ID RHSA-2019:1175 Type redhat Reporter RedHat Modified 2019-05-14T22:02:20
Description
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)
QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)
libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{"vmware": [{"lastseen": "2019-11-14T23:21:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**1\\. Impacted Products**\n\n * VMware vCenter Server (VC)\n * VMware vSphere ESXi (ESXi)\n * VMware Workstation Pro / Player (WS)\n * VMware Fusion Pro / Fusion (Fusion)\n * vCloud Usage Meter (UM)\n * Identity Manager (vIDM)\n * vCenter Server (vCSA)\n * vSphere Data Protection (VDP)\n * vSphere Integrated Containers (VIC)\n * vRealize Automation (vRA)\n\n**2\\. Introduction \n**\n\nIntel has disclosed details on speculative-execution vulnerabilities known collectively as \u201cMicroarchitectural Data Sampling (MDS)\" that can occur on Intel microarchitecture prior to 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake). These issues may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms. \n\n\nThere are four uniquely identifiable vulnerabilities associated with MDS: \n\n\n * CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) - CVSSv3 = 6.5\n * CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVSSv3 = 6.5\n * CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) - CVSSv3 = 6.5\n * CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVSSv3 = 3.8\n\nTo assist in understanding speculative-execution vulnerabilities, VMware previously defined the following mitigation categories:\n\n * _Hypervisor-Specific Mitigations_ prevent information leakage from the hypervisor or guest VMs into a malicious guest VM. These mitigations require code changes for VMware products.\n * _Hypervisor-Assisted Guest Mitigations _virtualize new speculative-execution hardware control mechanisms for guest VMs so that Guest OSes can mitigate leakage between processes within the VM. These mitigations require code changes for VMware products.\n * _Operating System-Specific Mitigations_ are applied to guest operating systems. These updates will be provided by a 3rd party vendor or in the case of VMware Virtual Appliances, by VMware.\n * _Microcode Mitigations_ are applied to a system\u2019s processor(s) by a microcode update from the hardware vendor. These mitigations do not require hypervisor or guest operating system updates to be effective. \n\n\nMDS vulnerabilities require _Hypervisor-Specific Mitigations_ (described in section 3a.) _Hypervisor-Assisted Guest Mitigations_ (described in section 3b.) and _Operating System-Specific Mitigations_ (described in section 3c.) \n\n\n**3a. _Hypervisor-Specific Mitigations_ for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 \n** \n\n\n**Description: \n**\n\nvCenter Server, ESXi, Workstation, and Fusion updates include _Hypervisor-Specific Mitigations_ for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the [Moderate severity range](<https://www.vmware.com/support/policies/security_response.html>) with a maximum CVSSv3 base score of 6.5. \n\n\n**Known Attack Vectors: \n**\n\nA malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself via MDS vulnerabilities. \n\n\nThere are two known attack vector variants for MDS at the Hypervisor level:\n\n * _Sequential-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.\n * _Concurrent-context attack vector_ (Inter-VM): a malicious VM can potentially infer recently accessed data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core.\n\n**Resolution:**\n\n * The _Sequential-context attack vector_ (Inter-VM): is mitigated by a Hypervisor update to the product versions listed in the table below. These mitigations are dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact.\n * The _Concurrent-context attack vector_ (Inter-VM): is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default.\n\n**Workarounds:**\n\n * There are no known Hypervisor-Specific workarounds for the MDS class of vulnerabilities.\n\n**Additional Documentation:**\n\n * vSphere: [KB67577](<https://kb.vmware.com/kb/67577>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts\n * Workstation/Fusion: [KB68025](<https://kb.vmware.com/kb/68025>) should be thoroughly reviewed to ensure a strong understanding of the _Hypervisor-Specific Mitigations_ enablement process for MDS and potential CPU capacity impacts.\n\n**Notes: \n**\n\n * VMware Hypervisors running on 2nd Generation Intel\u00ae Xeon\u00ae Scalable Processors (formerly known as Cascade Lake) are not affected by MDS vulnerabilities.\n\n**Acknowledgements:**\n\n * None.\n\n**Resolution Matrix: \n \n**\n\nProduct | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation \n---|---|---|---|---|---|---|---|--- \nvCenter Server1 | 6.7 | Any | N/A | N/A | N/A | [6.7 U2a](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.5 | Any | N/A | N/A | N/A | [6.5 U2g](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nvCenter Server1 | 6.0 | Any | N/A | N/A | N/A | [6.0 U3i](<https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi3 | 6.7 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi670-201911401-BG \nESXi670-201911402-BG2 \n](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.5 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi650-201905401-BG \nESXi650-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nESXi | 6.0 | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [ESXi600-201905401-BG \nESXi600-201905402-BG2](<https://my.vmware.com/group/vmware/patch>) | None | [KB67577](<https://kb.vmware.com/kb/67577>) \nWorkstation3 | 15.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [15.5.1](<https://www.vmware.com/go/downloadworkstation>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \nFusion3 | 11.x | Any | [CVE-2018-12126 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126>)[CVE-2018-12127 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127>)[CVE-2018-12130 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130>)[CVE-2019-11091 \n](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091>) | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | [Moderate](<https://www.vmware.com/support/policies/security_response.html>) | [11.5.1](<https://www.vmware.com/go/downloadfusion>) | None | [KB68025](<https://kb.vmware.com/kb/68025>) \n \n1\\. vCenter updates are listed in the above table as a requirement for _Hypervisor-Specific Mitigations_ as these updates include enhanced EVC modes which support the new MD-CLEAR functionality included in ESXi microcode updates. \n2\\. These patches contain updated microcode. At the time of this publication Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to VMware. Customers on this microarchitecture may request MCUs from their hardware vendor in the form of a BIOS update. This microcode will be included in future releases of ESXi. \n3\\. A regression introduced in ESXi 6.7u2, Workstation 15.5.0, and Fusion 11.5.0 causes _Hypervisor-Specific Mitigations_ for L1TF (CVE-2018-3646) and MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be ineffective. This issue has been resolved in the patches reflected in the table above. This regression does not affect the ESXi 6.5 and 6.0 release lines, nor does it affect ESXi 6.7u2 if the _ESXi Side-Channel-Aware Scheduler Version 2_ is enabled.\n", "edition": 4, "modified": "2019-11-12T00:00:00", "published": "2019-05-14T00:00:00", "id": "VMSA-2019-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html", "title": "VMware product updates enable\u00a0Hypervisor-Specific Mitigations,\u00a0Hypervisor-Assisted Guest Mitigations, and\u00a0Operating System-Specific Mitigations\u00a0for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and\u00a0CVE-2019-11091)", "type": "vmware", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T04:45:51", "description": "From Red Hat Security Advisory 2019:1175 :\n\nAn update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree\nblob (CVE-2018-20815)\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Oracle Linux 8 : virt:rhel (ELSA-2019-1175) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2018-12126", "CVE-2019-3857", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-3856", "CVE-2019-3855", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libguestfs-winsupport", "p-cpe:/a:oracle:linux:nbdkit-plugin-gzip", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:oracle:linux:libguestfs-gobject-devel", "p-cpe:/a:oracle:linux:seavgabios-bin", "p-cpe:/a:oracle:linux:libvirt-bash-completion", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:qemu-kvm-core", "p-cpe:/a:oracle:linux:python3-libguestfs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:lua-guestfs", "p-cpe:/a:oracle:linux:hivex", "p-cpe:/a:oracle:linux:libguestfs-tools", "p-cpe:/a:oracle:linux:nbdkit", "p-cpe:/a:oracle:linux:libguestfs-tools-c", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libguestfs-gobject", "p-cpe:/a:oracle:linux:netcf", "p-cpe:/a:oracle:linux:libvirt-admin", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libguestfs-rescue", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libiscsi-devel", "p-cpe:/a:oracle:linux:nbdkit-bash-completion", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libssh2", "p-cpe:/a:oracle:linux:libguestfs-xfs", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:oracle:linux:virt-p2v-maker", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:oracle:linux:nbdkit-example-plugins", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:oracle:linux:libiscsi-utils", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:netcf-libs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:oracle:linux:libiscsi", "p-cpe:/a:oracle:linux:perl-Sys-Guestfs", "p-cpe:/a:oracle:linux:nbdkit-basic-plugins", "p-cpe:/a:oracle:linux:libguestfs-bash-completion", "p-cpe:/a:oracle:linux:supermin-devel", "p-cpe:/a:oracle:linux:python3-libvirt", