-5.0-0139", "PHSA-2023-5.0-0140", "PHSA-2023-5.0-0141", "PHSA-2023-5.0-0143", "PHSA-2023-5.0-0145", "PHSA-2023-5.0-0146", "PHSA-2023-5.0-0147", "PHSA-2023-5.0-0148", "PHSA-2023-5.0-0152", "PHSA-2023-5.0-0154", "PHSA-2023-5.0-0158", "PHSA-2023-5.0-0159", "PHSA-2023-5.0-0160"]}, {"type": "prion", "idList": ["PRION:CVE-2019-10161", "PRION:CVE-2019-10167", "PRION:CVE-2019-16234", "PRION:CVE-2020-8631", "PRION:CVE-2020-8632"]}, {"type": "redhat", "idList": ["RHSA-2019:1578", "RHSA-2019:1579", "RHSA-2019:1580", "RHSA-2019:1699", "RHSA-2019:1762", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:3898", "RHSA-2020:4650"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-10161", "RH:CVE-2019-10167", "RH:CVE-2019-16234", "RH:CVE-2020-8631", "RH:CVE-2020-8632"]}, {"type": "slackware", "idList": ["SSA-2020-086-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1672-1", "OPENSUSE-SU-2019:1753-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2020:0400-1"]}, {"type": "thn", "idList": ["THN:17D0D209B56B4709BECDD8021277421F"]}, {"type": "ubuntu", "idList": ["USN-4047-1", "USN-4047-2", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10161", "UB:CVE-2019-10167", "UB:CVE-2019-16234", "UB:CVE-2020-8631", "UB:CVE-2020-8632"]}, {"type": "veracode", "idList": ["VERACODE:20589", "VERACODE:20591", "VERACODE:20605", "VERACODE:25434", "VERACODE:27404", "VERACODE:27406"]}, {"type": "vmware", "idList": ["VMSA-2023-0026", "VMSA-2023-0026.1"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS2-2019-1274"]}, {"type": "centos", "idList": ["CESA-2019:1578", "CESA-2019:1579"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1"]}, {"type": "cve", "idList": ["CVE-2019-10161", "CVE-2019-10167"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1832-1:B9789", "DEBIAN:DLA-2113-1:6D037", "DEBIAN:DSA-4469-1:B9B08"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-8631", "DEBIANCVE:CVE-2020-8632"]}, {"type": "f5", "idList": ["F5:K33846344"]}, {"type": "fedora", "idList": ["FEDORA:761BC607A42A", "FEDORA:B550461845B3"]}, {"type": "gentoo", "idList": ["GLSA-202003-18"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-10161/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1274.NASL", "CENTOS_RHSA-2019-1578.NASL", "CENTOS_RHSA-2019-1579.NASL", "DEBIAN_DLA-2113.NASL", "DEBIAN_DSA-4469.NASL", "EULEROS_SA-2019-1724.NASL", "EULEROS_SA-2019-1774.NASL", "EULEROS_SA-2019-1796.NASL", "EULEROS_SA-2019-1957.NASL", "EULEROS_SA-2019-2020.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1519.NASL", "FEDORA_2019-9210998AAA.NASL", "FEDORA_2019-B2DFB13DAF.NASL", "GENTOO_GLSA-202003-18.NASL", "ORACLELINUX_ELSA-2020-4650.NASL", "PHOTONOS_PHSA-2019-3_0-0032_LIBVIRT.NASL", "PHOTONOS_PHSA-2020-2_0-0214_LIBVIRT.NASL", "PHOTONOS_PHSA-2020-3_0-0058_CLOUD.NASL", "SUSE_SU-2020-0585-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "VIRTUOZZO_VZLSA-2019-1578.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704469", "OPENVAS:1361412562310844084", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852601", "OPENVAS:1361412562310876563", "OPENVAS:1361412562310876565", "OPENVAS:1361412562310883069", "OPENVAS:1361412562310883070", "OPENVAS:1361412562310891832", "OPENVAS:1361412562310892113", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201519"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1578", "ELSA-2019-1579", "ELSA-2019-4714", "ELSA-2020-4650"]}, {"type": "photon", "idList": ["PHSA-2019-3.0-0032", "PHSA-2020-1.0-0276", "PHSA-2020-2.0-0214", "PHSA-2020-3.0-0058", "PHSA-2020-3.0-0065", "PHSA-2021-4.0-0007"]}, {"type": "redhat", "idList": ["RHSA-2020:1567"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-16234", "RH:CVE-2020-8631", "RH:CVE-2020-8632"]}, {"type": "slackware", "idList": ["SSA-2020-086-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1672-1", "OPENSUSE-SU-2019:1753-1", "OPENSUSE-SU-2019:2392-1"]}, {"type": "ubuntu", "idList": ["USN-4047-1", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-16234", "UB:CVE-2020-8631", "UB:CVE-2020-8632"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-10161", "epss": 0.00045, "percentile": 0.12107, "modified": "2023-05-03"}, {"cve": "CVE-2019-10167", "epss": 0.00043, "percentile": 0.05894, "modified": "2023-05-03"}, {"cve": "CVE-2019-16234", "epss": 0.00045, "percentile": 0.12107, "modified": "2023-05-03"}, {"cve": "CVE-2020-8631", "epss": 0.00045, "percentile": 0.1196, "modified": "2023-05-03"}, {"cve": "CVE-2020-8632", "epss": 0.00045, "percentile": 0.1196, "modified": "2023-05-03"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1701543334, "score": 1701543858, "epss": 0}, "_internal": {"score_hash": "f4fd5704433dda21e664c75edbf6fae0"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-sound-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-sound"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-oprofile-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-oprofile"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-secure-docs-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.2.0-7.ph2", "packageFilename": "libvirt-docs-3.2.0-7.ph2.x86_64.rpm", "operator": "lt", "packageName": "libvirt-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.2.0-7.ph2", "packageFilename": "libvirt-debuginfo-3.2.0-7.ph2.x86_64.rpm", "operator": "lt", "packageName": "libvirt-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-tools-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-tools"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.2.0-7.ph2", "packageFilename": "libvirt-3.2.0-7.ph2.x86_64.rpm", "operator": "lt", "packageName": "libvirt"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-devel-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-secure-debuginfo-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-oprofile-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-oprofile"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-debuginfo-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "noarch", "packageVersion": "0.7.9-18.ph2", "packageFilename": "cloud-init-0.7.9-18.ph2.noarch.rpm", "operator": "lt", "packageName": "cloud-init"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-secure-devel-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-secure-lkcm-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure-lkcm"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-esx-debuginfo-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "3.2.0-7.ph2", "packageFilename": "libvirt-devel-3.2.0-7.ph2.x86_64.rpm", "operator": "lt", "packageName": "libvirt-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-debuginfo-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-debuginfo"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-esx-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-esx-devel-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-drivers-gpu-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-drivers-gpu"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-esx-docs-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-esx-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-sound-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-sound"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-docs-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-docs-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-docs"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-aws-devel-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-aws-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-drivers-gpu-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-drivers-gpu"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "4.9.210-3.ph2", "packageFilename": "linux-secure-4.9.210-3.ph2.x86_64.rpm", "operator": "lt", "packageName": "linux-secure"}], "vendorCvss": {"severity": "important"}}
{"photon": [{"lastseen": "2023-12-03T06:22:10", "description": "Updates of ['linux-secure', 'cloud-init', 'linux', 'linux-esx', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-03-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0065", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16234", "CVE-2020-8631", "CVE-2023-34060"], "modified": "2020-03-03T00:00:00", "id": "PHSA-2020-3.0-0065", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-65", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T10:03:25", "description": "Updates of ['cloud-init'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-03-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0282", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2023-34060"], "modified": "2020-03-03T00:00:00", "id": "PHSA-2020-0282", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-282", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:49:25", "description": "Updates of ['cloud-init', 'linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0065", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16234", "CVE-2020-8631"], "modified": "2020-03-04T00:00:00", "id": "PHSA-2020-0065", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-65", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-02T18:13:40", "description": "Updates of ['libvirt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0261", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161", "CVE-2023-34060"], "modified": "2021-06-29T00:00:00", "id": "PHSA-2021-3.0-0261", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-261", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T06:22:15", "description": "Updates of ['ansible', 'cloud-init'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-02-15T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0058", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14864", "CVE-2020-8632", "CVE-2023-34060"], "modified": "2020-02-15T00:00:00", "id": "PHSA-2020-3.0-0058", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-58", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:42:01", "description": "Updates of ['libvirt'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0261", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161"], "modified": "2021-06-28T00:00:00", "id": "PHSA-2021-0261", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-261", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-03T20:59:17", "description": "An update of {'libvirt'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-03T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0214", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10167"], "modified": "2020-03-03T00:00:00", "id": "PHSA-2020-2.0-0214", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-214", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:49:50", "description": "Updates of ['cloud-init', 'ansible'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-15T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0058", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14864", "CVE-2020-8632"], "modified": "2020-02-15T00:00:00", "id": "PHSA-2020-0058", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-58", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-30T17:37:58", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-5.0-0143", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-5.0-0143", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T18:04:46", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0687", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-3.0-0687", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:43:36", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0512", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-4.0-0512", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T08:49:22", "description": "An update of {'libvirt', 'python3', 'nginx'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-13T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0276", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10167", "CVE-2019-20372", "CVE-2019-9674"], "modified": "2020-02-13T00:00:00", "id": "PHSA-2020-1.0-0276", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-276", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T06:23:35", "description": "Updates