{"id": "RHSA-2015:1896", "hash": "900cfb4c50950c01bd6f6d7273f18ce1", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1896) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash the\nQEMU instance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down and restart all running virtual machines\nfor this update to take effect.", "published": "2015-10-15T16:09:44", "modified": "2018-06-07T02:48:06", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2015:1896", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5279"], "lastseen": "2019-08-13T18:46:41", "history": [{"bulletin": {"id": "RHSA-2015:1896", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1896) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash the\nQEMU instance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down and restart all running virtual machines\nfor this update to take effect.", "published": "2015-10-15T16:09:44", "modified": "2017-03-03T16:14:48", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1896", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5279"], "lastseen": "2017-03-10T07:18:46", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "x86_64", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "OSVersion": "6", "packageName": "qemu-kvm-rhev-tools", "OS": "RedHat", "packageVersion": "0.12.1.2-2.479.el6_7.2", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "OSVersion": "6", "packageName": "qemu-kvm-rhev", "OS": "RedHat", "packageVersion": "0.12.1.2-2.479.el6_7.2", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "OSVersion": "6", "packageName": "qemu-kvm-rhev-debuginfo", "OS": "RedHat", "packageVersion": "0.12.1.2-2.479.el6_7.2", "operator": "lt"}, {"arch": "src", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm", "OSVersion": "6", "packageName": "qemu-kvm-rhev", "OS": "RedHat", "packageVersion": "0.12.1.2-2.479.el6_7.2", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "OSVersion": "6", "packageName": "qemu-img-rhev", "OS": "RedHat", "packageVersion": "0.12.1.2-2.479.el6_7.2", "operator": "lt"}]}, "lastseen": "2017-03-10T07:18:46", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2015:1896", "hash": "1016b958ad3ec8f5d924a6ee732c4fe3", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1896) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash the\nQEMU instance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down and restart all running virtual machines\nfor this update to take effect.", "published": "2015-10-15T16:09:44", "modified": "2018-06-07T02:48:06", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1896", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5279"], "lastseen": "2018-06-06T23:50:20", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T23:50:20", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2015:1896", "hash": "b83012b5bc1f04c07ce6786cf4cd1573", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1896) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash the\nQEMU instance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down and restart all running virtual machines\nfor this update to take effect.", "published": "2015-10-15T16:09:44", "modified": "2018-06-07T02:48:06", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1896", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5279"], "lastseen": "2018-12-11T19:43:34", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5279"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2015-1923.NASL", "CENTOS_RHSA-2015-1925.NASL", "SL_20151022_KVM_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2015-1924.NASL", "ORACLELINUX_ELSA-2015-1925.NASL", "REDHAT-RHSA-2015-1925.NASL", "ORACLELINUX_ELSA-2015-2065.NASL", "CENTOS_RHSA-2015-1924.NASL", "REDHAT-RHSA-2015-1924.NASL", "SL_20151116_XEN_ON_SL5_X.NASL"]}, {"type": "centos", "idList": ["CESA-2015:1924", "CESA-2015:1925", "CESA-2015:2065"]}, {"type": "redhat", "idList": ["RHSA-2015:1923", "RHSA-2015:1925", "RHSA-2015:1924", "RHSA-2015:2065"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871473", "OPENVAS:1361412562310122719", "OPENVAS:1361412562310882306", "OPENVAS:1361412562310122720", "OPENVAS:1361412562310122733", "OPENVAS:1361412562310871464", "OPENVAS:1361412562310882324", "OPENVAS:1361412562310882305", "OPENVAS:1361412562310131096", "OPENVAS:1361412562310703361"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2065", "ELSA-2015-1925", "ELSA-2015-1924", "ELSA-2016-0997"]}, {"type": "freebsd", "idList": ["6AA3322F-B150-11E5-9728-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14718", "SECURITYVULNS:DOC:32547"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1782-1", "SUSE-SU-2016:1785-1", "SUSE-SU-2016:1698-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3361-1:239D8", "DEBIAN:DSA-3362-1:05D6D"]}, {"type": "ubuntu", "idList": ["USN-2745-1"]}, {"type": "f5", "idList": ["SOL63519101", "F5:K63519101"]}, {"type": "gentoo", "idList": ["GLSA-201602-01"]}], "modified": "2018-12-11T19:43:34"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T19:43:34", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "RHSA-2015:1896", "hash": "b001aa09d262f089015225c78ea27e98", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1896) Important: qemu-kvm-rhev security update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash the\nQEMU instance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling this update, shut down and restart all running virtual machines\nfor this update to take effect.", "published": "2015-10-15T16:09:44", "modified": "2018-06-07T02:48:06", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2015:1896", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5279"], "lastseen": "2019-05-29T14:35:04", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T14:35:04"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5279"]}, {"type": "centos", "idList": ["CESA-2015:2065", "CESA-2015:1925", "CESA-2015:1924"]}, {"type": "nessus", "idList": ["SL_20151022_KVM_ON_SL5_X.NASL", "CENTOS_RHSA-2015-1925.NASL", "REDHAT-RHSA-2015-1923.NASL", "ORACLELINUX_ELSA-2015-2065.NASL", "ORACLELINUX_ELSA-2015-1925.NASL", "REDHAT-RHSA-2015-1925.NASL", "ORACLELINUX_ELSA-2015-1924.NASL", "SL_20151116_XEN_ON_SL5_X.NASL", "CENTOS_RHSA-2015-1924.NASL", "SL_20151022_QEMU_KVM_ON_SL6_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1925", "RHSA-2015:1923", "RHSA-2015:1924", "RHSA-2015:2065"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122719", "OPENVAS:1361412562310871473", "OPENVAS:1361412562310882306", "OPENVAS:1361412562310122733", "OPENVAS:1361412562310122720", "OPENVAS:1361412562310882324", "OPENVAS:1361412562310871464", "OPENVAS:1361412562310882305", "OPENVAS:1361412562310131096", "OPENVAS:1361412562310703361"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2065", "ELSA-2015-1924", "ELSA-2015-1925", "ELSA-2016-0997"]}, {"type": "freebsd", "idList": ["6AA3322F-B150-11E5-9728-002590263BF5"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1782-1", "SUSE-SU-2016:1785-1", "SUSE-SU-2016:1698-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14718", "SECURITYVULNS:DOC:32547"]}, {"type": "ubuntu", "idList": ["USN-2745-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3362-1:05D6D", "DEBIAN:DSA-3361-1:239D8"]}, {"type": "f5", "idList": ["F5:K63519101", "SOL63519101"]}, {"type": "gentoo", "idList": ["GLSA-201602-01"]}], "modified": "2019-05-29T14:35:04"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:35:04", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 0, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2019-08-13T18:46:41"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5279"]}, {"type": "centos", "idList": ["CESA-2015:1924", "CESA-2015:2065", "CESA-2015:1925"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871473", "OPENVAS:1361412562310122719", "OPENVAS:1361412562310122720", "OPENVAS:1361412562310122733", "OPENVAS:1361412562310882306", "OPENVAS:1361412562310882305", "OPENVAS:1361412562310871464", "OPENVAS:1361412562310882324", "OPENVAS:1361412562310131096", "OPENVAS:1361412562310869988"]}, {"type": "redhat", "idList": ["RHSA-2015:1923", "RHSA-2015:1925", "RHSA-2015:1924", "RHSA-2015:2065"]}, {"type": "nessus", "idList": ["SL_20151022_KVM_ON_SL5_X.NASL", "REDHAT-RHSA-2015-1923.NASL", "CENTOS_RHSA-2015-1925.NASL", "ORACLELINUX_ELSA-2015-2065.NASL", "REDHAT-RHSA-2015-1925.NASL", "ORACLELINUX_ELSA-2015-1925.NASL", "ORACLELINUX_ELSA-2015-1924.NASL", "SL_20151022_QEMU_KVM_ON_SL6_X.NASL", "CENTOS_RHSA-2015-2065.NASL", "REDHAT-RHSA-2015-2065.