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:oracle:linux:qemu-kvm-block-ssh", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:ruby-hivex", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:supermin", "p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:qemu-guest-agent", "p-cpe:/a:oracle:linux:qemu-kvm-block-curl", "p-cpe:/a:oracle:linux:libguestfs-benchmarking", "p-cpe:/a:oracle:linux:libguestfs-man-pages-uk", "p-cpe:/a:oracle:linux:nbdkit-plugin-vddk", "p-cpe:/a:oracle:linux:python3-hivex", "p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi", "p-cpe:/a:oracle:linux:qemu-kvm-block-gluster", "p-cpe:/a:oracle:linux:libvirt-libs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:netcf-devel", "p-cpe:/a:oracle:linux:libguestfs-devel", "p-cpe:/a:oracle:linux:libvirt-docs", "p-cpe:/a:oracle:linux:perl-hivex", "p-cpe:/a:oracle:linux:libguestfs-java-devel", "p-cpe:/a:oracle:linux:virt-v2v", "p-cpe:/a:oracle:linux:perl-Sys-Virt", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:oracle:linux:qemu-kvm-block-rbd", "p-cpe:/a:oracle:linux:libguestfs-man-pages-ja", "p-cpe:/a:oracle:linux:libguestfs-java", "p-cpe:/a:oracle:linux:sgabios", "p-cpe:/a:oracle:linux:sgabios-bin", "p-cpe:/a:oracle:linux:libguestfs-javadoc", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:nbdkit-plugin-python-common", "p-cpe:/a:oracle:linux:virt-dib", "p-cpe:/a:oracle:linux:seabios", "p-cpe:/a:oracle:linux:libguestfs", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt-dbus", "p-cpe:/a:oracle:linux:seabios-bin", "p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:nbdkit-plugin-xz", "p-cpe:/a:oracle:linux:ruby-libguestfs", "p-cpe:/a:oracle:linux:libguestfs-inspect-icons", "p-cpe:/a:oracle:linux:nbdkit-plugin-python3", "p-cpe:/a:oracle:linux:libguestfs-rsync", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:nbdkit-devel", "p-cpe:/a:oracle:linux:hivex-devel", "p-cpe:/a:oracle:linux:libguestfs-gfs2"], "id": "ORACLELINUX_ELSA-2019-1175.NASL", "href": "https://www.tenable.com/plugins/nessus/127584", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1175 and \n# Oracle Linux Security Advisory ELSA-2019-1175 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127584);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-20815\", \"CVE-2019-11091\", \"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1175\");\n\n script_name(english:\"Oracle Linux 8 : virt:rhel (ELSA-2019-1175) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1175 :\n\nAn update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree\nblob (CVE-2018-20815)\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008975.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected virt:rhel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"hivex-1.3.15-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"hivex-devel-1.3.15-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-bash-completion-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-benchmarking-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-devel-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-gfs2-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-gobject-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-gobject-devel-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-inspect-icons-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-java-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-java-devel-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-javadoc-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-man-pages-ja-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-man-pages-uk-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-rescue-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-rsync-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-tools-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-tools-c-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-winsupport-8.0-2.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libguestfs-xfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libiscsi-1.18.0-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libiscsi-devel-1.18.0-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libiscsi-utils-1.18.0-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libssh2-1.8.0-7.module+el8.0.0+5219+3c0c6858.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-admin-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-bash-completion-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-client-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-core-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-disk-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-gluster-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-logical-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-mpath-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-rbd-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-scsi-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-dbus-1.2.0-2.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-devel-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-docs-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-libs-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libvirt-nss-4.5.0-23.1.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"lua-guestfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-bash-completion-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-devel-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-example-plugins-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"netcf-0.2.8-10.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"netcf-devel-0.2.8-10.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"netcf-libs-0.2.8-10.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Sys-Guestfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Sys-Virt-4.5.0-4.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-hivex-1.3.15-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"python3-hivex-1.3.15-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"python3-libguestfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"python3-libvirt-4.5.0-1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-img-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-block-gluster-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-common-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"qemu-kvm-core-2.12.0-64.module+el8.0.0+5219+3c0c6858.2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"ruby-hivex-1.3.15-6.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"ruby-libguestfs-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"seabios-1.11.1-3.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"seabios-bin-1.11.1-3.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"seavgabios-bin-1.11.1-3.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"sgabios-0.20170427git-2.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"sgabios-bin-0.20170427git-2.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"supermin-5.1.19-8.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"supermin-devel-5.1.19-8.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"virt-dib-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"virt-p2v-maker-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"virt-v2v-1.38.4-10.0.1.module+el8.0.0+5219+3c0c6858\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hivex / hivex-devel / libguestfs / libguestfs-bash-completion / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:58:34", "description": "An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree\nblob (CVE-2018-20815)\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "RHEL 8 : virt:rhel (RHSA-2019:1175) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2018-12126", "CVE-2019-3857", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-3856", "CVE-2019-3855", "CVE-2019-11091", "CVE-2018-12130"], "modified": "2019-05-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hivex", "p-cpe:/a:redhat:enterprise_linux:libiscsi", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:netcf-debugsource", "p-cpe:/a:redhat:enterprise_linux:virt-dib", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster", "p-cpe:/a:redhat:enterprise_linux:supermin-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit", "p-cpe:/a:redhat:enterprise_linux:lua-guestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:hivex-debugsource", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "p-cpe:/a:redhat:enterprise_linux:netcf-devel", "p-cpe:/a:redhat:enterprise_linux:python3-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3", "p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl", "p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource", "p-cpe:/a:redhat:enterprise_linux:libiscsi-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-hivex", "p-cpe:/a:redhat:enterprise_linux:seabios", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:hivex-devel", "p-cpe:/a:redhat:enterprise_linux:seavgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue", "p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent", "p-cpe:/a:redhat:enterprise_linux:python3-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus", "p-cpe:/a:redhat:enterprise_linux:python3-libvirt", "p-cpe:/a:redhat:enterprise_linux:nbdkit-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "p-cpe:/a:redhat:enterprise_linux:perl-hivex", "p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking", "p-cpe:/a:redhat:enterprise_linux:sgabios", "p-cpe:/a:redhat:enterprise_linux:sgabios-bin", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk", "p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:netcf-libs", "p-cpe:/a:redhat:enterprise_linux:supermin", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd", "p-cpe:/a:redhat:enterprise_linux:netcf", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins", "p-cpe:/a:redhat:enterprise_linux:supermin-debugsource", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:seabios-bin", "p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:libiscsi-utils", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-admin", "p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion", "p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk", "p-cpe:/a:redhat:enterprise_linux:libvirt-libs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport", "p-cpe:/a:redhat:enterprise_linux:SLOF", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs", "p-cpe:/a:redhat:enterprise_linux:virt-v2v", "p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons", "p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource", "p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel"], "id": "REDHAT-RHSA-2019-1175.NASL", "href": "https://www.tenable.com/plugins/nessus/125041", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1175. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125041);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-20815\", \"CVE-2019-11091\", \"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1175\");\n script_xref(name:\"IAVA\", value:\"2019-A-0166\");\n\n script_name(english:\"RHEL 8 : virt:rhel (RHSA-2019:1175) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the virt:rhel module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) offers a full virtualization\nsolution for Linux on numerous hardware platforms. The virt:rhel\nmodule contains packages which provide user-space components used to\nrun virtual machines using KVM. The packages also provide APIs for\nmanaging and interacting with the virtualized systems.\n\nSecurity Fix(es) :\n\n* A flaw was found in the implementation of the 'fill buffer', a\nmechanism used by modern CPUs when a cache-miss is made on L1 CPU\ncache. If an attacker can generate a load operation that would create\na page fault, the execution will continue speculatively with incorrect\ndata from the fill buffer while the data is fetched from higher level\ncaches. This response time can be measured to infer data in the fill\nbuffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level\nmicro-optimizations to improve the performance of writing data back to\nCPU caches. The write operation is split into STA (STore Address) and\nSTD (STore Data) sub-operations. These sub-operations allow the\nprocessor to hand-off address generation logic into these\nsub-operations for optimized writes. Both of these sub-operations\nwrite to a shared distributed processor structure called the\n'processor store buffer'. As a result, an unprivileged attacker could\nuse this flaw to read private data resident within the CPU's processor\nstore buffer. (CVE-2018-12126)\n\n* Microprocessors use a 'load port' subcomponent to perform load\noperations from memory or IO. During a load operation, the load port\nreceives data from the memory or IO subsystem and then provides the\ndata to the CPU registers and operations in the CPU's pipelines.\nStale load operations results are stored in the 'load port' table\nuntil overwritten by newer operations. Certain load-port operations\ntriggered by an attacker can be used to reveal data about previous\nstale requests leaking data back to the attacker via a timing\nside-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable\ninformation disclosure via a side channel with local access.\n(CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree\nblob (CVE-2018-20815)\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11091\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-dbus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Virt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virt-v2v\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt:' + module_ver);\n\nappstreams = {\n 'virt:rhel': [\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-bash-completion-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-inspect-icons-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-javadoc-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-ja-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-man-pages-uk-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-1.38.4-10.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'s390x', 'release':'8'},\n {'reference':'libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-bash-completion-1.4.2-4.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-gluster-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'aarch64', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'s390x', 'release':'8', 'epoch':'15'},\n {'reference':'qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2', 'cpu':'x86_64', 'release':'8', 'epoch':'15'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'seabios-1.11.1-3.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'seabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'seavgabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'sgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'sgabios-bin-0.20170427git-2.module+el8.0.0+3075+09be6b65', 'release':'8', 'epoch':'1'},\n {'reference':'SLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8'},\n {'reference':'supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-p2v-maker-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'virt-v2v-1.38.4-10.module+el8.0.0+3075+09be6b65', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt:rhel');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SLOF / hivex / hivex-debugsource / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:19:14", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "RHEL 7 : libssh2 (RHSA-2019:2399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libssh2-docs", "p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:libssh2-devel"], "id": "REDHAT-RHSA-2019-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/127716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2399. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127716);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:2399\");\n\n script_name(english:\"RHEL 7 : libssh2 (RHSA-2019:2399)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2399\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-debuginfo-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-debuginfo-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-devel-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-devel-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"libssh2-docs-1.4.3-11.el7_3.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:29:51", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-02T00:00:00", "title": "CentOS 7 : libssh2 (CESA-2019:0679)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libssh2", "p-cpe:/a:centos:centos:libssh2-docs", "p-cpe:/a:centos:centos:libssh2-devel"], "id": "CENTOS_RHSA-2019-0679.NASL", "href": "https://www.tenable.com/plugins/nessus/123560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0679 and \n# CentOS Errata and Security Advisory 2019:0679 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123560);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:0679\");\n\n script_name(english:\"CentOS 7 : libssh2 (CESA-2019:0679)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-April/023259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c85ae041\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssh2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-1.4.3-12.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-devel-1.4.3-12.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-docs-1.4.3-12.el7_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:04:36", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0169_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/127458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0169. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127458);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n script_bugtraq_id(107485);\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0169\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libssh2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"libssh2-1.4.2-3.el6_10.1\",\n \"libssh2-debuginfo-1.4.2-3.el6_10.1\",\n \"libssh2-devel-1.4.2-3.el6_10.1\",\n \"libssh2-docs-1.4.2-3.el6_10.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:18:42", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux\n7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-17T00:00:00", "title": "RHEL 7 : libssh2 (RHSA-2019:1791)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libssh2-docs", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libssh2-devel"], "id": "REDHAT-RHSA-2019-1791.NASL", "href": "https://www.tenable.com/plugins/nessus/126759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1791. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126759);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1791\");\n\n script_name(english:\"RHEL 7 : libssh2 (RHSA-2019:1791)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux\n7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1791\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-debuginfo-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-devel-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-docs-1.4.3-11.el7_5.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:20:20", "description": "An integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\n\nAn integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "Amazon Linux AMI : libssh2 (ALAS-2019-1254)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libssh2", "p-cpe:/a:amazon:linux:libssh2-docs", "p-cpe:/a:amazon:linux:libssh2-devel", "p-cpe:/a:amazon:linux:libssh2-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/127810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1254.