of ['openssl', 'curl', 'libvirt'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-3.0-0032", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168", "CVE-2019-1547", "CVE-2019-1563", "CVE-2019-5481", "CVE-2019-5482", "CVE-2023-34060"], "modified": "2019-10-04T00:00:00", "id": "PHSA-2019-3.0-0032", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-32", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T18:57:31", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0052", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0052", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-52", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T18:16:51", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-04-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0377", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22623", "CVE-2023-34060"], "modified": "2022-04-04T00:00:00", "id": "PHSA-2022-3.0-0377", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-377", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:46:55", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-21T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0434", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-21T00:00:00", "id": "PHSA-2023-4.0-0434", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-434", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:40:46", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0055", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-23T00:00:00", "id": "PHSA-2023-5.0-0055", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-55", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T18:09:03", "description": "Updates of ['shadow'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-30T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2023-3.0-0588", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29383", "CVE-2023-34060"], "modified": "2023-05-30T00:00:00", "id": "PHSA-2023-3.0-0588", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-588", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T19:16:28", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0153", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10853", "CVE-2023-34060"], "modified": "2018-06-27T00:00:00", "id": "PHSA-2018-0153", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-153", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T19:16:48", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0144", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0144", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:42:09", "description": "Updates of ['ncurses'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0024", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29491", "CVE-2023-34060"], "modified": "2023-06-13T00:00:00", "id": "PHSA-2023-5.0-0024", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:42:00", "description": "Updates of ['libX11'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0029", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-3138", "CVE-2023-34060"], "modified": "2023-06-16T00:00:00", "id": "PHSA-2023-5.0-0029", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T20:58:31", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0670", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-39323"], "modified": "2023-10-17T00:00:00", "id": "PHSA-2023-3.0-0670", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-670", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:50:35", "description": "Updates of ['harfbuzz'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0339", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-25193", "CVE-2023-34060"], "modified": "2023-02-23T00:00:00", "id": "PHSA-2023-4.0-0339", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:49:58", "description": "Updates of ['strongswan'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-30T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0366", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26463", "CVE-2023-34060"], "modified": "2023-03-30T00:00:00", "id": "PHSA-2023-4.0-0366", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-366", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T17:43:12", "description": "Updates of ['wireshark'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0521", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-6175"], "modified": "2023-11-25T00:00:00", "id": "PHSA-2023-4.0-0521", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-521", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T20:57:52", "description": "Updates of ['traceroute'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-3.0-0682", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-46316"], "modified": "2023-11-05T00:00:00", "id": "PHSA-2023-3.0-0682", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-682", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-30T20:32:52", "description": "Updates of ['krb5'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-01T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-36054"], "modified": "2023-08-01T00:00:00", "id": "PHSA-2023-5.0-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T17:33:10", "description": "Updates of ['gdb'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0050", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2023-34060"], "modified": "2023-07-15T00:00:00", "id": "PHSA-2023-5.0-0050", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-50", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:13:18", "description": "Package : libvirt\nVersion : 1.2.9-9+deb8u7\nCVE IDs : CVE-2019-10161 CVE-2019-10167\n\nTwo vulnerabilities were discovered in libvirt, an abstraction API\nfor different underlying virtualisation mechanisms provided by the\nkernel, etc.\n\n* CVE-2019-10161: Prevent an vulnerability where readonly clients\n could use the API to specify an arbitrary path which would be\n accessed with the permissions of the libvirtd process. An attacker\n with access to the libvirtd socket could use this to probe the\n existence of arbitrary files, cause a denial of service or\n otherwise cause libvirtd to execute arbitrary programs.\n\n* CVE-2019-10167: Prevent an arbitrary code execution vulnerability\n via the API where a user-specified binary used to probe the\n domain's capabilities. read-only clients could specify an\n arbitrary path for this argument, causing libvirtd to execute a\n crafted executable with its own privileges.\n\nFor Debian 8 "Jessie", these issues have been fixed in libvirt\nversion 1.2.9-9+deb8u7.\n\nWe recommend that you upgrade your libvirt packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-06-24T19:26:44", "type": "debian", "title": "[SECURITY] [DLA 1832-1] libvirt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2019-06-24T19:26:44", "id": "DEBIAN:DLA-1832-1:19266", "href": "https://lists.debian.org/debian-lts-announce/2019/06/msg00020.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T16:23:57", "description": "Package : libvirt\nVersion : 1.2.9-9+deb8u7\nCVE IDs : CVE-2019-10161 CVE-2019-10167\n\nTwo vulnerabilities were discovered in libvirt, an abstraction API\nfor different underlying virtualisation mechanisms provided by the\nkernel, etc.\n\n* CVE-2019-10161: Prevent an vulnerability where readonly clients\n could use the API to specify an arbitrary path which would be\n accessed with the permissions of the libvirtd process. An attacker\n with access to the libvirtd socket could use this to probe the\n existence of arbitrary files, cause a denial of service or\n otherwise cause libvirtd to execute arbitrary programs.\n\n* CVE-2019-10167: Prevent an arbitrary code execution vulnerability\n via the API where a user-specified binary used to probe the\n domain's capabilities. read-only clients could specify an\n arbitrary path for this argument, causing libvirtd to execute a\n crafted executable with its own privileges.\n\nFor Debian 8 "Jessie", these issues have been fixed in libvirt\nversion 1.2.9-9+deb8u7.\n\nWe recommend that you upgrade your libvirt packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-24T19:26:44", "type": "debian", "title": "[SECURITY] [DLA 1832-1] libvirt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2019-06-24T19:26:44", "id": "DEBIAN:DLA-1832-1:B9789", "href": "https://lists.debian.org/debian-lts-announce/2019/06/msg00020.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T11:26:16", "description": "Package : cloud-init\nVersion : 0.7.6~bzr976-2+deb8u1\nCVE ID : CVE-2020-8631 CVE-2020-8632\nDebian Bug : 951362 951363\n\n\nCVE-2020-8631\n\n In cloud-init, relies on Mersenne Twister for a random password,\n which makes it easier for attackers to predict passwords, because\n rand_str in cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\n In cloud-init, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small default pwlen\n value, which makes it easier for attackers to guess passwords.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-21T09:02:10", "type": "debian", "title": "[SECURITY] [DLA 2113-1] cloud-init security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-02-21T09:02:10", "id": "DEBIAN:DLA-2113-1:B82D0", "href": "https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T16:49:44", "description": "Package : cloud-init\nVersion : 0.7.6~bzr976-2+deb8u1\nCVE ID : CVE-2020-8631 CVE-2020-8632\nDebian Bug : 951362 951363\n\n\nCVE-2020-8631\n\n In cloud-init, relies on Mersenne Twister for a random password,\n which makes it easier for attackers to predict passwords, because\n rand_str in cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\n In cloud-init, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small default pwlen\n value, which makes it easier for attackers to guess passwords.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-21T09:02:10", "type": "debian", "title": "[SECURITY] [DLA 2113-1] cloud-init security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-02-21T09:02:10", "id": "DEBIAN:DLA-2113-1:6D037", "href": "https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T18:41:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4469-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 22, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvirt\nCVE ID : CVE-2019-10161 CVE-2019-10167\n\nTwo vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt's cpu map was updated to make addressing\nCVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,\nCVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting\nthe md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU\nmodels without having to fall back to host-passthrough.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.0.0-4+deb9u4.\n\nWe recommend that you upgrade your libvirt packages.\n\nFor the detailed security status of libvirt please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/libvirt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-06-22T16:55:45", "type": "debian", "title": "[SECURITY] [DSA 4469-1] libvirt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-3639", "CVE-2019-10161", "CVE-2019-10167", "CVE-2019-11091"], "modified": "2019-06-22T16:55:45", "id": "DEBIAN:DSA-4469-1:052EF", "href": "https://lists.debian.org/debian-security-announce/2019/msg00116.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T10:33:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4469-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 22, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvirt\nCVE ID : CVE-2019-10161 CVE-2019-10167\n\nTwo vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library, allowing an API client with read-only permissions\nto execute arbitrary commands via the virConnectGetDomainCapabilities\nAPI, or read or execute arbitrary files via the\nvirDomainSaveImageGetXMLDesc API.\n\nAdditionally the libvirt's cpu map was updated to make addressing\nCVE-2018-3639, CVE-2017-5753, CVE-2017-5715, CVE-2018-12126,\nCVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 easier by supporting\nthe md-clear, ssbd, spec-ctrl and ibpb CPU features when picking CPU\nmodels without having to fall back to host-passthrough.