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2065", "ELSA-2015-1924", "ELSA-2015-1925", "ELSA-2016-0997"]}, {"type": "freebsd", "idList": ["6AA3322F-B150-11E5-9728-002590263BF5"]}, {"type": "ubuntu", "idList": ["USN-2745-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3362-1:05D6D", "DEBIAN:DSA-3361-1:239D8"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1782-1", "SUSE-SU-2016:1785-1", "SUSE-SU-2016:1698-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14718", "SECURITYVULNS:DOC:32547"]}, {"type": "f5", "idList": ["F5:K63519101", "SOL63519101"]}, {"type": "gentoo", "idList": ["GLSA-201602-01"]}], "modified": "2019-08-13T18:46:41"}, "vulnersScore": 7.1}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.479.el6_7.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2.src.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:14:43", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.", "modified": "2017-12-28T02:29:00", "id": "CVE-2015-5279", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5279", "published": "2015-09-28T16:59:00", "title": "CVE-2015-5279", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "scanner", "description": "Check the version of qemu-guest-agent", "modified": "2019-03-08T00:00:00", "published": "2015-10-23T00:00:00", "id": "OPENVAS:1361412562310882305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882305", "title": "CentOS Update for qemu-guest-agent CESA-2015:1924 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2015:1924 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882305\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-23 07:18:00 +0200 (Fri, 23 Oct 2015)\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2015:1924 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of qemu-guest-agent\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1924\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-October/021443.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.479.el6_7.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.479.el6_7.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.479.el6_7.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.479.el6_7.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-10-23T00:00:00", "id": "OPENVAS:1361412562310871464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871464", "title": "RedHat Update for qemu-kvm RHSA-2015:1924-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2015:1924-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871464\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-23 07:17:29 +0200 (Fri, 23 Oct 2015)\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2015:1924-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1924-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-October/msg00031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.479.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.479.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.479.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.479.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.479.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "description": "Check the version of xen", "modified": "2019-03-08T00:00:00", "published": "2015-11-17T00:00:00", "id": "OPENVAS:1361412562310882324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882324", "title": "CentOS Update for xen CESA-2015:2065 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2015:2065 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882324\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 05:30:32 +0100 (Tue, 17 Nov 2015)\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for xen CESA-2015:2065 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of xen\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration\ntools and the xend service for managing the kernel-xen kernel for\nvirtualization on Red Hat Enterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on the\nhost. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"xen on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2065\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-November/021503.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~147.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~147.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~147.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-11-17T00:00:00", "id": "OPENVAS:1361412562310871473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871473", "title": "RedHat Update for xen RHSA-2015:2065-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2015:2065-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871473\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 05:30:07 +0100 (Tue, 17 Nov 2015)\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for xen RHSA-2015:2065-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration\ntools and the xend service for managing the kernel-xen kernel for virtualization\non Red Hat Enterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on the\nhost. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2065-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~147.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~147.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1925", "modified": "2018-09-28T00:00:00", "published": "2015-10-23T00:00:00", "id": "OPENVAS:1361412562310122719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122719", "title": "Oracle Linux Local Check: ELSA-2015-1925", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1925.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122719\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-23 07:13:37 +0300 (Fri, 23 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1925\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1925 - kvm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1925\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1925.html\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~274.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~274.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~274.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~274.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~274.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-2065", "modified": "2018-09-28T00:00:00", "published": "2015-11-17T00:00:00", "id": "OPENVAS:1361412562310122733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122733", "title": "Oracle Linux Local Check: ELSA-2015-2065", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2065.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122733\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 11:03:13 +0200 (Tue, 17 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2065\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2065 - xen security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2065\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2065.html\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~147.