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127810);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"ALAS\", value:\"2019-1254\");\n\n script_name(english:\"Amazon Linux AMI : libssh2 (ALAS-2019-1254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\n\nAn integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1254.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libssh2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-debuginfo-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-devel-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-docs-1.4.2-3.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:46:16", "description": "From Red Hat Security Advisory 2019:1652 :\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-03T00:00:00", "title": "Oracle Linux 6 : libssh2 (ELSA-2019-1652)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libssh2", "p-cpe:/a:oracle:linux:libssh2-docs", "p-cpe:/a:oracle:linux:libssh2-devel"], "id": "ORACLELINUX_ELSA-2019-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/126451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1652 and \n# Oracle Linux Security Advisory ELSA-2019-1652 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126451);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1652\");\n\n script_name(english:\"Oracle Linux 6 : libssh2 (ELSA-2019-1652)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1652 :\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008872.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssh2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-1.4.2-3.0.1.el6_10.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-devel-1.4.2-3.0.1.el6_10.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-docs-1.4.2-3.0.1.el6_10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:16:57", "description": "An integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nA vulnerability was found in in libssh2 where a server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-26T00:00:00", "title": "Amazon Linux 2 : libssh2 (ALAS-2019-1199)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libssh2", "p-cpe:/a:amazon:linux:libssh2-docs", "p-cpe:/a:amazon:linux:libssh2-devel", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:libssh2-debuginfo"], "id": "AL2_ALAS-2019-1199.NASL", "href": "https://www.tenable.com/plugins/nessus/124305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1199.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124305);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/22\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"ALAS\", value:\"2019-1199\");\n\n script_name(english:\"Amazon Linux 2 : libssh2 (ALAS-2019-1199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nA vulnerability was found in in libssh2 where a server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1199.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libssh2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-debuginfo-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-devel-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-docs-1.4.3-12.amzn2.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:04:50", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way packets are read from the server. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 before 1.8.1 in\n the way keyboard prompt requests are parsed. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way SSH_MSG_CHANNEL_REQUEST packets with an exit\n signal are parsed. A remote attacker who compromises a\n SSH server may be able to execute code on the client\n system when a user connects to the server.\n (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-11T00:00:00", "title": "NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-09-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0179_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/128705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0179. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128705);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n script_bugtraq_id(107485);\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way packets are read from the server. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 before 1.8.1 in\n the way keyboard prompt requests are parsed. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way SSH_MSG_CHANNEL_REQUEST packets with an exit\n signal are parsed. A remote attacker who compromises a\n SSH server may be able to execute code on the client\n system when a user connects to the server.\n (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0179\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libssh2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"libssh2-1.4.2-3.el6_10.1\",\n \"libssh2-debuginfo-1.4.2-3.el6_10.1\",\n \"libssh2-devel-1.4.2-3.el6_10.1\",\n \"libssh2-docs-1.4.2-3.el6_10.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784685 (BIG-IP), ID 786089 (BIG-IQ), ID 787421 (F5 iWorkflow), ID 787397 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability and understanding of any potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-05-16T01:28:00", "id": "F5:K80159635", "href": "https://support.f5.com/csp/article/K80159635", "title": "Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784677 (BIG-IP), ID 785913 (BIG-IQ), ID 787429 (F5 iWorkflow), ID 787373 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploiting this vulnerability between guests in a multi-tenant vCMP environment, ensure that you allocate each guest a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:33:00", "published": "2019-05-16T00:33:00", "id": "F5:K52370164", "href": "https://support.f5.com/csp/article/K52370164", "title": "Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784689 (BIG-IP), ID 786105 (BIG-IQ), ID 787417 (F5 iWorkflow), ID 787401 (Enterprise Manager), and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)[.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.8](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently, F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance and stability, and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K97035296: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127](<https://support.f5.com/csp/article/K97035296>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-19T00:12:00", "published": "2019-05-16T01:42:00", "id": "F5:K34303485", "href": "https://support.f5.com/csp/article/K34303485", "title": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "\nF5 Product Development is evaluating this vulnerability. F5 Product Development has assigned ID 784681 (BIG-IP), ID 785937 (BIG-IQ), ID 787425 (F5 iWorkflow), ID 787377 (Enterprise Manager) and JIRA IDs CPF-25088 and CPF-25089 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | None2 | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IP 10xx0 series\n * BIG-IP 12xx0 series\n * VIPRION B2250\n * VIPRION B4400N\n * BIG-IP i2x00 series\n * BIG-IP i4x00 series\n * BIG-IP i5x00 series\n * BIG-IP i7x00 series\n * BIG-IP i10x00 series\n * BIG-IP i11x00 series\n * BIG-IP i15x00 series \n14.x | 14.0.0 - 14.1.0 | None2 \n13.x | 13.0.0 - 13.1.1 | None2 \n12.x | 12.0.0 - 12.1.4 | None2 \n11.x | 11.6.0 - 11.6.4 | None2 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * Enterprise Manager 4000 \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU / Linux Kernel on the following platforms: \n\n * BIG-IQ 7000 \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>) | Intel CPU (see [affected CPUs](<https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf>)) \nLinux Kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Updated Microcode has been made available from Intel. F5 does not plan to release an official fix for this issue that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation seen when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10% to over 50% performance degradation for many workloads.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nThe MDS vulnerabilities require that an attacker can provide and run binary code on the BIG-IP platform. Only users with Administrator, Resource Administrator, Manager, and iRules Manager privileges are able to exploit the MDS vulnerability. F5 recommends that you restrict these roles to trusted users.\n\nExploiting this vulnerability requires two processes to share the same L1 and L2 cache. To prevent exploitation of this vulnerability between guests in a multi-tenant vCMP environment, ensure that each guest is allocated a minimum of two cores.\n\nTo completely mitigate MDS requires an Intel microcode update and associated Linux kernel patches. If a kernel and microcode update is unavailable, the only way to completely mitigate the MDS vulnerability is to disable SMT. This action will cause performance degradation in most workloads. F5 recommends customers evaluate if mitigation is required in their environment, taking into account the performance impact. Currently F5 is working on an integration strategy for full mitigation by conducting an extensive test campaign to characterize the impact of the fixes on system performance stability and understanding potential issues. F5 will update this article with details of the fixes as they become available.\n\nMitigation is not required if user space applications are from a trusted source and do not execute untrusted code that is supplied externally.