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.0.0-4+deb9u4.\n\nWe recommend that you upgrade your libvirt packages.\n\nFor the detailed security status of libvirt please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/libvirt\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-22T16:55:45", "type": "debian", "title": "[SECURITY] [DSA 4469-1] libvirt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-3639", "CVE-2019-10161", "CVE-2019-10167", "CVE-2019-11091"], "modified": "2019-06-22T16:55:45", "id": "DEBIAN:DSA-4469-1:B9B08", "href": "https://lists.debian.org/debian-security-announce/2019/msg00116.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-24T14:25:09", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1686-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1686-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126237);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191686-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce05d41a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1686=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1686=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-client-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-client-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-config-network-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-config-nwfilter-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-network-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-lxc-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-qemu-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-debugsource-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-doc-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-lock-sanlock-1.2.18.4-22.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-lock-sanlock-debuginfo-1.2.18.4-22.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-24T22:13:02", "description": "Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc.\n\n - CVE-2019-10161: Prevent an vulnerability where readonly clients could use the API to specify an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause a denial of service or otherwise cause libvirtd to execute arbitrary programs.\n\n - CVE-2019-10167: Prevent an arbitrary code execution vulnerability via the API where a user-specified binary used to probe the domain's capabilities. read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.\n\nFor Debian 8 'Jessie', these issues have been fixed in libvirt version 1.2.9-9+deb8u7.\n\nWe recommend that you upgrade your libvirt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Debian DLA-1832-1 : libvirt security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libvirt-bin", "p-cpe:/a:debian:debian_linux:libvirt-clients", "p-cpe:/a:debian:debian_linux:libvirt-daemon", "p-cpe:/a:debian:debian_linux:libvirt-daemon-system", "p-cpe:/a:debian:debian_linux:libvirt-dev", "p-cpe:/a:debian:debian_linux:libvirt-doc", "p-cpe:/a:debian:debian_linux:libvirt-sanlock", "p-cpe:/a:debian:debian_linux:libvirt0", "p-cpe:/a:debian:debian_linux:libvirt0-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1832.NASL", "href": "https://www.tenable.com/plugins/nessus/126220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1832-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126220);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-1832-1 : libvirt security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in libvirt, an abstraction API for\ndifferent underlying virtualisation mechanisms provided by the kernel,\netc.\n\n - CVE-2019-10161: Prevent an vulnerability where readonly\n clients could use the API to specify an arbitrary path\n which would be accessed with the permissions of the\n libvirtd process. An attacker with access to the\n libvirtd socket could use this to probe the existence of\n arbitrary files, cause a denial of service or otherwise\n cause libvirtd to execute arbitrary programs.\n\n - CVE-2019-10167: Prevent an arbitrary code execution\n vulnerability via the API where a user-specified binary\n used to probe the domain's capabilities. read-only\n clients could specify an arbitrary path for this\n argument, causing libvirtd to execute a crafted\n executable with its own privileges.\n\nFor Debian 8 'Jessie', these issues have been fixed in libvirt version\n1.2.9-9+deb8u7.\n\nWe recommend that you upgrade your libvirt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libvirt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-daemon-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirt0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-bin\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-clients\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-daemon\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-daemon-system\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-dev\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-doc\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt-sanlock\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt0\", reference:\"1.2.9-9+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvirt0-dbg\", reference:\"1.2.9-9+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:29", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nNon-security issues fixed: Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734).\n\nAdded support for overriding max threads per process limit (bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-libs", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2227-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128752", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2227-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128752);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nNon-security issues fixed: Fixed an issue with short bitmaps when\nsetting vcpu affinity using the vcpupin (bsc#1138734).\n\nAdded support for overriding max threads per process limit\n(bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192227-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89b5c4ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2227=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2227=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2227=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-admin-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-admin-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-client-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-hooks-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-qemu-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-debugsource-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-doc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-libs-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-libs-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-nss-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-nss-debuginfo-3.3.0-5.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:58", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nNon-security issues fixed: Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734).\n\nAdded support for overriding max threads per process limit (bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-libs", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2227-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2227-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128312);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nNon-security issues fixed: Fixed an issue with short bitmaps when\nsetting vcpu affinity using the vcpupin (bsc#1138734).\n\nAdded support for overriding max threads per process limit\n(bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192227-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70422cca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2227=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2227=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2227=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2227=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2227=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2227=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-admin-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-admin-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-client-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-client-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-config-network-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-config-nwfilter-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-interface-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-lxc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-network-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nodedev-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nwfilter-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-qemu-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-secret-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-core-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-disk-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-logical-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-hooks-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-lxc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-daemon-qemu-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-debugsource-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-doc-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-libs-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-libs-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-lock-sanlock-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-nss-3.3.0-5.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirt-nss-debuginfo-3.3.0-5.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:13", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nNon-security issue fixed: qemu: Add support for overriding max threads per process limit (bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2105-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2105-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127789", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2105-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127789);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2105-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nNon-security issue fixed: qemu: Add support for overriding max threads\nper process limit (bsc#1133719)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192105-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1577f02d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2105=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2105=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2105=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2105=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2105=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-client-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-client-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-config-network-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-interface-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-interface-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-lxc-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-network-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-network-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-qemu-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-secret-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-secret-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-storage-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-driver-storage-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-hooks-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-lxc-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-daemon-qemu-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-debugsource-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-doc-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-lock-sanlock-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-lock-sanlock-debuginfo-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-nss-2.0.0-27.61.