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~147.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~147.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "description": "Check the version of kmod-kvm", "modified": "2019-03-08T00:00:00", "published": "2015-10-23T00:00:00", "id": "OPENVAS:1361412562310882306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882306", "title": "CentOS Update for kmod-kvm CESA-2015:1925 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2015:1925 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882306\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-23 07:18:01 +0200 (Fri, 23 Oct 2015)\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kmod-kvm CESA-2015:1925 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of kmod-kvm\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\");\n script_tag(name:\"affected\", value:\"kmod-kvm on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1925\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-October/021444.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~274.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~274.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~274.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~274.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~274.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1924", "modified": "2018-09-28T00:00:00", "published": "2015-10-23T00:00:00", "id": "OPENVAS:1361412562310122720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122720", "title": "Oracle Linux Local Check: ELSA-2015-1924", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1924.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122720\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-23 07:13:38 +0300 (Fri, 23 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1924\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1924 - qemu-kvm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1924\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1924.html\");\n script_cve_id(\"CVE-2015-5279\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.479.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.479.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.479.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.479.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2015-0397", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310131096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131096", "title": "Mageia Linux Local Check: mgasa-2015-0397", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0397.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131096\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 06:54:52 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0397\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0397.html\");\n script_cve_id(\"CVE-2015-5278\", \"CVE-2015-5279\", \"CVE-2015-7295\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0397\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.1.3~2.7.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:55", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in qemu, a fast processor\nemulator.\n\nCVE-2015-5278 \nQinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\nthe NE2000 NIC emulation. A privileged guest user could use this\nflaw to mount a denial of service (QEMU process crash).\n\nCVE-2015-5279 \nQinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\nin the NE2000 NIC emulation. A privileged guest user could use this\nflaw to mount a denial of service (QEMU process crash), or\npotentially to execute arbitrary code on the host with the\nprivileges of the hosting QEMU process.\n\nCVE-2015-6815 \nQinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\nthe e1000 NIC emulation. A privileged guest user could use this flaw\nto mount a denial of service (QEMU process crash).\n\nCVE-2015-6855 \nQinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\nsubsystem in QEMU occurring while executing IDE", "modified": "2017-07-07T00:00:00", "published": "2015-09-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703361", "id": "OPENVAS:703361", "title": "Debian Security Advisory DSA 3361-1 (qemu - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3361.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3361-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703361);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-5278\", \"CVE-2015-5279\", \"CVE-2015-6815\", \"CVE-2015-6855\");\n script_name(\"Debian Security Advisory DSA 3361-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-18 00:00:00 +0200 (Fri, 18 Sep 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3361.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u11.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:2.4+dfsg-3 or earlier.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:2.4+dfsg-3 or earlier.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in qemu, a fast processor\nemulator.\n\nCVE-2015-5278 \nQinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\nthe NE2000 NIC emulation. A privileged guest user could use this\nflaw to mount a denial of service (QEMU process crash).\n\nCVE-2015-5279 \nQinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\nin the NE2000 NIC emulation. A privileged guest user could use this\nflaw to mount a denial of service (QEMU process crash), or\npotentially to execute arbitrary code on the host with the\nprivileges of the hosting QEMU process.\n\nCVE-2015-6815 \nQinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\nthe e1000 NIC emulation. A privileged guest user could use this flaw\nto mount a denial of service (QEMU process crash).\n\nCVE-2015-6855 \nQinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\nsubsystem in QEMU occurring while executing IDE's\nWIN_READ_NATIVE_MAX command to determine the maximum size of a\ndrive. A privileged guest user could use this flaw to mount a\ndenial of service (QEMU process crash).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1.1.2+dfsg-6a+deb7u11\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "unix", "description": "[kvm-83-274.0.1.el5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83.274.el5]\n- net-add-checks-to-validate-ring-buffer-pointers.patch [bz#1263272]\n- Resolves: bz#1263272\n (CVE-2015-5279 kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-5.11.z])", "modified": "2015-10-22T00:00:00", "published": "2015-10-22T00:00:00", "id": "ELSA-2015-1925", "href": "http://linux.oracle.com/errata/ELSA-2015-1925.html", "title": "kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "unix", "description": "[0.12.1.2-2.479.el6_7.2]\n- kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch [bz#1263274]\n- Resolves: bz#1263274\n (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-6.7.z])", "modified": "2015-10-22T00:00:00", "published": "2015-10-22T00:00:00", "id": "ELSA-2015-1924", "href": "http://linux.oracle.com/errata/ELSA-2015-1924.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "unix", "description": "[3.0.3-147.el5]\n- net: add checks to validate ring buffer pointers\n- Resolves: bz#1263273\n (xen: qemu: Heap overflow vulnerability in ne2000_receive() function)", "modified": "2015-11-16T00:00:00", "published": "2015-11-16T00:00:00", "id": "ELSA-2015-2065", "href": "http://linux.oracle.com/errata/ELSA-2015-2065.