\n\n * [K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory](<https://support.f5.com/csp/article/K41283800>) \n * [K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126](<https://support.f5.com/csp/article/K52370164>)\n * [K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130](<https://support.f5.com/csp/article/K80159635>)\n * [K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091](<https://support.f5.com/csp/article/K34303485>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-06-18T23:48:00", "published": "2019-05-16T01:14:00", "id": "F5:K97035296", "href": "https://support.f5.com/csp/article/K97035296", "title": "Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2018-12126", "CVE-2018-11091", "CVE-2019-3857", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-3856", "CVE-2019-3855", "CVE-2019-11091", "CVE-2018-12130"], "description": "libguestfs\n[1:1.38.4-10.0.1]\n- Config supermin to use host yum.conf in ol8 [Orabug: 29319324]\n- Set DISTRO_ORACLE_LINUX correspeonding to ol\n[1:1.38.4-10.1]\n- Fix inspection of partition-less devices\n resolves: rhbz#1714747\nlibssh2\n[1.8.0-7.el8_0.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\nlibvirt\n[4.5.0-23.1.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-23.1.el8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- qemu: Don't cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\nqemu-kvm\n[2.12.0-64.el8.0.0.2]\n- Bump release version to fix the versioning problem (zstream release lower than ystream).\n- Resolves: bz#1704545\n (CVE-2018-12126 virt:rhel/qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-8.0.0.z])", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1175", "href": "http://linux.oracle.com/errata/ELSA-2019-1175.html", "title": "virt:rhel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "[1.4.3-12.el7_6.2]\n- sanitize public header file (detected by rpmdiff)\n[1.4.3-12.el7_6.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)", "edition": 3, "modified": "2019-03-28T00:00:00", "published": "2019-03-28T00:00:00", "id": "ELSA-2019-0679", "href": "http://linux.oracle.com/errata/ELSA-2019-0679.html", "title": "libssh2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-01T20:44:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[0.12.1.2-2.506.el6_10.3]\n- kvm-target-i386-define-md-clear-bit.patch [bz#1698996]\n- Resolves: bz#1698996\n (CVE-2018-12130 qemu-kvm: hardware: MFBDS)", "edition": 2, "modified": "2019-05-14T00:00:00", "published": "2019-05-14T00:00:00", "id": "ELSA-2019-1181", "href": "http://linux.oracle.com/errata/ELSA-2019-1181.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-22T17:06:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "[4.18.0-80.1.2_0.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-80.1.2_0]\n- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\nfile (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}\n[4.18.0-80.1.1_0]\n- [zstream] switch to zstream (Frantisek Hrbata)", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1167", "href": "http://linux.oracle.com/errata/ELSA-2019-1167.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2020-10-03T13:20:19", "description": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-31T22:29:00", "title": "CVE-2018-20815", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20815"], "modified": "2019-07-02T23:15:00", "cpe": ["cpe:/a:qemu:qemu:3.1.0"], "id": "CVE-2018-20815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20815", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:3.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:52", "description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-25T19:29:00", "title": "CVE-2019-3857", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3857"], "modified": "2020-10-15T13:43:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:libssh2:libssh2:1.8.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:28", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-3857", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3857", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2:libssh2:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:52", "description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-25T19:29:00", "title": "CVE-2019-3856", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3856"], "modified": "2020-10-15T13:43:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:28", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-3856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3856", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:52", "description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "edition": 14, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-21T21:29:00", "title": "CVE-2019-3855", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3855"], "modified": "2020-10-15T13:42:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:28", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-3855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3855", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:52", "description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-25T18:29:00", "title": "CVE-2019-3863", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3863"], "modified": "2019-05-14T21:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2019-3863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3863", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12130", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12130"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12130", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12126", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_store_buffer_data_sampling_firmware:-"], "id": "CVE-2018-12126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12126", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_store_buffer_data_sampling_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:39", "description": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 21, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2019-11091", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11091"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-", "cpe:/o:fedoraproject:fedora:29"], "id": "CVE-2019-11091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11091", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:11", "description": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "edition": 20, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-05-30T16:29:00", "title": "CVE-2018-12127", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12127"], "modified": "2019-06-11T16:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "cpe:/o:intel:microarchitectural_load_port_data_sampling_firmware:-"], "id": "CVE-2018-12127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12127", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:intel:microarchitectural_load_port_data_sampling_firmware:-:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-07-05T18:46:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the ", "modified": "2019-07-04T00:00:00", "published": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310883078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883078", "type": "openvas", "title": "CentOS Update for libssh2 CESA-2019:1652 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883078\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-04 02:00:43 +0000 (Thu, 04 Jul 2019)\");\n script_name(\"CentOS Update for libssh2 CESA-2019:1652 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1652\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-July/023349.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2'\n package(s) announced via the CESA-2019:1652 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n * libssh2: Integer overflow in transport read resulting in out of bounds\nwrite (CVE-2019-3855)\n\n * libssh2: Integer overflow in keyboard interactive handling resulting in\nout of bounds write (CVE-2019-3856)\n\n * libssh2: Integer overflow in SSH packet processing channel resulting in\nout of bounds write (CVE-2019-3857)\n\n * libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-docs\", rpm:\"libssh2-docs~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191362", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1362)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1362\");\n script_version(\"2020-01-23T11:40:27+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:40:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:40:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1362)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1362\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1362\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1362 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the ", "modified": "2019-04-26T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310883028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883028", "type": "openvas", "title": "CentOS Update for libssh2 CESA-2019:0679 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883028\");\n script_version(\"2019-04-26T08:24:31+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:38:52 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"CentOS Update for libssh2 CESA-2019:0679 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0679\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023259.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2'\n package(s) announced via the CESA-2019:0679 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n * libssh2: Integer overflow in transport read resulting in out of bounds\nwrite (CVE-2019-3855)\n\n * libssh2: Integer overflow in keyboard interactive handling resulting in\nout of bounds write (CVE-2019-3856)\n\n * libssh2: Integer overflow in SSH packet processing channel resulting in\nout of bounds write (CVE-2019-3857)\n\n * libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-docs\", rpm:\"libssh2-docs~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:47:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310852509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852509", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2019:1419-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852509\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-20815\",\n \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-21 02:01:17 +0000 (Tue, 21 May 2019)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2019:1419-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1419-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2019:1419-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionally\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the 'mds' commandline option, see the\n documentation.