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirt-nss-debuginfo-2.0.0-27.61.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:19", "description": "CVE-2020-8631\n\nIn cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\nIn cloud-init, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "Debian DLA-2113-1 : cloud-init security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cloud-init", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2113.NASL", "href": "https://www.tenable.com/plugins/nessus/133875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133875);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Debian DLA-2113-1 : cloud-init security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2020-8631\n\nIn cloud-init, relies on Mersenne Twister for a random password, which\nmakes it easier for attackers to predict passwords, because rand_str\nin cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\nIn cloud-init, rand_user_password in\ncloudinit/config/cc_set_passwords.py has a small default pwlen value,\nwhich makes it easier for attackers to guess passwords.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/cloud-init\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected cloud-init package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"cloud-init\", reference:\"0.7.6~bzr976-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:25", "description": "According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : cloud-init (EulerOS-SA-2020-1304)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1304.NASL", "href": "https://www.tenable.com/plugins/nessus/134795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134795);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : cloud-init (EulerOS-SA-2020-1304)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1304\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91da2494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.9-24.1.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:50", "description": "According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : cloud-init (EulerOS-SA-2020-1373)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1373.NASL", "href": "https://www.tenable.com/plugins/nessus/135502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135502);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : cloud-init (EulerOS-SA-2020-1373)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1373\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6764e061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.6-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:39", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : cloud-init (RHSA-2020:4650)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:cloud-init"], "id": "REDHAT-RHSA-2020-4650.NASL", "href": "https://www.tenable.com/plugins/nessus/142375", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4650. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142375);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:4650\");\n\n script_name(english:\"RHEL 8 : cloud-init (RHSA-2020:4650)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798731\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cloud-init\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cloud-init-19.4-11.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cloud-init-19.4-11.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cloud-init-19.4-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:27", "description": "This update for cloud-init fixes the following security issues :\n\n - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937).\n\n - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-03-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cloud-init (openSUSE-2020-400)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-04-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloud-init", "p-cpe:/a:novell:opensuse:cloud-init-config-suse", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-400.NASL", "href": "https://www.tenable.com/plugins/nessus/135005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-400.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135005);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/02\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"openSUSE Security Update : cloud-init (openSUSE-2020-400)\");\n script_summary(english:\"Check for the openSUSE-2020-400 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cloud-init fixes the following security issues :\n\n - CVE-2020-8631: Replaced the theoretically predictable\n deterministic RNG with the system RNG (bsc#1162937).\n\n - CVE-2020-8632: Increased the default random password\n length from 9 to 20 (bsc#1162936).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1162936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1162937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163178\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cloud-init packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloud-init-config-suse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cloud-init-19.4-lp151.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cloud-init-config-suse-19.4-lp151.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init / cloud-init-config-suse\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:16:34", "description": "According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2020-1286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1286.NASL", "href": "https://www.tenable.com/plugins/nessus/134778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134778);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : cloud-init (EulerOS-SA-2020-1286)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1286\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da769119\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-17.1-7.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:55", "description": "This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cloud-init-doc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0585-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134294);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0585-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic\nRNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to\n20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8632/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200585-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc76f46a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-15-2020-585=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2020-585=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cloud-init-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"cloud-init-doc-19.4-5.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"cloud-init-doc-19.4-5.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:22", "description": "According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2333.NASL", "href": "https://www.tenable.com/plugins/nessus/142288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142288);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2333\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1facdbbb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.6-4.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:45", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by multiple vulnerabilities:\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0062_CLOUD-INIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147272", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0062. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147272);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0062)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by\nmultiple vulnerabilities:\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL cloud-init packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'cloud-init-19.4-11.el8.cgslv6_2.0.2.g41d1348'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:40", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4650 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : cloud-init (ELSA-2020-4650)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:cloud-init"], "id": "ORACLELINUX_ELSA-2020-4650.NASL", "href": "https://www.tenable.com/plugins/nessus/142783", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4650.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142783);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Oracle Linux 8 : cloud-init (ELSA-2020-4650)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4650 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4650.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cloud-init\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'cloud-init-19.4-11.0.1.el8', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:16:35", "description": "This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-03-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cloud-init-doc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134854", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0751-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134854);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/25\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic\nRNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to\n20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8632/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200751-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa9a85b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-751=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-751=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cloud-init-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"cloud-init-doc-19.4-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"cloud-init-doc-19.4-8.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:55", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : cloud-init (CESA-2020:4650)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:cloud-init"], "id": "CENTOS8_RHSA-2020-4650.NASL", "href": "https://www.tenable.com/plugins/nessus/145978", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4650. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145978);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:4650\");\n\n script_name(english:\"CentOS 8 : cloud-init (CESA-2020:4650)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4650\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cloud-init\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'cloud-init-19.4-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:24", "description": "According to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. (CVE-2019-10161)\n\n - The virConnectGetDomainCapabilities() libvirt API accepts an 'emulatorbin' argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. (CVE-2019-10167)\n\n - The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs accept an 'emulator' argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.