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "unix", "description": "[0.12.1.2-2.491.el6_8.1]\n- kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407]\n- kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407]\n- kvm-vga-use-constants-from-vga.h.patch [bz#1331407]\n- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407]\n- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407]\n- kvm-vga-add-vbe_enabled-helper.patch [bz#1331407]\n- kvm-vga-factor-out-vga-register-setup.patch [bz#1331407]\n- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407]\n- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407]\n- Resolves: bz#1331407\n (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z])\n[0.12.1.2-2.491.el6]\n- Revert 'warning when CPU threads>1 for non-Intel CPUs' fix\n[0.12.1.2-2.490.el6]\n- kvm-qemu-ga-implement-win32-guest-set-user-password.patch [bz#1174181]\n- kvm-util-add-base64-decoding-function.patch [bz#1174181]\n- kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181]\n- kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patch [bz#1174181]\n- kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181]\n- kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons.patch [bz#1174181]\n- kvm-qga-fix-off-by-one-length-check.patch [bz#1174181]\n- kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181]\n- Resolves: bz#1174181\n (RFE: provide QEMU guest agent command for setting root account password (Linux guest))\n[0.12.1.2-2.489.el6]\n- kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743]\n- kvm-block-mirror-fix-full-sync-mode-when-target-does-not.patch [bz#971312]\n- Resolves: bz#1290743\n (qemu-kvm core dumped when repeat system_reset 20 times during guest boot)\n- Resolves: bz#971312\n (block: Mirroring to raw block device doesnt zero out unused blocks)\n* Mon Feb 08 2016 Miroslav Rezanina \n- Fixed qemu-ga path configuration [bz#1213233]\n- Resolves: bz#1213233\n ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist)\n[0.12.1.2-2.487.el6]\n- kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques.patch [bz#1249740]\n- kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740]\n- Resolves: bz#1249740\n (Segfault occurred at Dst VM while completed migration upon ENOSPC)\n[0.12.1.2-2.486.el6]\n- kvm-blockdev-Error-out-on-negative-throttling-option-val.patch [bz#1294619]\n- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298046]\n- Resolves: bz#1294619\n (Guest should failed to boot if set iops,bps to negative number)\n- Resolves: bz#1298046\n (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.8])\n[0.12.1.2-2.485.el6]\n- kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233]\n- kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743]\n- Resolves: bz#1213233\n ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist)\n- Resolves: bz#1290743\n (qemu-kvm core dumped when repeat system_reset 20 times during guest boot)\n[0.12.1.2-2.484.el6]\n- kvm-qga-flush-explicitly-when-needed.patch [bz#1210246]\n- kvm-qga-add-guest-set-user-password-command.patch [bz#1174181]\n- kvm-qcow2-Zero-initialise-first-cluster-for-new-images.patch [bz#1223216]\n- kvm-Documentation-Warn-against-qemu-img-on-active-image.patch [bz#1297424]\n- kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch [bz#1292678]\n- kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442]\n- kvm-qga-Fix-memory-allocation-pasto.patch []\n- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268347]\n- Resolves: bz#1174181\n (RFE: provide QEMU guest agent command for setting root/administrator account password)\n- Resolves: bz#1210246\n ([virtagent]The 'write' content is lost if 'read' it before flush through guest agent)\n- Resolves: bz#1223216\n (qemu-img can not create qcow2 image when backend is block device)\n- Resolves: bz#1250442\n (qemu-doc.html bad markup in section 3.3 Invocation)\n- Resolves: bz#1268347\n (posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY)\n- Resolves: bz#1292678\n (Qemu should report error when cmdline set threads=2 in amd host)\n- Resolves: bz#1297424\n (Add warning about running qemu-img on active VMs to its manpage)\n[0.12.1.2-2.483.el6]\n- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866]\n- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1262866]\n- Resolves: bz#1262866\n ([RHEL6] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size)\n[0.12.1.2-2.482.el6]\n- kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat.patch [bz#1265428]\n- kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch [bz#1219908]\n- kvm-net-pcnet-add-check-to-validate-receive-data-size-CV.patch [bz#1286597]\n- kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567]\n- Resolves: bz#1219908\n (Writing snapshots with 'virsh snapshot-create-as' command slows as more snapshots are created)\n- Resolves: bz#1265428\n (contents of MSR_TSC_AUX are not migrated)\n- Resolves: bz#1286567\n (CVE-2015-7512 qemu-kvm: Qemu: net: pcnet: buffer overflow in non-loopback mode [rhel-6.8])\n[0.12.1.2-2.481.el6]\n- kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch [bz#1263275]\n- Resolves: bz#1263275\n (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-6.8])\n[0.12.1.2-2.480.el6]\n- kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng.patch [bz#1230068]\n- kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236]\n- kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20.patch [bz#1248763]\n- kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015-.patch [bz#1248763]\n- kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE.patch [bz#1248763]\n- kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248763]\n- kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248763]\n- kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51.patch [bz#1248763]\n- kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248763]\n- Resolves: bz#1213236\n ([virtagent] 'guest-fstrim' failed for guest with os on spapr-vscsi disk)\n- Resolves: bz#1230068\n (Segmentation fault when re-adding virtio-rng-pci device)\n- Resolves: bz#1248763\n (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory information leakage to guest [rhel-6.8])", "modified": "2016-05-16T00:00:00", "published": "2016-05-16T00:00:00", "id": "ELSA-2016-0997", "href": "http://linux.oracle.com/errata/ELSA-2016-0997.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on the\nhost. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\n", "modified": "2017-09-08T12:16:56", "published": "2015-11-16T05:00:00", "id": "RHSA-2015:2065", "href": "https://access.redhat.com/errata/RHSA-2015:2065", "type": "redhat", "title": "(RHSA-2015:2065) Important: xen security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n", "modified": "2017-09-08T11:56:32", "published": "2015-10-22T04:00:00", "id": "RHSA-2015:1925", "href": "https://access.redhat.com/errata/RHSA-2015:1925", "type": "redhat", "title": "(RHSA-2015:1925) Important: kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:02", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on the\nhost. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-06-07T08:59:25", "published": "2015-10-22T04:00:00", "id": "RHSA-2015:1923", "href": "https://access.redhat.com/errata/RHSA-2015:1923", "type": "redhat", "title": "(RHSA-2015:1923) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:26", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:09", "published": "2015-10-22T04:00:00", "id": "RHSA-2015:1924", "href": "https://access.redhat.com/errata/RHSA-2015:1924", "type": "redhat", "title": "(RHSA-2015:1924) Important: qemu-kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:25:16", "bulletinFamily": "scanner", "description": "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1924.