\n\n Security issue fixed:\n\n - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree\n blob (bsc#1130680)\n\n Other fixes:\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1419=1\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.4_04~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2016-0787", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191393", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1393)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1393\");\n script_version(\"2020-01-23T11:41:41+0000\");\n script_cve_id(\"CVE-2016-0787\", \"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1393)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1393\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1393\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1393 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.(CVE-2016-0787)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h3\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-05T01:41:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-15T00:00:00", "id": "OPENVAS:1361412562310844011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844011", "type": "openvas", "title": "Ubuntu Update for intel-microcode USN-3977-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844011\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:18 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for intel-microcode USN-3977-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3977-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3977-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the USN-3977-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876368", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2019-f910d35647", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876368\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:12:12 +0000 (Fri, 17 May 2019)\");\n script_name(\"Fedora Update for libvirt FEDORA-2019-f910d35647\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f910d35647\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA5T2KLIYRYX4XMARLFBPB45B2INDALL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the FEDORA-2019-f910d35647 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libvirt is a C toolkit to interact with the virtualization capabilities\nof recent versions of Linux (and other OSes). The main package includes\nthe libvirtd server exporting the virtualization support.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~5.1.0~5.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-29T19:29:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310891789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891789", "type": "openvas", "title": "Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891789\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:09 +0000 (Fri, 17 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for intel-microcode (DLA-1789-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1789-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/929007\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'intel-microcode'\n package(s) announced via the DLA-1789-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update ships updated CPU microcode for most types of Intel CPUs. It\nprovides microcode support to implement mitigations for the MSBDS,\nMFBDS, MLPDS and MDSUM hardware vulnerabilities.\n\nTo fully resolve these vulnerabilities it is also necessary to update\nthe Linux kernel packages. Please refer to DLA-1787-1 for the Linux\nkernel updates required to mitigate these hardware vulnerabilities on\nIntel processors.\");\n\n script_tag(name:\"affected\", value:\"'intel-microcode' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.20190514.1~deb8u1 of the intel-microcode package, and also by the\nLinux kernel package updates described in DLA-1787-1.\n\nWe recommend that you upgrade your intel-microcode packages, and Linux\nkernel packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"intel-microcode\", ver:\"3.20190514.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:29:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852940", "type": "openvas", "title": "openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1806-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852940\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:46:46 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for ucode-intel (openSUSE-SU-2019:1806-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1806-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ucode-intel'\n package(s) announced via the openSUSE-SU-2019:1806-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ucode-intel fixes the following issues:\n\n This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the CPU Microcode adjustments for the software\n mitigations.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1806=1\");\n\n script_tag(name:\"affected\", value:\"'ucode-intel' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ucode-intel\", rpm:\"ucode-intel~20190618~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-05T01:41:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2019-06-04T00:00:00", "published": "2019-05-16T00:00:00", "id": "OPENVAS:1361412562310883053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883053", "type": "openvas", "title": "CentOS Update for libvirt CESA-2019:1180 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883053\");\n script_version(\"2019-06-04T06:44:21+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-04 06:44:21 +0000 (Tue, 04 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:00:57 +0000 (Thu, 16 May 2019)\");\n script_name(\"CentOS Update for libvirt CESA-2019:1180 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1180\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-May/023308.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the CESA-2019:1180 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems.\n\nSecurity Fix(es):\n\n * A flaw was found in the implementation of the 'fill buffer', a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n * Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes.\nBoth of these sub-operations write to a shared distributed processor\nstructure called the 'processor store buffer'. As a result, an unprivileged\nattacker could use this flaw to read private data resident within the CPU's\nprocessor store buffer. (CVE-2018-12126)\n\n * Microprocessors use a load port subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPUs pipelines. Stale load operations\nresults are stored in the 'load port' table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n * Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-lock-sanlock\", rpm:\"libvirt-lock-sanlock~0.10.2~64.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-30T12:51:33", "published": "2019-07-30T12:22:47", "id": "RHSA-2019:1943", "href": "https://access.redhat.com/errata/RHSA-2019:1943", "type": "redhat", "title": "(RHSA-2019:1943) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-02T14:59:59", "published": "2019-07-02T14:35:51", "id": "RHSA-2019:1652", "href": "https://access.redhat.com/errata/RHSA-2019:1652", "type": "redhat", "title": "(RHSA-2019:1652) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-16T16:12:49", "published": "2019-07-16T15:50:39", "id": "RHSA-2019:1791", "href": "https://access.redhat.com/errata/RHSA-2019:1791", "type": "redhat", "title": "(RHSA-2019:1791) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-08-07T15:23:41", "published": "2019-08-07T15:03:42", "id": "RHSA-2019:2399", "href": "https://access.redhat.com/errata/RHSA-2019:2399", "type": "redhat", "title": "(RHSA-2019:2399) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-03-28T18:44:05", "published": "2019-03-28T16:52:01", "id": "RHSA-2019:0679", "href": "https://access.redhat.com/errata/RHSA-2019:0679", "type": "redhat", "title": "(RHSA-2019:0679) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-14T08:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-08-14T11:34:34", "published": "2019-05-15T00:13:19", "id": "RHSA-2019:1187", "href": "https://access.redhat.com/errata/RHSA-2019:1187", "type": "redhat", "title": "(RHSA-2019:1187) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T01:02:56", "published": "2019-05-15T00:37:52", "id": "RHSA-2019:1203", "href": "https://access.redhat.com/errata/RHSA-2019:1203", "type": "redhat", "title": "(RHSA-2019:1203) Important: vdsm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:32:19", "published": "2019-05-15T00:13:36", "id": "RHSA-2019:1188", "href": "https://access.redhat.com/errata/RHSA-2019:1188", "type": "redhat", "title": "(RHSA-2019:1188) Important: qemu-kvm security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-15T00:32:15", "published": "2019-05-15T00:13:13", "id": "RHSA-2019:1197", "href": "https://access.redhat.com/errata/RHSA-2019:1197", "type": "redhat", "title": "(RHSA-2019:1197) Important: libvirt security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "centos": [{"lastseen": "2020-12-08T03:39:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1652\n\n\nThe libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-July/035387.html\n\n**Affected packages:**\nlibssh2\nlibssh2-devel\nlibssh2-docs\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-07-03T17:00:57", "published": "2019-07-03T17:00:57", "id": "CESA-2019:1652", "href": "http://lists.centos.org/pipermail/centos-announce/2019-July/035387.html", "title": "libssh2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:38:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0679\n\n\nThe libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035297.html\n\n**Affected packages:**\nlibssh2\nlibssh2-devel\nlibssh2-docs\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-04-01T19:09:06", "published": "2019-04-01T19:09:06", "id": "CESA-2019:0679", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035297.html", "title": "libssh2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1181\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-May/035345.