\n (CVE-2019-10168)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1957)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvirt", "p-cpe:/a:huawei:euleros:libvirt-admin", "p-cpe:/a:huawei:euleros:libvirt-client", "p-cpe:/a:huawei:euleros:libvirt-daemon", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:huawei:euleros:libvirt-daemon-kvm", "p-cpe:/a:huawei:euleros:libvirt-devel", "p-cpe:/a:huawei:euleros:libvirt-docs", "p-cpe:/a:huawei:euleros:libvirt-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1957.NASL", "href": "https://www.tenable.com/plugins/nessus/128960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128960);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-10161\",\n \"CVE-2019-10167\",\n \"CVE-2019-10168\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1957)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvirt packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - It was discovered that libvirtd would permit read-only\n clients to use the virDomainSaveImageGetXMLDesc() API,\n specifying an arbitrary path which would be accessed\n with the permissions of the libvirtd process. An\n attacker with access to the libvirtd socket could use\n this to probe the existence of arbitrary files, cause\n denial of service or cause libvirtd to execute\n arbitrary programs. (CVE-2019-10161)\n\n - The virConnectGetDomainCapabilities() libvirt API\n accepts an 'emulatorbin' argument to specify the\n program providing emulation for a domain. Since\n v1.2.19, libvirt will execute that program to probe the\n domain's capabilities. Read-only clients could specify\n an arbitrary path for this argument, causing libvirtd\n to execute a crafted executable with its own\n privileges. (CVE-2019-10167)\n\n - The virConnectBaselineHypervisorCPU() and\n virConnectCompareHypervisorCPU() libvirt APIs accept an\n 'emulator' argument to specify the program providing\n emulation for a domain. Since v1.2.19, libvirt will\n execute that program to probe the domain's\n capabilities. Read-only clients could specify an\n arbitrary path for this argument, causing libvirtd to\n execute a crafted executable with its own privileges.\n (CVE-2019-10168)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1957\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?adb0b4dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvirt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvirt-3.2.0-269\",\n \"libvirt-admin-3.2.0-269\",\n \"libvirt-client-3.2.0-269\",\n \"libvirt-daemon-3.2.0-269\",\n \"libvirt-daemon-config-network-3.2.0-269\",\n \"libvirt-daemon-config-nwfilter-3.2.0-269\",\n \"libvirt-daemon-driver-interface-3.2.0-269\",\n \"libvirt-daemon-driver-network-3.2.0-269\",\n \"libvirt-daemon-driver-nodedev-3.2.0-269\",\n \"libvirt-daemon-driver-nwfilter-3.2.0-269\",\n \"libvirt-daemon-driver-qemu-3.2.0-269\",\n \"libvirt-daemon-driver-secret-3.2.0-269\",\n \"libvirt-daemon-driver-storage-3.2.0-269\",\n \"libvirt-daemon-driver-storage-core-3.2.0-269\",\n \"libvirt-daemon-driver-storage-disk-3.2.0-269\",\n \"libvirt-daemon-driver-storage-iscsi-3.2.0-269\",\n \"libvirt-daemon-driver-storage-logical-3.2.0-269\",\n \"libvirt-daemon-driver-storage-mpath-3.2.0-269\",\n \"libvirt-daemon-driver-storage-scsi-3.2.0-269\",\n \"libvirt-daemon-kvm-3.2.0-269\",\n \"libvirt-devel-3.2.0-269\",\n \"libvirt-docs-3.2.0-269\",\n \"libvirt-libs-3.2.0-269\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:15", "description": "According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:libvirt-client", "p-cpe:/a:huawei:euleros:libvirt", "p-cpe:/a:huawei:euleros:libvirt-daemon", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage", "p-cpe:/a:huawei:euleros:libvirt-daemon-kvm", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:huawei:euleros:libvirt-libs"], "id": "EULEROS_SA-2019-1796.NASL", "href": "https://www.tenable.com/plugins/nessus/128088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128088);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-10161\",\n \"CVE-2019-10166\",\n \"CVE-2019-10167\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvirt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libvirt: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to\n readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via\n virConnectGetDomainCapabilities API (CVE-2019-10167)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1796\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17ff74c4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvirt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvirt-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-client-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-config-network-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-config-nwfilter-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-interface-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-lxc-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-network-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-nodedev-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-nwfilter-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-qemu-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-secret-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-core-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-disk-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-gluster-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-iscsi-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-logical-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-mpath-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-rbd-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-driver-storage-scsi-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-daemon-kvm-3.9.0-14.7.h4.eulerosv2r7\",\n \"libvirt-libs-3.9.0-14.7.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:47", "description": "According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2019-2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167", "CVE-2019-3840"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvirt", "p-cpe:/a:huawei:euleros:libvirt-client", "p-cpe:/a:huawei:euleros:libvirt-daemon", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage", "p-cpe:/a:huawei:euleros:libvirt-daemon-kvm", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/129213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129213);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-10161\",\n \"CVE-2019-10167\",\n \"CVE-2019-3840\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2019-2020)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvirt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libvirt: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: arbitrary command execution via\n virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: NULL pointer dereference after running\n qemuAgentCommand in qemuAgentGetInterfaces\n function(CVE-2019-3840)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2020\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a28a18b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvirt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvirt-2.0.0-10.10.h7\",\n \"libvirt-client-2.0.0-10.10.h7\",\n \"libvirt-daemon-2.0.0-10.10.h7\",\n \"libvirt-daemon-config-network-2.0.0-10.10.h7\",\n \"libvirt-daemon-config-nwfilter-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-interface-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-lxc-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-network-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-nodedev-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-nwfilter-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-qemu-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-secret-2.0.0-10.10.h7\",\n \"libvirt-daemon-driver-storage-2.0.0-10.10.h7\",\n \"libvirt-daemon-kvm-2.0.0-10.10.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:12", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-libs"], "id": "SUSE_SU-2019-1599-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1599-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126154);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML\nwhich could have been used to alter the domain's config used for\nmanagedsave or execute arbitrary emulator binaries (bsc#1138302).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191599-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b347a17f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1599=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1599=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1599=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-admin-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-admin-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-client-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-client-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-config-network-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-config-nwfilter-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-interface-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-interface-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-lxc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-network-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-network-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-nodedev-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-nwfilter-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-qemu-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-secret-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-secret-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-core-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-disk-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-iscsi-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-logical-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-mpath-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-scsi-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-hooks-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-lxc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-daemon-qemu-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-debugsource-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-doc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-libs-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-libs-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-lock-sanlock-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-lock-sanlock-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-nss-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirt-nss-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-admin-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-admin-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-client-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-qemu-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-debugsource-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-doc-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-libs-4.0.0-8.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-libs-debuginfo-4.0.0-8.15.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:46", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\n - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302).\n\n - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nOther issue addressed :\n\n - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libvirt (openSUSE-2019-1672)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirt", "p-cpe:/a:novell:opensuse:libvirt-admin", "p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client", "p-cpe:/a:novell:opensuse:libvirt-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-network", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-hooks", "p-cpe:/a:novell:opensuse:libvirt-daemon-lxc", "p-cpe:/a:novell:opensuse:libvirt-daemon-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-uml", "p-cpe:/a:novell:opensuse:libvirt-daemon-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-xen", "p-cpe:/a:novell:opensuse:libvirt-debugsource", "p-cpe:/a:novell:opensuse:libvirt-devel", "p-cpe:/a:novell:opensuse:libvirt-devel-32bit", "p-cpe:/a:novell:opensuse:libvirt-libs", "p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-nss", "p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo", "p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt", "p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1672.NASL", "href": "https://www.tenable.com/plugins/nessus/126372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1672.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126372);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-2019-1672)\");\n script_summary(english:\"Check for the openSUSE-2019-1672 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API\n which could accept a path parameter pointing anywhere on\n the system and potentially leading to execution of a\n malicious file with root privileges by libvirtd\n (bsc#1138301).