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86558", "published": "2015-10-23T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2015:1924)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1924. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86558);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:1924\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2015:1924)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5279\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1924\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-guest-agent-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:26", "bulletinFamily": "scanner", "description": "A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nAfter installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20151116_XEN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86894", "published": "2015-11-17T00:00:00", "title": "Scientific Linux Security Update : xen on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86894);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-5279\");\n\n script_name(english:\"Scientific Linux Security Update : xen on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nAfter installing the updated packages, all running fully-virtualized\nguests must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1511&L=scientific-linux-errata&F=&S=&P=11464\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc5a7118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xen-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-debuginfo-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-devel-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-libs-3.0.3-147.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:26", "bulletinFamily": "scanner", "description": "Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-2065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86887", "published": "2015-11-17T00:00:00", "title": "CentOS 5 : xen (CESA-2015:2065)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2065 and \n# CentOS Errata and Security Advisory 2015:2065 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86887);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:2065\");\n\n script_name(english:\"CentOS 5 : xen (CESA-2015:2065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-November/021503.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28d26449\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-devel-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-libs-3.0.3-147.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:16", "bulletinFamily": "scanner", "description": "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1924.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86549", "published": "2015-10-23T00:00:00", "title": "CentOS 6 : qemu-kvm (CESA-2015:1924)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1924 and \n# CentOS Errata and Security Advisory 2015:1924 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86549);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:1924\");\n\n script_name(english:\"CentOS 6 : qemu-kvm (CESA-2015:1924)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-October/021443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d86a8a8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"qemu-guest-agent-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:16", "bulletinFamily": "scanner", "description": "A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20151022_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86564", "published": "2015-10-23T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86564);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-5279\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1510&L=scientific-linux-errata&F=&S=&P=4832\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a5e4818\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"qemu-guest-agent-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:26", "bulletinFamily": "scanner", "description": "Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-2065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86893", "published": "2015-11-17T00:00:00", "title": "RHEL 5 : xen (RHSA-2015:2065)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2065. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86893);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:2065\");\n\n script_name(english:\"RHEL 5 : xen (RHSA-2015:2065)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5279\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2065\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-debuginfo-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-debuginfo-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-devel-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-devel-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-libs-3.0.3-147.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-libs-3.0.3-147.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debuginfo / xen-devel / xen-libs\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:16", "bulletinFamily": "scanner", "description": "A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nNOTE: The following procedure must be performed before this update will take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "modified": "2018-12-28T00:00:00", "id": "SL_20151022_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86563", "published": "2015-10-23T00:00:00", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86563);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-5279\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nNOTE: The following procedure must be performed before this update\nwill take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove\n(using 'modprobe -r [module]') and reload (using 'modprobe [module]')\nall of the following modules which are currently running (determined\nusing 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1510&L=scientific-linux-errata&F=&S=&P=4514\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?055be01a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-274.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-274.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-274.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-274.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-274.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-274.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:16", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1925.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86550", "published": "2015-10-23T00:00:00", "title": "CentOS 5 : kvm (CESA-2015:1925)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1925 and \n# CentOS Errata and Security Advisory 2015:1925 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86550);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:1925\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2015:1925)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure\nin the Solution section must be performed before this update will take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-October/021444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74598742\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-274.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-274.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-274.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-274.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-274.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:17", "bulletinFamily": "scanner", "description": "Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1923.