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-05-15T15:40:19", "published": "2019-05-15T15:40:19", "id": "CESA-2019:1181", "href": "http://lists.centos.org/pipermail/centos-announce/2019-May/035345.html", "title": "qemu security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**Issue Overview:**\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3855 __](<https://access.redhat.com/security/cve/CVE-2019-3855>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3857 __](<https://access.redhat.com/security/cve/CVE-2019-3857>))\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3856 __](<https://access.redhat.com/security/cve/CVE-2019-3856>))\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.([CVE-2019-3863 __](<https://access.redhat.com/security/cve/CVE-2019-3863>))\n\n \n**Affected Packages:** \n\n\nlibssh2\n\n \n**Issue Correction:** \nRun _yum update libssh2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n libssh2-1.4.2-3.12.amzn1.i686 \n libssh2-debuginfo-1.4.2-3.12.amzn1.i686 \n libssh2-devel-1.4.2-3.12.amzn1.i686 \n libssh2-docs-1.4.2-3.12.amzn1.i686 \n \n src: \n libssh2-1.4.2-3.12.amzn1.src \n \n x86_64: \n libssh2-devel-1.4.2-3.12.amzn1.x86_64 \n libssh2-docs-1.4.2-3.12.amzn1.x86_64 \n libssh2-1.4.2-3.12.amzn1.x86_64 \n libssh2-debuginfo-1.4.2-3.12.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-08-12T18:05:00", "published": "2019-08-12T18:05:00", "id": "ALAS-2019-1254", "href": "https://alas.aws.amazon.com/ALAS-2019-1254.html", "title": "Important: libssh2", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**Issue Overview:**\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3856 __](<https://access.redhat.com/security/cve/CVE-2019-3856>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3855 __](<https://access.redhat.com/security/cve/CVE-2019-3855>))\n\nA vulnerability was found in in libssh2 where a server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.([CVE-2019-3863 __](<https://access.redhat.com/security/cve/CVE-2019-3863>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3857 __](<https://access.redhat.com/security/cve/CVE-2019-3857>))\n\n \n**Affected Packages:** \n\n\nlibssh2\n\n \n**Issue Correction:** \nRun _yum update libssh2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n libssh2-1.4.3-12.amzn2.2.aarch64 \n libssh2-devel-1.4.3-12.amzn2.2.aarch64 \n libssh2-debuginfo-1.4.3-12.amzn2.2.aarch64 \n \n i686: \n libssh2-1.4.3-12.amzn2.2.i686 \n libssh2-devel-1.4.3-12.amzn2.2.i686 \n libssh2-debuginfo-1.4.3-12.amzn2.2.i686 \n \n noarch: \n libssh2-docs-1.4.3-12.amzn2.2.noarch \n \n src: \n libssh2-1.4.3-12.amzn2.2.src \n \n x86_64: \n libssh2-1.4.3-12.amzn2.2.x86_64 \n libssh2-devel-1.4.3-12.amzn2.2.x86_64 \n libssh2-debuginfo-1.4.3-12.amzn2.2.x86_64 \n \n \n", "edition": 1, "modified": "2019-04-25T16:44:00", "published": "2019-04-25T16:44:00", "id": "ALAS2-2019-1199", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1199.html", "title": "Important: libssh2", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-05-20T22:30:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-11091", "CVE-2018-12130"], "description": "This update for xen fixes the following issues:\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n These updates contain the XEN Hypervisor adjustments, that additionaly\n also use CPU Microcode updates.\n\n The mitigation can be controlled via the "mds" commandline option, see the\n documentation.\n\n For more information on this set of vulnerabilities, check out\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc/?id=7023736\">https://www.suse.com/support/kb/doc/?id=7023736</a>\n\n Security issue fixed:\n\n - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree\n blob (bsc#1130680)\n\n Other fixes:\n\n - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime.\n\n The included README has details about the impact of this change\n (bsc#1120095)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-05-20T21:12:05", "published": "2019-05-20T21:12:05", "id": "OPENSUSE-SU-2019:1419-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:41:05", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4503273, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span>Customers who have applied KB4489887 or later Monthly Rollup Packages </span></span><span>to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The \u201cbuild number\u201d component of the version string increases by 1, and the revision number decreases by approximately 4000 numbers. To find out more about this change please refer to the following <a data-content-id=\"4495374\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</span></span></span></p></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4499184\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4499184</a> (released May 23, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 64-Bit (x64) versions of Windows (<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\">CVE-2019-11091</a>,<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"YAe7iTID7gTAlEI+1QT/6qfMZcY7LB8fxMjCpx/tjHfdrwOsTscfgbdd4vYMm9PR+uhB6N22KdlFpmkhY0MzoeeYx4NDcvIfRhTSm0Xg5Ar15yMNpRLiyq9ER21bIsups77tJIXh169s5/iEFu3K7zLLOiPi8/VfQeyP2qcg3As=\" target=\"_blank\"> CVE-2018-12126</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12127</a>, <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/{lang-locale}/security-guidance/advisory/adv190013\" managed-link=\"\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"E4IX6mlyH5NLx24b7VuUahrq9c7NkXBibJnG5QpRn/HZKzz5UIdWB9MqMYep129QrYa0uQClNjDeAwm+l3B75yPmvED8K2cvvnKh5uf7sNmfHjP2e4YRb9r6x5ErNCYfWt1jnXOuZ2FrmRQkAy+Ll/3cPkNmhAkY8t8U8OV/Bw4=\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/{lang-locale}/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" originalsrc=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" shash=\"cgZ6fxMrQXl5WDKOS9UeiMKo1aOk6N/CLx43s1XLy1TzMAWUeHnq1Kp14OPeyoPe8tRI/5Zhihlc3cV7XL/RZpnWOskkEJcBmZvtkjnvqvPYNC3uJiWgsi/SzHvsx6mI8RcVh69zn+MmkO9QFVvOdgVHRRg2gjP90PvPeesgDM8=\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are disabled by default for Windows Server OS editions).</li><li>Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Shell, Windows Server, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Kernel, Internet Information Services, Windows Server, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>When trying to expand, view, or create <strong>Custom Views </strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using <strong>Filter Current Log </strong>in the <strong>Action </strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</td><td><p>This issue is resolved in <a data-content-id=\"4503271\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4503271</a>.</p></td></tr><tr><td>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing this update on a WDS server.</td><td><p>This issue is resolved in <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499</a>.</p></td></tr></tbody></table><p>\u00a0</p><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4493730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493730</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4503273\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/A/A/D/AADEFFA5-FD28-4AC4-93C6-3A28586CA88D/4503273.csv\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">file information for update 4503273</a>.\u00a0</p></div></body></html>", "edition": 15, "modified": "2019-08-19T19:05:56", "id": "KB4503273", "href": "https://support.microsoft.com/en-us/help/4503273/", "published": "2019-06-11T00:00:00", "title": "June 11, 2019\u2014KB4503273 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-01T22:49:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "<html><body><p>Learn more about update KB4516026, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4512499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4512499 </a>(released August 17, 2019) and addresses the following issues:</p><ul><li>Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as <em>Microarchitectural Data Sampling</em>, for 32-Bit (x86) versions of Windows (<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2019-11091</a>,<a href=\"https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0\" originalsrc=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" shash=\"Xm4A/Wgq+XEh8/Sr2rWe5hGvy4o7OkQbvI38Vw+JFCfCqDqaXdECRhV2hIKvUA0kN0VrgVDiatHukI2MAjcgn4nfAAaOfShSAe0w/3YMN7ZWDzEGxsoYyr6XUoPZ29GnqW2jqTVTOmAmXKLUay1GNH66Uz/7jsGuFIzyg9Q+3K0=\" target=\"_blank\"> </a><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12126</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12127</a>, <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013\" managed-link=\"\" target=\"_blank\">CVE-2018-12130</a>). Use the registry settings as described in the\u00a0<a href=\"https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\" managed-link=\"\" target=\"_blank\">Windows Server</a>\u00a0article<em>. </em>(These registry settings are enabled by default for Windows Server OS editions.)</li><li>Security updates to Windows App Platform and Frameworks, Windows Kernel, Windows Input and Composition, Windows Media, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, and Windows Server .