\n\n - CVE-2019-10166: Fixed an issue with\n virDomainManagedSaveDefineXML which could have been used\n to alter the domain's config used for managedsave or\n execute arbitrary emulator binaries (bsc#1138302).\n\n - CVE-2019-10167: Fixed an issue with\n virConnectGetDomainCapabilities API which could have\n been used to execute arbitrary emulators (bsc#1138303).\n\nOther issue addressed :\n\n - spec: add systemd-container dependency to qemu and lxc\n drivers (bsc#1136109).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-admin-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-admin-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-client-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-client-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-config-network-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-config-nwfilter-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-interface-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-interface-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-lxc-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-lxc-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-network-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-network-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nodedev-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-qemu-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-qemu-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-secret-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-secret-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-core-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-disk-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-iscsi-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-logical-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-mpath-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-scsi-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-uml-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-uml-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-vbox-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-driver-vbox-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-hooks-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-lxc-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-qemu-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-uml-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-daemon-vbox-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-debugsource-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-devel-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-libs-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-libs-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-lock-sanlock-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-lock-sanlock-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-nss-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libvirt-nss-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wireshark-plugin-libvirt-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wireshark-plugin-libvirt-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-4.0.0-lp150.7.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-4.0.0-lp150.7.18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-admin-debuginfo / libvirt-client / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:31", "description": "According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10167", "CVE-2019-3840"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvirt", "p-cpe:/a:huawei:euleros:libvirt-client", "p-cpe:/a:huawei:euleros:libvirt-daemon", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret", "p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage", "p-cpe:/a:huawei:euleros:libvirt-daemon-kvm", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1724.NASL", "href": "https://www.tenable.com/plugins/nessus/126852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126852);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-10161\",\n \"CVE-2019-10167\",\n \"CVE-2019-3840\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libvirt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libvirt: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: arbitrary command execution via\n virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: NULL pointer dereference after running\n qemuAgentCommand in qemuAgentGetInterfaces\n function(CVE-2019-3840)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1724\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1920901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvirt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvirt-2.0.0-10.10.h3\",\n \"libvirt-client-2.0.0-10.10.h3\",\n \"libvirt-daemon-2.0.0-10.10.h3\",\n \"libvirt-daemon-config-network-2.0.0-10.10.h3\",\n \"libvirt-daemon-config-nwfilter-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-interface-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-lxc-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-network-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-nodedev-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-nwfilter-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-qemu-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-secret-2.0.0-10.10.h3\",\n \"libvirt-daemon-driver-storage-2.0.0-10.10.h3\",\n \"libvirt-daemon-kvm-2.0.0-10.10.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:50", "description": "This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301).\n\nCVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303).\n\nOther issue addressed: spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1637-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-admin", "p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-devel", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-libs", "p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-nss", "p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo", "p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt", "p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1637-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1637-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126165);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1637-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvirt fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could\naccept a path parameter pointing anywhere on the system and\npotentially leading to execution of a malicious file with root\nprivileges by libvirtd (bsc#1138301).\n\nCVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML\nwhich could have been used to alter the domain's config used for\nmanagedsave or execute arbitrary emulator binaries (bsc#1138302).\n\nCVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities\nAPI which could have been used to execute arbitrary emulators\n(bsc#1138303).\n\nOther issue addressed: spec: add systemd-container dependency to qemu\nand lxc drivers (bsc#1136109).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191637-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e9e2fca\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-1637=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1637=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1637=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-plugin-libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-admin-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-admin-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-client-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-client-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-config-network-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-config-nwfilter-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-interface-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-interface-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-lxc-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-network-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-network-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-nodedev-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-nwfilter-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-qemu-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-secret-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-secret-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-core-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-disk-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-iscsi-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-logical-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-mpath-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-scsi-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-hooks-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-lxc-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-daemon-qemu-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-debugsource-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-devel-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-doc-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-libs-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-libs-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-lock-sanlock-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-lock-sanlock-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-nss-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirt-nss-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wireshark-plugin-libvirt-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wireshark-plugin-libvirt-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libvirt-debugsource-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libvirt-libs-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libvirt-libs-debuginfo-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wireshark-plugin-libvirt-4.0.0-9.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wireshark-plugin-libvirt-debuginfo-4.0.0-9.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:52", "description": "Security Fix(es) :\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:cloud-init", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_CLOUD_INIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141687);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - cloud-init: Use of random.choice when generating random\n password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in\n cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\n - cloud-init: default configuration disabled deletion of\n SSH host keys (CVE-2018-10896)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=16932\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4320c788\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected cloud-init package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cloud-init-19.4-7.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:32", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by multiple vulnerabilities:\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0016_CLOUD-INIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147387", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0016. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147387);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are\naffected by multiple vulnerabilities:\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL cloud-init packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'cloud-init-19.4-7.el7.2.cgslv5.0.3.g204af97'\n ],\n 'CGSL MAIN 5.04': [\n 'cloud-init-19.4-7.el7.2.cgslv5.0.3.g204af97'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:01:43", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1576 advisory.\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : cloud-init (ALAS-2021-1576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:cloud-init", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1576.NASL", "href": "https://www.tenable.com/plugins/nessus/144795", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1576.