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86597", "published": "2015-10-26T00:00:00", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2015:1923)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1923. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86597);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:1923\");\n\n script_name(english:\"RHEL 6 : qemu-kvm-rhev (RHSA-2015:1923)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix one security issue are now\navailable for Red Hat Enterprise Virtualization.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5279\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1923\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-rhev-0.12.1.2-2.479.el6_7.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-0.12.1.2-2.479.el6_7.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-0.12.1.2-2.479.el6_7.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-tools-0.12.1.2-2.479.el6_7.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:26", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:2065 :\n\nUpdated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "modified": "2018-07-24T00:00:00", "id": "ORACLELINUX_ELSA-2015-2065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86892", "published": "2015-11-17T00:00:00", "title": "Oracle Linux 5 : xen (ELSA-2015-2065)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2065 and \n# Oracle Linux Security Advisory ELSA-2015-2065 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86892);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2015-5279\");\n script_xref(name:\"RHSA\", value:\"2015:2065\");\n\n script_name(english:\"Oracle Linux 5 : xen (ELSA-2015-2065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2065 :\n\nUpdated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the\nnetwork. A privileged user inside a guest could use this flaw to crash\nthe QEMU instance (denial of service) or potentially execute arbitrary\ncode on the host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for\nreporting this issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005546.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xen-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-devel-3.0.3-147.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-libs-3.0.3-147.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1924\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021443.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1924.html", "modified": "2015-10-22T19:30:36", "published": "2015-10-22T19:30:36", "href": "http://lists.centos.org/pipermail/centos-announce/2015-October/021443.html", "id": "CESA-2015:1924", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2065\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on the\nhost. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-November/021503.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2065.html", "modified": "2015-11-16T20:32:24", "published": "2015-11-16T20:32:24", "href": "http://lists.centos.org/pipermail/centos-announce/2015-November/021503.html", "id": "CESA-2015:2065", "title": "xen security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1925\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nA heap buffer overflow flaw was found in the way QEMU's NE2000 NIC\nemulation implementation handled certain packets received over the network.\nA privileged user inside a guest could use this flaw to crash the QEMU\ninstance (denial of service) or potentially execute arbitrary code on\nthe host. (CVE-2015-5279)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021444.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1925.html", "modified": "2015-10-22T19:35:05", "published": "2015-10-22T19:35:05", "href": "http://lists.centos.org/pipermail/centos-announce/2015-October/021444.html", "id": "CESA-2015:1925", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "unix", "description": "\nPrasad J Pandit, Red Hat Product Security Team, reports:\n\nQemu emulator built with the NE2000 NIC emulation support is\n\t vulnerable to an infinite loop issue. It could occur when receiving\n\t packets over the network.\nA privileged user inside guest could use this flaw to crash the\n\t Qemu instance resulting in DoS.\n\n\nQemu emulator built with the NE2000 NIC emulation support is\n\t vulnerable to a heap buffer overflow issue. It could occur when\n\t receiving packets over the network.\nA privileged user inside guest could use this flaw to crash the\n\t Qemu instance or potentially execute arbitrary code on the host.\n\n", "modified": "2015-09-15T00:00:00", "published": "2015-09-15T00:00:00", "id": "6AA3322F-B150-11E5-9728-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/6aa3322f-b150-11e5-9728-002590263bf5.html", "title": "qemu -- denial of service vulnerabilities in NE2000 NIC support", "type": "freebsd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "DoS, memory corruptions.", "modified": "2015-10-12T00:00:00", "published": "2015-10-12T00:00:00", "id": "SECURITYVULNS:VULN:14718", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14718", "title": "libvirt / qemu multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2745-1\r\nSeptember 24, 2015\r\n\r\nqemu, qemu-kvm vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in QEMU.\r\n\r\nSoftware Description:\r\n- qemu: Machine emulator and virtualizer\r\n- qemu-kvm: Machine emulator and virtualizer\r\n\r\nDetails:\r\n\r\nLian Yihan discovered that QEMU incorrectly handled certain payload\r\nmessages in the VNC display driver. A malicious guest could use this issue\r\nto cause the QEMU process to hang, resulting in a denial of service. This\r\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. &#40;CVE-2015-5239&#41;\r\n\r\nQinghao Tang discovered that QEMU incorrectly handled receiving certain\r\npackets in the NE2000 network driver. A malicious guest could use this\r\nissue to cause the QEMU process to hang, resulting in a denial of service.\r\n&#40;CVE-2015-5278&#41;\r\n\r\nQinghao Tang discovered that QEMU incorrectly handled receiving certain\r\npackets in the NE2000 network driver. A malicious guest could use this\r\nissue to cause a denial of service, or possibly execute arbitrary code on\r\nthe host as the user running the QEMU process. In the default installation,\r\nwhen QEMU is used with libvirt, attackers would be isolated by the libvirt\r\nAppArmor profile. &#40;CVE-2015-5279&#41;\r\n\r\nQinghao Tang discovered that QEMU incorrectly handled transmit descriptor\r\ndata when sending network packets. A malicious guest could use this issue\r\nto cause the QEMU process to hang, resulting in a denial of service.\r\n&#40;CVE-2015-6815&#41;\r\n\r\nQinghao Tang discovered that QEMU incorrectly handled ATAPI command\r\npermissions. A malicious guest could use this issue to cause the QEMU\r\nprocess to crash, resulting in a denial of service. &#40;CVE-2015-6855&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n qemu-system 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-arm 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-mips 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-misc 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-ppc 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-sparc 1:2.2+dfsg-5expubuntu9.5\r\n qemu-system-x86 1:2.2+dfsg-5expubuntu9.5\r\n\r\nUbuntu 14.04 LTS:\r\n qemu-system 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-arm 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-mips 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-misc 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-ppc 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-sparc 2.0.0+dfsg-2ubuntu1.19\r\n qemu-system-x86 2.0.0+dfsg-2ubuntu1.19\r\n\r\nUbuntu 12.04 LTS:\r\n qemu-kvm 1.0+noroms-0ubuntu14.25\r\n\r\nAfter a standard system update you need to restart all QEMU virtual\r\nmachines to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2745-1\r\n CVE-2015-5239, CVE-2015-5278, CVE-2015-5279, CVE-2015-6815,\r\n CVE-2015-6855\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.5\r\n https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.19\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.25\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-10-12T00:00:00", "published": "2015-10-12T00:00:00", "id": "SECURITYVULNS:DOC:32547", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32547", "title": "[USN-2745-1] QEMU vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:51:21", "bulletinFamily": "unix", "description": "qemu was updated to fix several security issues and bugs.