</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is not currently aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4517134\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4517134</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516026\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>:\u00a0\u00a0Windows Server 2008 Service Pack 2</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/2/f/1/2f1cc47c-8ab0-4af3-b77f-f67be122b683/4516026.csv\" managed-link=\"\" target=\"_blank\">file information for update 4516026</a>.</p><p>\u00a0</p><p>\u00a0</p></body></html>", "edition": 17, "modified": "2019-10-01T19:26:49", "id": "KB4516026", "href": "https://support.microsoft.com/en-us/help/4516026/", "published": "2019-09-10T00:00:00", "title": "September 10, 2019\u2014KB4516026 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-15T01:44:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 4, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3984-1", "href": "https://ubuntu.com/security/notices/USN-3984-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-15T00:00:00", "published": "2019-05-15T00:00:00", "id": "USN-3983-2", "href": "https://ubuntu.com/security/notices/USN-3983-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-07-02T11:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan \nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, \nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss \ndiscovered that memory previously stored in microarchitectural fill buffers \nof an Intel CPU core may be exposed to a malicious process that is \nexecuting on the same CPU core. A local attacker could use this to expose \nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan \nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh \nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory \npreviously stored in microarchitectural load ports of an Intel CPU core may \nbe exposed to a malicious process that is executing on the same CPU core. A \nlocal attacker could use this to expose sensitive information. \n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel \nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel \nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory \npreviously stored in microarchitectural store buffers of an Intel CPU core \nmay be exposed to a malicious process that is executing on the same CPU \ncore. A local attacker could use this to expose sensitive information. \n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, \nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa \nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and \nCristiano Giuffrida discovered that uncacheable memory previously stored in \nmicroarchitectural buffers of an Intel CPU core may be exposed to a \nmalicious process that is executing on the same CPU core. A local attacker \ncould use this to expose sensitive information. (CVE-2019-11091)", "edition": 3, "modified": "2019-05-16T00:00:00", "published": "2019-05-16T00:00:00", "id": "USN-3985-2", "href": "https://ubuntu.com/security/notices/USN-3985-2", "title": "libvirt update", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2019-05-17T01:08:38", "published": "2019-05-17T01:08:38", "id": "FEDORA:CFE4360D22F6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: qemu-3.1.0-8.fc30", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "huawei": [{"lastseen": "2019-07-15T10:37:38", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "Products\n\nSwitches\nRouters\nWLAN\nStorage\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nIntelligent Computing\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nIndustry Cloud Enablement Service\nImprovement Service\nCustomer Support Service\nSee All\n\n\n\nPartner\n\nFind a Partner\nChannel Partner Program\nBecome a Partner\nOpenLab\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\nPre-Sale Resource Center\n\nGo to Full Support", "edition": 1, "modified": "2019-07-12T00:00:00", "published": "2019-07-12T00:00:00", "id": "HUAWEI-SA-20190712-01-MDS", "href": "https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-01-mds-en", "title": "Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities", "type": "huawei", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "hp": [{"lastseen": "2020-12-24T13:22:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "## Potential Security Impact\nInformation Disclosure\n\n**Source**: HP, HP Product Security Response Team (PSRT) \n\n**Reported By**: Intel \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL, and Fallout. See table below for further details.\n\nVulnerability\n\n| \n\nDescription\n\n| \n\nCVE \n \n---|---|--- \n \nFallout, RIDL\n\n| \n\nMicroarchitectural Store Buffer Data Sampling (MSBDS) \n\n| \n\nCVE-2018-12126 \n \nRIDL\n\n| \n\nMicroarchitectural Load Port Data Sampling (MLPDS)\n\n| \n\nCVE-2018-12127 \n \nZombieLoad, RIDL\n\n| \n\nMicroarchitectural Fill Buffer Data Sampling (MFBDS)\n\n| \n\nCVE-2018-12130 \n \nRIDL\n\n| \n\nMicroarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n| \n\nCVE-2019-11091\n\n## RESOLUTION\nBoth software updates and firmware updates are required. See the links below for more information regarding software updates.\n\nHypervisors could also be affected. Check with your hypervisor vendor for potential software patches.\n\nHP has identified the affected platforms and target dates for Softpaqs for firmware updates. See the affected platforms listed below. \n", "edition": 6, "modified": "2020-09-10T00:00:00", "published": "2019-05-14T00:00:00", "id": "HP:C06330149", "href": "https://support.hp.com/us-en/document/c06330149", "title": "HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates", "type": "hp", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-07-12T20:44:31", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "# \n\n## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n## Description\n\n[USN-3977-1](<https://usn.ubuntu.com/3977-1>) and [USN-3977-2](<https://usn.ubuntu.com/3977-2>) provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html>))\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html>))\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html>))\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. ([CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11091.html>))\n\nCVEs contained in this USN include: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.131\n * 3541.x versions prior to 3541.125\n * 3468.x versions prior to 3468.136\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.64\n * 250.x versions prior to 250.73\n * 170.x versions prior to 170.93\n * 97.x versions prior to 97.122\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.131\n * Upgrade 3541.x versions to 3541.125\n * Upgrade 3468.x versions to 3468.136\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.64\n * Upgrade 250.x versions to 250.73\n * Upgrade 170.x versions to 170.93\n * Upgrade 97.x versions to 97.122\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3977-3](<https://usn.ubuntu.com/3977-3>)\n * [CVE-2018-12126](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12126>)\n * [CVE-2018-12127](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12127>)\n * [CVE-2018-12130](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12130>)\n * [CVE-2019-11091](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11091>)\n", "edition": 1, "modified": "2019-07-12T00:00:00", "published": "2019-07-12T00:00:00", "id": "CFOUNDRY:B2E69F41B4038981C401E61FA93A1C88", "href": "https://www.cloudfoundry.org/blog/usn-3977-3/", "title": "USN-3977-3: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "xen": [{"lastseen": "2019-05-14T21:19:00", "bulletinFamily": "software", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-11091", "CVE-2018-12130"], "description": "#### ISSUE DESCRIPTION\nMicroarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of:\n * CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling * CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling * CVE-2018-12130 - MFBDS - Microarchitectural Fill Buffer Data Sampling * CVE-2019-11091 - MDSUM - Microarchitectural Data Sampling Uncacheable Memory\nThese issues pertain to the Load Ports, Store Buffers and Fill Buffers in the pipeline. The Load Ports are used to service all memory reads. The Store Buffers service all in-flight speculative writes (including IO Port writes), while the Fill Buffers service all memory writes which are post-retirement, and no longer speculative.\nUnder certain circumstances, a later load which takes a fault or assist (an internal condition to processor e.g. setting a pagetable Access or Dirty bit) may be forwarded stale data from these buffers during speculative execution, which may then be leaked via a sidechannel.\nMDSUM (Uncacheable Memory) is a special case of the other three. Previously, the use of uncacheable memory was believed to be safe against speculative sidechannels.\nFor more details, see: <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a>\n#### IMPACT\nAn attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes.\nThis can include data from:\n * A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attacker's execution.\nVulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads.\nAn attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nOnly x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\nOnly Intel based processors are potentially affected. Processors from other manufacturers (eg, AMD) are not believed to be vulnerable.\nPlease consult the Intel Security Advisory for details on the affected processors, and which are getting microcode updates.\n", "edition": 1, "modified": "2019-05-14T15:51:00", "published": "2019-05-14T15:51:00", "id": "XSA-297", "href": "http://xenbits.xen.org/xsa/advisory-297.html", "title": "Microarchitectural Data Sampling speculative side channel", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}]}