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144795);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"ALAS\", value:\"2021-1576\");\n\n script_name(english:\"Amazon Linux 2 : cloud-init (ALAS-2021-1576)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2021-1576 advisory.\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1576.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update cloud-init' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'cloud-init-19.3-4.amzn2', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:33", "description": "The version of cloud-init installed on the remote host is prior to 0.7.6-43.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1486 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : cloud-init (ALAS-2021-1486)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2021-3429"], "modified": "2021-03-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:cloud-init", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1486.NASL", "href": "https://www.tenable.com/plugins/nessus/147917", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1486.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147917);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/20\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\", \"CVE-2021-3429\");\n script_xref(name:\"ALAS\", value:\"2021-1486\");\n\n script_name(english:\"Amazon Linux AMI : cloud-init (ALAS-2021-1486)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of cloud-init installed on the remote host is prior to 0.7.6-43.23. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1486 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1486.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3429\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update cloud-init' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'cloud-init-0.7.6-43.23.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:45:43", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3898 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : cloud-init (ELSA-2020-3898)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:cloud-init"], "id": "ORACLELINUX_ELSA-2020-3898.NASL", "href": "https://www.tenable.com/plugins/nessus/180994", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3898.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180994);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Oracle Linux 7 : cloud-init (ELSA-2020-3898)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-3898 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-3898.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cloud-init\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'cloud-init-19.4-7.0.3.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'cloud-init-19.4-7.0.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:04", "description": "According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.(CVE-2019-0816)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2020-1751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0816", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1751.NASL", "href": "https://www.tenable.com/plugins/nessus/137970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137970);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-0816\",\n \"CVE-2020-8631\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2020-1751)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A security feature bypass exists in Azure SSH Keypairs,\n due to a change in the provisioning logic for some\n Linux images that use cloud-init, aka 'Azure SSH\n Keypairs Security Feature Bypass\n Vulnerability'.(CVE-2019-0816)\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1751\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e01d2b16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.9-24.1.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:22:51", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : cloud-init (RHSA-2020:3898)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:cloud-init"], "id": "REDHAT-RHSA-2020-3898.NASL", "href": "https://www.tenable.com/plugins/nessus/141025", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3898. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141025);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:3898\");\n\n script_name(english:\"RHEL 7 : cloud-init (RHSA-2020:3898)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1598831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798731\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(321, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cloud-init\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:04", "description": "The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : cloud-init (CESA-2020:3898)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2022-08-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cloud-init", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-3898.NASL", "href": "https://www.tenable.com/plugins/nessus/141635", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3898 and\n# CentOS Errata and Security Advisory 2020:3898 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141635);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/25\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:3898\");\n\n script_name(english:\"CentOS 7 : cloud-init (CESA-2020:3898)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012666.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c68172ec\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/321.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(321, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'cloud-init-19.4-7.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = TRUE;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:32", "description": "According to the versions of the cloud-init package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts.Security Fix(es):cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.(CVE-2019-0816)In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : cloud-init (EulerOS-SA-2020-1519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0816", "CVE-2020-8631", "CVE-2020-8632"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1519.NASL", "href": "https://www.tenable.com/plugins/nessus/136222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136222);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2019-0816\",\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : cloud-init (EulerOS-SA-2020-1519)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Cloud-init is a set of init scripts for cloud\n instances. Cloud instances need special scripts to run\n during initialization to retrieve and install ssh keys\n and to let the user run various scripts.Security\n Fix(es):cloud-init through 19.4 relies on Mersenne\n Twister for a random password, which makes it easier\n for attackers to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)A security feature bypass\n exists in Azure SSH Keypairs, due to a change in the\n provisioning logic for some Linux images that use\n cloud-init, aka 'Azure SSH Keypairs Security Feature\n Bypass Vulnerability'.(CVE-2019-0816)In cloud-init\n through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1519\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?761b8043\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.9-24.1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:11", "description": "Security Fix(es) :\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nBug Fix(es) :\n\n - Live migration fail with unsafe error when GPFS is used as shared filesystem", "cvss3": {}, "published": "2019-06-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libvirt", "p-cpe:/a:fermilab:scientific_linux:libvirt-admin", "p-cpe:/a:fermilab:scientific_linux:libvirt-bash-completion", "p-cpe:/a:fermilab:scientific_linux:libvirt-client", "p-cpe:/a:fermilab:scientific_linux:libvirt-nss", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libvirt-devel", "p-cpe:/a:fermilab:scientific_linux:libvirt-docs", "p-cpe:/a:fermilab:scientific_linux:libvirt-libs", "p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock", "p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell"], "id": "SL_20190620_LIBVIRT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/126091", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126091);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\");\n\n script_name(english:\"Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - libvirt: arbitrary file read/exec via\n virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to\n readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via\n virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: arbitrary command execution via\n virConnectBaselineHypervisorCPU and\n virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nBug Fix(es) :\n\n - Live migration fail with unsafe error when GPFS is used\n as shared filesystem\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=8633\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12992c86\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-debuginfo-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.el7_6.12\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:04", "description": "From Red Hat Security Advisory 2019:1579 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867)", "cvss3": {}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : libvirt (ELSA-2019-1579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-daemon-lxc", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-login-shell", "p-cpe:/a:oracle:linux:libvirt-nss", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1579.NASL", "href": "https://www.tenable.com/plugins/nessus/126141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1579 and \n# Oracle Linux Security Advisory ELSA-2019-1579 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126141);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\");\n script_xref(name:\"RHSA\", value:\"2019:1579\");\n\n script_name(english:\"Oracle Linux 7 : libvirt (ELSA-2019-1579)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1579 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc\nAPI (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly\nclients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via\nvirConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via\nvirConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU\nAPIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared\nfilesystem (BZ#1715867)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008855.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.0.1.el7_6.12\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.0.1.el7_6.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:44", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867)", "cvss3": {}, "published": "2019-06-21T00:00:00", "type": "nessus", "title": "CentOS 7 : libvirt (CESA-2019:1579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-admin", "p-cpe:/a:centos:centos:libvirt-bash-completion", "p-cpe:/a:centos:centos:libvirt-client", "p-cpe:/a:centos:centos:libvirt-daemon", "p-cpe:/a:centos:centos:libvirt-daemon-config-network", "p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-interface", "p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc", "p-cpe:/a:centos:centos:libvirt-daemon-driver-network", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu", "p-cpe:/a:centos:centos:libvirt-daemon-driver-secret", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:centos:centos:libvirt-daemon-kvm", "p-cpe:/a:centos:centos:libvirt-daemon-lxc", "p-cpe:/a:centos:centos:libvirt-devel", "p-cpe:/a:centos:centos:libvirt-docs", "p-cpe:/a:centos:centos:libvirt-libs", "p-cpe:/a:centos:centos:libvirt-lock-sanlock", "p-cpe:/a:centos:centos:libvirt-login-shell", "p-cpe:/a:centos:centos:libvirt-nss", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1579.NASL", "href": "https://www.tenable.com/plugins/nessus/126076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1579 and \n# CentOS Errata and Security Advisory 2019:1579 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126076);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\");\n script_xref(name:\"RHSA\", value:\"2019:1579\");\n\n script_name(english:\"CentOS 7 : libvirt (CESA-2019:1579)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc\nAPI (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly\nclients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via\nvirConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via\nvirConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU\nAPIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared\nfilesystem (BZ#1715867)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023336.