\n\n The following vulnerabilities were fixed:\n - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU,\n when the container has a CDROM drive enabled, allows local guest users\n to execute arbitrary code on the host via unspecified ATAPI commands.\n (bsc#938344).\n - CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that could\n occur when receiving packets over the network. (bsc#945989)\n - CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue that\n could occur when receiving packets over the network. (bsc#945987)\n - CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could\n occur while executing an IDE command WIN_READ_NATIVE_MAX to determine\n the maximum size of a drive. (bsc#945404)\n - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed\n remote attackers to cause a denial of service (crash) via a small\n bytes_per_pixel value. (bsc#902737):\n\n Also these non-security issues were fixed:\n - bsc#937572: Fixed dictzip on big endian systems\n - bsc#934517: Fix 'info tlb' causes guest to freeze\n - bsc#934506: Fix vte monitor consol looks empy\n - bsc#937125: Fix parsing of scsi-disk wwn uint64 property\n - bsc#945778: Drop .probe hooks for DictZip and tar block drivers\n - bsc#937572: Fold common-obj-y -&gt; block-obj-y change into original patches\n - bsc#928308,bsc#944017: Fix virtio-ccw index errors when initrd gets too\n large\n - bsc#936537: Fix possible qemu-img error when converting to compressed\n qcow2 image\n - bsc#939216: Fix reboot fail after install using uefi\n - bsc#943446: qemu-img convert doesn't create MB aligned VHDs anymore\n\n", "modified": "2015-10-20T10:09:58", "published": "2015-10-20T10:09:58", "id": "SUSE-SU-2015:1782-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "bulletinFamily": "unix", "description": "kvm was updated to fix 33 security issues.\n\n These security issues were fixed:\n - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)\n - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)\n - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for\n guest escape (bsc#978158)\n - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit\n (bsc#978160)\n - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)\n - CVE-2016-2538: Fixed potential OOB access in USB net device emulation\n (bsc#967969)\n - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)\n - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number\n generator (bsc#970036)\n - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)\n - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic\n (bsc#975128)\n - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller\n (bsc#975136)\n - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access\n (bsc#975700)\n - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)\n - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to\n avoid any opportunity for guest to cause DoS by abusing that interface\n (bsc#928393)\n - CVE-2014-3689: Fixed insufficient parameter validation in rectangle\n functions (bsc#901508)\n - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to\n read host memory by setting the display to a high resolution\n (bsc#895528).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).\n - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function\n in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of\n service (instance crash) or possibly execute arbitrary code via vectors\n related to receiving packets (bsc#945987).\n - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).\n - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the\n commands accepted by an ATAPI device, which allowed guest users to cause\n a denial of service or possibly have unspecified other impact via\n certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command\n to an empty drive, which triggers a divide-by-zero error and instance\n crash (bsc#945404).\n - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device\n (virtio-net) support in QEMU, when big or mergeable receive buffers are\n not supported, allowed remote attackers to cause a denial of service\n (guest network consumption) via a flood of jumbo frames on the (1)\n tuntap or (2) macvtap interface (bsc#947159).\n - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).\n - CVE-2015-8504: VNC floating point exception (bsc#958491).\n - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS\n (bsc#959005).\n - CVE-2015-8613: Wrong sized memset in megasas command handler\n (bsc#961358).\n - CVE-2015-8619: Potential DoS for long HMP sendkey command argument\n (bsc#960334).\n - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions\n (bsc#960725).\n - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).\n - CVE-2016-1714: Potential OOB memory access in processing firmware\n configuration (bsc#961691).\n - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command\n (bsc#962320).\n - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation\n by malicious privileged user within guest (bsc#963782).\n - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by\n writing to read-only EHCI capabilities registers (bsc#964413).\n\n This non-security issue was fixed:\n - Fix case of IDE interface needing busy status set before flush\n (bsc#936132)\n\n", "modified": "2016-07-11T16:39:09", "published": "2016-07-11T16:39:09", "id": "SUSE-SU-2016:1785-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00012.html", "type": "suse", "title": "Security update for kvm (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:04", "bulletinFamily": "unix", "description": "kvm was updated to fix 33 security issues.\n\n These security issues were fixed:\n - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)\n - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)\n - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for\n guest escape (bsc#978158)\n - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit\n (bsc#978160)\n - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)\n - CVE-2016-2538: Fixed potential OOB access in USB net device emulation\n (bsc#967969)\n - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)\n - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number\n generator (bsc#970036)\n - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)\n - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic\n (bsc#975128)\n - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller\n (bsc#975136)\n - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access\n (bsc#975700)\n - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)\n - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to\n avoid any opportunity for guest to cause DoS by abusing that interface\n (bsc#928393)\n - CVE-2014-3689: Fixed insufficient parameter validation in rectangle\n functions (bsc#901508)\n - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to\n read host memory by setting the display to a high resolution\n (bsc#895528).\n - CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463).\n - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).\n - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function\n in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of\n service (instance crash) or possibly execute arbitrary code via vectors\n related to receiving packets (bsc#945987).\n - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).\n - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the\n commands accepted by an ATAPI device, which allowed guest users to cause\n a denial of service or possibly have unspecified other impact via\n certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command\n to an empty drive, which triggers a divide-by-zero error and instance\n crash (bsc#945404).\n - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device\n (virtio-net) support in QEMU, when big or mergeable receive buffers are\n not supported, allowed remote attackers to cause a denial of service\n (guest network consumption) via a flood of jumbo frames on the (1)\n tuntap or (2) macvtap interface (bsc#947159).\n - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).\n - CVE-2015-8504: VNC floating point exception (bsc#958491).\n - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS\n (bsc#959005).\n - CVE-2015-8613: Wrong sized memset in megasas command handler\n (bsc#961358).\n - CVE-2015-8619: Potential DoS for long HMP sendkey command argument\n (bsc#960334).\n - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions\n (bsc#960725).\n - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).\n - CVE-2016-1714: Potential OOB memory access in processing firmware\n configuration (bsc#961691).\n - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command\n (bsc#962320).\n - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation\n by malicious privileged user within guest (bsc#963782).\n - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by\n writing to read-only EHCI capabilities registers (bsc#964413).\n\n This non-security issue was fixed:\n - Fix case of IDE interface needing busy status set before flush\n (bsc#936132)\n\n", "modified": "2016-06-28T20:07:43", "published": "2016-06-28T20:07:43", "id": "SUSE-SU-2016:1698-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00057.html", "title": "Security update for kvm (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3361-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855\nDebian Bug : 798101 799073 799074\n\nSeveral vulnerabilities were discovered in qemu, a fast processor\nemulator.\n\nCVE-2015-5278\n\n Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash).\n\nCVE-2015-5279\n\n Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\n in the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.\n\nCVE-2015-6815\n\n Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the e1000 NIC emulation. A privileged guest user could use this flaw\n to mount a denial of service (QEMU process crash).\n\nCVE-2015-6855\n\n Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\n subsystem in QEMU occurring while executing IDE&#x27;s\n WIN_READ_NATIVE_MAX command to determine the maximum size of a\n drive. A privileged guest user could use this flaw to mount a\n denial of service (QEMU process crash).\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u11.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:2.4+dfsg-3 or earlier.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:2.4+dfsg-3 or earlier.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-09-18T20:09:37", "published": "2015-09-18T20:09:37", "id": "DEBIAN:DSA-3361-1:239D8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00260.html", "title": "[SECURITY] [DSA 3361-1] qemu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:38", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3362-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nCVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855\n\nSeveral vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.\n\nCVE-2015-5278\n\n Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash).\n\nCVE-2015-5279\n\n Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\n in the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.\n\nCVE-2015-6815\n\n Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the e1000 NIC emulation. A privileged guest user could use this flaw\n to mount a denial of service (QEMU process crash).\n\nCVE-2015-6855\n\n Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\n subsystem in QEMU occurring while executing IDE&#x27;s\n WIN_READ_NATIVE_MAX command to determine the maximum size of a\n drive. A privileged guest user could use this flaw to mount a\n denial of service (QEMU process crash).\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u11.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-09-18T20:09:48", "published": "2015-09-18T20:09:48", "id": "DEBIAN:DSA-3362-1:05D6D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00261.html", "title": "[SECURITY] [DSA 3362-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:51", "bulletinFamily": "unix", "description": "Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239)\n\nQinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-5278)\n\nQinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5279)\n\nQinghao Tang discovered that QEMU incorrectly handled transmit descriptor data when sending network packets. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-6815)\n\nQinghao Tang discovered that QEMU incorrectly handled ATAPI command permissions. A malicious guest could use this issue to cause the QEMU process to crash, resulting in a denial of service. (CVE-2015-6855)", "modified": "2015-09-24T00:00:00", "published": "2015-09-24T00:00:00", "id": "USN-2745-1", "href": "https://usn.ubuntu.com/2745-1/", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2016-11-09T00:09:49", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-28T00:00:00", "published": "2016-02-16T00:00:00", "id": "SOL63519101", "href": "http://support.f5.com/kb/en-us/solutions/public/k/63/sol63519101.html", "type": "f5", "title": "SOL63519101 - Multiple QEMU vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-22T12:31:54", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 572590, 572592, 572596, 572597, and 572599 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H63519101 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | vCMP \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP GTM | 11.0.0 - 11.6.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.1 | 12.1.0 \n10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.1 | 12.1.0 | Low | vCMP \nBIG-IP PSM | 11.0.0 - 11.4.1 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nBIG-IP WOM | 11.0.0 - 11.3.0 | 10.1.0 - 10.2.4 | Low | vCMP \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-11-16T00:00:00", "published": "2016-02-16T19:39:00", "id": "F5:K63519101", "href": "https://support.f5.com/csp/article/K63519101", "title": "Multiple QEMU vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker might cause a Denial of Service or gain escalated privileges from a guest VM. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.5.0-r1\"", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "GLSA-201602-01", "href": "https://security.gentoo.org/glsa/201602-01", "type": "gentoo", "title": "QEMU: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}