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8343cb31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10161\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.12\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-10.el7_6.12\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:39", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867)", "cvss3": {}, "published": "2019-06-21T00:00:00", "type": "nessus", "title": "RHEL 7 : libvirt (RHSA-2019:1579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1579.NASL", "href": "https://www.tenable.com/plugins/nessus/126087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1579. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126087);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\");\n script_xref(name:\"RHSA\", value:\"2019:1579\");\n\n script_name(english:\"RHEL 7 : libvirt (RHSA-2019:1579)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc\nAPI (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly\nclients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via\nvirConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via\nvirConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU\nAPIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Live migration fail with unsafe error when GPFS is used as shared\nfilesystem (BZ#1715867)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10168\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1579\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-admin-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-client-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-debuginfo-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-devel-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-docs-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-libs-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-4.5.0-10.el7_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-nss-4.5.0-10.el7_6.12\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:23", "description": "An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-21T00:00:00", "type": "nessus", "title": "RHEL 8 : virt:rhel (RHSA-2019:1580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:slof", "p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:hivex-debugsource", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:netcf", "p-cpe:/a:redhat:enterprise_linux:netcf-debugsource", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-guestfs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-virt", "p-cpe:/a:redhat:enterprise_linux:perl-sys-virt-debugsource", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:supermin-debugsource", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter"], "id": "REDHAT-RHSA-2019-1580.NASL", "href": "https://www.tenable.com/plugins/nessus/126088", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1580. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126088);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2019-10161\", \"CVE-2019-10166\", \"CVE-2019-10167\", \"CVE-2019-10168\");\n script_xref(name:\"RHSA\", value:\"2019:1580\");\n\n script_name(english:\"RHEL 8 : virt:rhel (RHSA-2019:1580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nSecurity Fix(es) :\n\n* libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc\nAPI (CVE-2019-10161)\n\n* libvirt: virDomainManagedSaveDefineXML API exposed to readonly\nclients (CVE-2019-10166)\n\n* libvirt: arbitrary command execution via\nvirConnectGetDomainCapabilities API (CVE-2019-10167)\n\n* libvirt: arbitrary command execution via\nvirConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU\nAPIs (CVE-2019-10168)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10168\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10161\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:rhel': [\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-xfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0.z+3418+a72cf898.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-python-debugsource-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'lua-guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-bash-completion-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0.z+3418+a72cf898.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ruby-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'seabios-1.11.1-3.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'seabios-bin-1.11.1-3.module+el8.0.0.z+3418+a72cf898', 'release':'8'},\n {'reference':'seavgabios-bin-1.11.1-3.module+el8.0.0.z+3418+a72cf898', 'release':'8'},\n {'reference':'sgabios-0.20170427git-2.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-2.module+el8.0.0.z+3418+a72cf898', 'release':'8', 'epoch':'1'},\n {'reference':'SLOF-20171214-5.gitfa98132.module+el8.0.0.z+3418+a72cf898', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8'},\n {'reference':'virt-dib-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-10.1.module+el8.0.0.z+3418+a72cf898', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-debugsource / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:41", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1762 advisory.\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : virt:8.0.0 (RHSA-2019:1762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"], "modified": "2021-04-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:slof", "p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:netcf", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-guestfs", "p-cpe:/a:redhat:enterprise_linux:perl-sys-virt", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:virt-v2v"], "id": "REDHAT-RHSA-2019-1762.NASL", "href": "https://www.tenable.com/plugins/nessus/126679", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1762. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126679);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/15\");\n\n script_cve_id(\n \"CVE-2019-10161\",\n \"CVE-2019-10166\",\n \"CVE-2019-10167\",\n \"CVE-2019-10168\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1762\");\n\n script_name(english:\"RHEL 8 : virt:8.0.0 (RHSA-2019:1762)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2019:1762 advisory.\n\n - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161)\n\n - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166)\n\n - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167)\n\n - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and\n virConnectCompareHypervisorCPU APIs (CVE-2019-10168)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1720114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1720115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1720117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1720118\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10161\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(250, 284);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi-direct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'advanced_virtualization_8_0_el8': [\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ],\n 'advanced_virtualization_8_1_el8': [\n 'advanced-virt-crb-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-source-rpms',\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ],\n 'advanced_virtualization_8_2_el8': [\n 'advanced-virt-crb-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-source-rpms',\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ],\n 'advanced_virtualization_8_3_el8': [\n 'advanced-virt-crb-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-source-rpms',\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ],\n 'advanced_virtualization_8_4_el8': [\n 'advanced-virt-crb-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-rpms',\n 'advanced-virt-crb-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-rpms',\n 'advanced-virt-crb-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-rpms',\n 'advanced-virt-crb-for-rhel-8-x86_64-source-rpms',\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ],\n 'advanced_virtualization_8_el8': [\n 'advanced-virt-for-rhel-8-aarch64-debug-rpms',\n 'advanced-virt-for-rhel-8-aarch64-rpms',\n 'advanced-virt-for-rhel-8-aarch64-source-rpms',\n 'advanced-virt-for-rhel-8-s390x-debug-rpms',\n 'advanced-virt-for-rhel-8-s390x-rpms',\n 'advanced-virt-for-rhel-8-s390x-source-rpms',\n 'advanced-virt-for-rhel-8-x86_64-debug-rpms',\n 'advanced-virt-for-rhel-8-x86_64-rpms',\n 'advanced-virt-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2019:1762');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:8.0.0');\nif ('8.0.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:8.0.0': [\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'hivex-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-bash-completion-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-benchmarking-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-benchmarking-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gfs2-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-gobject-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-inspect-icons-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-java-devel-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-javadoc-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-man-pages-ja-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-man-pages-uk-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rescue-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-rsync-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-tools-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-tools-c-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libguestfs-xfs-1.40.2-1.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3438+2851622e.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3438+2851622e.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0.z+3438+2851622e.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-admin-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-admin-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-admin-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-bash-completion-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-bash-completion-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-bash-completion-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-client-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-client-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-client-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-daemon-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-daemon-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-daemon-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-daemon-config-network-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8', 'advanced_virtualization_8_4_el8', 'advanced_virtualization_8_el8']},\n {'reference':'libvirt-daemon-config-network-5.0.0-7.2.module+el8.0.0.z+3438+2851622e', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['advanced_virtualization_8_0_el8', 'advanced_virtualization_8_1_el8', 'advanced_virtualization_8_2_el8', 'advanced_virtualization_8_3_el8�
Important Photon OS Security Update - PHSA-2020-0214
